In the Footsteps of Sherlock Holmes: Solving the Case of Advertising Fraud

[Man]

Imagine: you have launched an advertising campaign in Yandex.Direct. Everything is going smoothly, the advertising is running, the budget is being muddied, and the traffic is breaking all records. However, everything is not as it seems at first glance... You begin to suspect that something is wrong with the advertising: money is being spent, clicks are coming, but there is no conversion. What is this - clicking and waning?

In addition to the negative impact on finances, fraud can lead to the collection of false metrics on potential customers’ interactions with ads and the site. This can lead advertisers and marketers to make incorrect decisions and develop faulty strategies. This can damage the entire budget planned for marketing channels and promotions.

So, what to do and how to detect click fraud, bots and other scammers. Is it possible to block invalid clicks?

Contents
1. Advertising fraud technologies
1.1 Click farms
1.2. Clickbots
1.3. Clicking on competitors' ads
1.4. Forced redirects
1.5. Generating Fake Views
1.6. Pixelation
1.7. Motivated clicks
2. The Key to the Riddle: How to Understand That You Are Being Clicked
3. Solve the Case: Solving the Ad Fraud Problem
4. In conclusion

Advertising fraud technologies​

Fraud (or ad fraud) is when ads are shown not to real users, but to bots that click or view them. This is a global problem that affects all advertisers and marketers from companies of all sizes, large and small. The programmatic advertising sector is especially vulnerable.

According to the Botfaqtor service, every fifth click on an advertisement is fraudulent, and the fraud rate in Yandex Direct is about 23%.

The methods and technologies of attackers who attack advertising campaigns vary in the technologies used, methods, strategies, devices, attack levels, etc. For example, advertising fraud includes ad stacking, substitution of the digital fingerprint of the user's device, click farms, AI bots that can imitate human behavior, etc.

Click farms​

This is a real farm, only an office one and made up of people. Each working unit of the farm manages a dozen devices at once. Their task is to click on advertisements, boost likes on social networks, leave comments, subscribe, download applications, etc.

This is manual and cheap labor, for which residents of Central Asia are exploited. For example, in 2017, the Thai police uncovered such a click farm, the owners of which used about 350,000 SIM cards and several dozen other devices to commit fraudulent crimes.

Clickbots​

These are bots specially programmed to click on ads. They are used by scammers and part-time site owners who monetize their sites by placing ads.

They place ads on their websites and launch clickbots there. They systematically move through the pages and click on the ads in turn.

Often, websites are copies of some well-known resources. Such "fakes" make it possible to inflate the cost of a click. The advertiser may simply not notice the difference in the domain name or not pay attention. As a result, he will be forced to pay for fake clicks at an inflated rate.

The Botfaqtor service has identified five types of bots: primitive, simple, regular, advanced, and complex. Each type is characterized by a certain set of functions and capabilities. For example, simple bots can replace browser parameters, unlike primitive ones, and advanced ones can imitate the behavior of real users.

Clicking on competitors' ads​

One of the most common types of click fraud. Competing parties are ready to click on search ads in order to spend the daily budget of the opposing company and take the desired advertising space at a lower cost.

Forced redirects​

Attackers can have dozens of sites where they place paid advertising. When a user or bot clicks on an ad, they are redirected not immediately to the target site, but through a dozen other sites with advertising.

Fraudsters can also use technology in which their sites with advertising will open in background tabs of the user's browser. In principle, redirects in advertising click fraud can be executed through links, pop-ups or pages overloaded with media advertising.

For example, a user goes from organic search to a site. When scrolling down the page, a pop-up window with an ad appears. The user clicks the "Close" button (cross), but instead of closing, the browser automatically opens multiple tabs with third-party resources.

Generating fake views​

Bots or random users view ads, thus artificially increasing the number of views. Ads do not reach the target audience, and advertisers pay for false statistics.

To do this, fraudsters use forced redirects, infect CTV devices with malware, manipulate views through bots and performers from PTCs, and place advertisements outside the user's visibility zone, for example, through pixelation.

Pixelation​

Fraudulent publishers place advertisements not in full size, but in a 1x1 pixel square. The page can be "stuffed" with such advertisements and users will not even notice them. As a rule, attackers can place advertisements outside the user's visibility zone.

Motivated clicks​

Motivated clicks are made by performers who are found on specialized exchanges and buxes. This method can be used by competitors, dishonest marketers, partners and scammers.

Clickers are given a task, for example, to watch certain videos (along with advertising) or search for advertisements on a search engine by a list of keywords and click on the required domains.

The Key to the Riddle: How to Understand That You're Being Clicked​

Click fraud and other fraudulent and malicious ad interactions are a major concern for advertisers and marketers because they often go undetected. According to estimates by US-based Juniper Research, digital ad fraud will cost a whopping $172 billion worldwide by 2028.

That is why it is important to monitor advertising traffic, check advertising campaigns for quality, optimize them, analyze sources and donor sites. You can turn to various auxiliary services that can simplify the analysis.

It is important to remember that ads can be clicked. Bots have a strong impact on statistics, but they are not easy to detect, as fraudsters use various methods and technologies to deceive advertisers.

Fraudsters often take advantage of the fact that programmatic advertising is a complex ecosystem and often lacks transparency, which is why they remain undetected.

To analyze traffic quality, pay attention to the following indicators and parameters:

• First, you need to monitor your ad traffic. If you see strange or irrelevant traffic sources, a surge in traffic from little-known sites, or low engagement from users clicking on ads, then you are most likely experiencing click fraud.
• Don't forget to analyze why there was a surge in clicks. Make sure it is not related to the placement of news or articles in the media and other thematic resources.
• Click-through rate (CTR) can also show whether your ad is being fraudulently used or not. An abnormally high CTR may make you think that your ad campaign is working quite effectively, but if it has grown suspiciously high, then you are most likely a victim of click bots or click fraud.
• Also, when analyzing clicks on ads, you should pay attention to the following parameters: low conversion rate, minimal time spent by the user on the site after clicking on the ad, abnormal user behavior (for example, unrealistic session duration or repetitive actions).
• It is important to recognize other patterns of bot traffic, such as identical durations of several dozen sessions in a row, or identical mouse movements and sequences of actions. Such behavior may indicate that bots are interacting with the ad and the site.

The functionality of bots is extensive, as are the technologies used by attackers. That is why you should closely monitor the data of your advertising campaigns and note any abnormal changes.

Solve the Case: Solving the Ad Fraud Problem​

Unfortunately, it is impossible to get rid of bot attacks on advertising once and for all. Even if you have detected signs of click fraud yourself and excluded some low-quality traffic sources, this will not completely protect your advertising from fraudsters. Fraudsters are developing technologies and improving their click fraud methods.

What to do then? The most effective way is to connect a special solution for cyber protection. One of these is the domestic service Botfaqtor.

At the moment, the service has developed six tools to protect websites and advertising from bot attacks, competitors and clickers, as well as to optimize advertising campaigns:

• Protection from click fraud Yandex Direct
• Google Ads Click Protection
• Anti-click protection VK Advertising
• Antibot for a website — protection of resources from bot attacks, DDoS, generation of fake leads, orders, etc.
• Smart captcha — protection of forms, fields and buttons from bots (the AI algorithm protects against captcha solving by performers from exchanges, since it is shown only to bots).
• Hard Target - Disabling devices, browsers and OS with low conversion

The service algorithm analyzes each visit based on >100 technical and behavioral parameters, uses machine learning and artificial intelligence technologies to detect bots, and exposes low-quality sites.

The Botfaqtor service has been operating since 2017. During this time, our clients have been able to check over 1.1 billion visits, block 280 million bots, and protect 15 thousand websites. Here are our cases on protecting advertising from click fraud. For example, for a client in the "Car dealer" category with a monthly budget of up to 10 million rubles, we save up to 2 million rubles using the "Yandex Direct Click Fraud Protection" tool.

In conclusion​

Ad fraud is here to stay; its technology will improve and its methods will become more sophisticated. To ensure the quality of your ad clicks, to know whether your ads are reaching the target audience and not bots, you need to remain vigilant. Be aware of fraudulent activities that can drain your advertising budget and undermine all marketing strategies.