If you carry out any form of digital marketing you cannot afford to ignore the impact of Ad Fraud.

According to Marketingdive: “Global consumer products companies waste roughly $50 billion, or more than half, of their collective investments in digital marketing and trade spending.”

What is Ad Fraud?

Essentially Ad Fraud is any attempt to defraud digital advertising networks for financial gain. Scammers and criminal gangs frequently use bots and click farms to carry out Ad Fraud, but they’re not the only methods.

Ad Fraud using bots is typically referred to as Click Fraud and is common in the following types of digital advertising:

  1. PPC (ads on Google, Bing)
  2. Social media promoted posts
  3. Programmatic advertising
  4. Other paid for media, such as display banner ads
  5. Influencer marketing

Understanding the Ad Network

An ad network is a technology platform that serves as a broker between a group of publishers and a group of advertisers. 

It acts as a mediator responsible for introducing the right impression to the right buyer. It partners up with publishers (supply-side) and advertisers (demand-side) to help them reach their ad campaign goals.

Ad networks operate in conjunction with ad servers (AdTech used by publishers, advertisers, ad agencies to manage and run online advertising campaigns). 

Ad servers are responsible for making instantaneous decisions about what ads to show on a website, then serving them. On top of that, an ad server collects and reports data (such as impressions, clicks, etc.) for advertisers to gain insights from and monitor the performance of their ads.

And it is here where the majority of vulnerabilities occur.

Ad Fraud: Understanding the ad network

Other forms of online Ad Fraud also exist

Ad fraud explained

Fraud on the ad networks via fake clicks aren’t the only type of Ad Fraud, however. Criminal gangs and cyber fraudsters also use the following five methods:

Hidden Ads

This occurs when an ad is displayed in such a way that it’s not obviously visible to the website user. It targets the ad networks that pay out based on impressions (views of adverts) rather than active clicks.

Click Hijacking

Used when an attack redirects a click on one advert and sends the user to a completely different ad result – effectively stealing the click. For this type of fraud to work, the attacker has to have compromised the user’s computer, the ad publisher’s website or a proxy ad server.

Ad Fraud Click Hijacking

Similar to the above. The attacker replaces an advert for Joe Bloggs Jeans with one for Sam Brown Chinos.

Fake App Installations

Click farms* are set up to install apps thousands of times and interact with them in bulk, thereby distorting the number of times an advert might be shown within an app – especially on mobile apps. 


Scammers create botnets and fake click farms to generate thousands of false impressions on an advert or fake visits to a website which displays ads.

Ad fraud: who's behind the bots

Why are botnets so effective?

Imagine a thousand bots, all accessing different websites, mimicking human behaviour and looking like a real person surfing the web. The botnet creator now has a network which appears to be real and which can then be directed to a fake website. 

Ad fraud - why are botnets created?

This fake website now looks like it’s genuine, receiving high volumes of traffic from thousands of real people. Marketers want to place ads on the website because they believe their products and services will be seen by thousands of potential customers.

The ad network that serves the ads pays the bot owner for the ads displayed and the scammers profit from a completely fake set-up.

Ad fraud is a $50 billion problem

Who runs the Ad Fraud schemes?

Economists at the University of Baltimore have found that at present, one-in-ten ad-clicks across all eCommerce campaigns are fraudulent

Many scams are run by illegal organisations and gangs who funnel the proceeds into organised crime, including money laundering, human trafficking and drugs.

What can you do to mitigate against Ad Fraud?

Be aware of the problem. Then ask yourself three simple questions.

What percentage of internet traffic is fake?

What percentage of traffic on your digital marketing campaigns is fake?

Who is responsible for monitoring and preventing fake traffic in your organisation?

Here is the conservative answer to the first question.

40% of all internet traffic originates from non-human sources. 

This is nothing new either. Fake traffic has been a problem for almost a decade. Back in 2004 Google’s then CFO George Reyes said that fraud was the biggest threat to internet economy and Ad Fraud has now overtaken credit card fraud.

To discover the answer to the second question, you need to monitor your own digital marketing campaigns. This gives you the answer to the third question. Being aware of the issue, and making sure your internal team and any digital marketing agency you may use are also monitoring campaigns, is vital.

It is important to acknowledge you are not going to be able to completely remove all bots from your campaign traffic, but you can take steps to reduce the impact on your budget.

Tools exist which use machine learning to judge user behaviour against a  baseline and they then identify the “users” which are likely to be bots based on intelligent data.

They can then be filtered out of your digital marketing activity, along with the more easily spotted malicious bots, while allowing actual humans and good bots (spider search engines and similar) to continue interacting with your website as normal.

Terminology referenced in this article