Dr Augustine Fou, Marketing Science Consultant, outlines three steps marketers should take right now to help combat ad fraud.

The story of Ozy Media is not new, nor will it be the last, not by a long shot. But it does show that the momentum is changing. The momentum is shifting from passively ignoring digital ad fraud to taking small steps to start remedying it. Advertisers had previously convinced themselves that while there was fraud, it was not happening to them. More of them are finally willing to admit there is a lot of fraud and that it may be happening to them. Further, more parties are willing to publicly disclose and document the ad fraud. For example there have been 11 documented ad fraud cases in 2020-21 in CTV alone, up from a handful of cases reported annually. Most of these cases involved simple techniques, e.g. using algorithms to rotate through lists of connected TVs, streaming devices, CTV apps and residential IP addresses to simulate requests for ads. Buyers paid for these faked CTV ads when no ads were served and no real TVs or streaming devices were ever needed. Digital ad fraud remains so simple to commit and so lucrative that more fraud schemes spring up when older ones are detected; and many more cases remain undetected. Just like in cybersecurity, “hackers have had unauthorized access for years before they were detected.”

The recent successful lawsuits against ad fraud are hauntingly similar too. Uber successfully sued Phunware for outright fraud – the brand was billed for clicks that were never delivered and ads that were never run. Outcome Health, a US-based healthcare tech firm, paid a $70 million fine and settled with the Office of the Inspector General for “falsifying affidavits and proofs of performance [and] inflating patient engagement metrics.” And the so-called “King of Fraud” was found guilty of using “a bot farm and rented servers to fake internet traffic at media sites. These fraud cases, the eleven CTV fraud examples, and Ozy all relied on fraudulently inflating metrics like impressions, clicks, and views commonly used as indicators of success in digital marketing programs. These metrics are trivial to fake using botnets and other techniques. 

Fraudsters can set up hundreds of fake sites, populated entirely with plagiarized content, and get those sites added to top-tier ad exchanges to start selling ads. The experiment by CNBC reporter Megan Graham showed how simple this was. She set up a fake website, plagiarized all her own articles, applied to eight ad exchanges, got accepted into seven of them, and started running ads from major advertisers, all within the span of one week. This process is so trivial, and the profits are so lucrative, that it is irresistible for criminals ranging from script kiddies to organized crime to get a slice of the nearly $400 billion pie of annual digital advertising spending. Similarly, thousands of sites offering free downloads of pirated music and movies are feasting off of the ad revenue they are receiving from selling ads through programmatic channels [WhiteBullet, Sep 2021]. 

How to spot ad fraud

Why was this not obvious before, when it is so obvious now? Well, for starters, advertisers and their media agencies loved three key characteristics about buying ads through programmatic channels: 1) scale and reach; 2) cost efficiency; and 3) performance. However now that the emperor without clothes has been outed, it is easy to see these terms are euphemisms for 1) super large quantities; 2) low CPM prices; and 3) lots of clicks. Super large quantities of ads are only possible from sites that use fraudulent means to generate traffic. Remember “bought traffic = bot traffic.” Legitimate publishers with real human audiences don’t generate super large quantities of ad impressions to sell. Low CPM prices are only possible from sites that cheat, e.g. plagiarize all their content or inflate ad impressions fraudulently. Real publishers with real journalists and editors cannot afford to sell ads at very low CPM prices. And finally, lots of clicks has been taken to mean better performing campaigns. So bots click a lot; humans don’t. Fake sites always have higher click rates than real ones. The appearance of performance tricks advertisers into allocating more budget to fraudulent and fake sites and away from real publishers. 

Three steps to take right now

This is the “emperor without clothes” moment. It is time to inspect your digital campaigns more closely. Here are three steps marketers can take right away.

  1. Ask for domain level placement reports, if you haven’t gotten those before. That way you can see where your ads went, and you can see if you are spending money on hundreds of other sites doing traffic and audience inflation like Ozy. 
  2. Check if your ads are spread around lots of domains and apps, or if they are concentrated in only 10–20 sites. If it is too concentrated in a small number of egregious fraudulent sites, you didn’t get the “reach” you thought you were getting in programmatic. 
  3. Check your own analytics to see if there is anything strange about the clicks arriving on your site from these campaigns. It should be obvious you need to ask harder questions if you are seeing a bunch of clicks in the overnight hours (when humans are sleeping) and visitors that stay for :01 second. Those are not valuable to you. 

Don’t let this opportunity pass to find fraud and reduce it in your own campaigns.