The 8 Most Common Ad Fraud Methods & How to Avoid Them in Your Online Campaigns

Last updated on by Ted Vrountas in Advertising

Up to $100 billion. That’s how much ad fraud stands to cost the industry in 2023:

And though it’s prevalent enough that nearly 70% executives call it the biggest hindrance to budget growth, how brands are being stolen from remains a mystery to many. And if you don’t know how you’re being deceived, you stand powerless to prevent it. Today, we cover some of the most common types of ad fraud and how to avoid them.

8 Common types of ad fraud and how to avoid them

As creative as advertisers can be in campaign design and execution, so can fraudsters in their schemes to defraud brands. From domain spoofing to click farms, here are the most common ad fraud schemes, followed by tips on how to avoid them.

1. Domain spoofing

Bidding for ad space takes into account a placement type, website content, traffic quality, etc. The higher placement is in quality, the more a publisher can charge for it. Domain spoofing takes advantage of this system a few different ways, by tricking the advertiser into thinking they’re paying for better inventory than they are:

In all cases, domain spoofing games the system to defraud advertisers and publishers. Simple domain spoofing, like URL substitution, can be caught by diligent advertisers. More complex forms require more complex defenses.

2. Cookie stuffing

Cookies are text files that store information about a visitor’s browsing behavior. They help brands deliver advertising by passing along information relevant to their bid, analytics, creative, etc.

But these cookies can be hijacked and filled with incorrect information about the visitor. It’s common in affiliate marketing, where marketers partner with a brand to advertise their product.

By stuffing text files with false information, the marketer can steal credit for a click, conversion, sale, etc. And by doing so, they get a payout they don’t deserve:

3. Click injection

Click injection is a common form of mobile ad fraud. Like the name makes it sound, click injection is about “injecting” fake clicks into an advertising scenario. These clicks go to an ad or app download, and they result in misattribution, which gives the fraudster credit for producing a click.

Fraudsters employ this scheme through malicious apps that users unknowingly download. Seemingly harmless applications, which might provide wallpaper or a voice changer, for example, will infect a user’s device once downloaded.

There, these apps will run in the background to, as Tech Crunch puts it, click “invisible ads without the user’s knowledge.” By inflating the number of clicks produced, the fraudster can maximize revenue earned from generating the click.

In addition to inflating ad clicks, this scheme can hijack credit for downloads. It’s particularly common on Android devices, which will “broadcast” to all existing apps when a new app is installed on the device. When the malicious app receives this broadcast, it produces a fake click that steals credit for the download and the reward:

4. Click spamming

Like click injection, click spamming produces dishonest clicks. But instead of faking the click at the last second by injecting rogue code, click spamming will flood a measurement system with low-quality clicks and hope that one of them sneaks through to steal credit. In a blog post for Interceptd, Brittany Irhig offers a helpful analogy:

Click spamming is akin to turning up at the front door of a random stranger and pretending you’re their long-lost relative, hoping they will believe you and invite you in for a free meal. It is unlikely you will be successfully mistaken (misattributed) for the genuine relative; however, if you visit 40 houses every day for a month, you increase your chances of a free feed. Dodgy? Yes. Sophisticated? No. That’s click spamming.

Fraudsters can do this with the help of software, or for clicks that appear more legitimate, even use human-powered click farms. These involve diligent work from groups of low-paid employees whose responsibility is to click on ads or install and uninstall ads to generate revenue. Click farms are often located in other countries, which makes their clicks relatively easy to identify. An influx of clicks from a source like India, for example, is likely evident of a click farm scheme.

5. Pixel stuffing

Imagine how many ads you could show if they were displayed in a 1×1 pixel area! This is what pixel stuffing is.

When fraudsters use pixel stuffing, they’re presenting a larger ad in a space so small it’s undetectable. And even though visitors don’t see it, the fraudsters get credit for the impression. What’s worse, this method can be repeated countless times on a single page:

6. Ad stacking

Pixel stuffing isn’t the only way to cram more ads than there’s room for on a publisher’s website. When fraudsters want to turn one ad placement into multiple, they can use ad stacking.

To conceptualize ad stacking, imagine you’re at a bookstore walking through aisles and viewing books. You see the cover, but you obviously cannot see the pages. This is similar to what happens to visitors when they arrive on a site where ads are being stacked.

A visitor can see one ad, but it will be “stacked” on top of others, like this:

Here, the visitor only actually sees one ad in one placement, but the fraudster gets credit for showing eight.

7. Ad injection

Injecting clicks is about producing clicks where there are none. Injecting ads can be the same.

Through browser extensions and adware plugins, ad injection allows fraudsters to put ads where they don’t belong.

They can hijack a server to slip an ad of their choosing into a space that belongs to a different advertisement. And according to AdCumulus, they can even place ads on a website that doesn’t normally show ads at all.

8. Geo masking

Where is your traffic coming from? The US? Outside it? Depending on its location, the cost of generating it can change.

Effective targeting of this traffic is central to any campaign. And likely included in that targeting is specific location parameters. If you know your customers tend to generate more value if they’re from the US, you may focus specifically on US customers. When you place the order for your campaign, you’ll be able to specify.

Fraudsters, however, can take your money for high-quality traffic, then sell you traffic that isn’t as valuable. And with a technique called geo masking, they can make that low-quality traffic appear to be high-quality.

The result: They make money on the advertiser paying for low-quality traffic, which appears to be from a high-quality source. Luckily, an advertiser paying close attention to their campaign will notice that numbers won’t add up. They may have a significant number of clicks, but high-value conversions will be very rare.

How to avoid common types of ad fraud

There’s no universal advice for avoiding ad fraud. In some cases, it can be prevented with advertiser diligence. In others, no amount of sleuthing will uncover sophisticated swindling. In a white paper on ad fraud, Ad Form offers some great tips for avoiding ad fraud based on type.

More recently, app-ads.txt was developed to lower fraud on mobile, and ad.cert now aims to prevent ad injection. Adopting these standards will bring a level of transparency that will make it more difficult for fraudsters to infiltrate publishers.

Drive real clicks and convert more with Instapage

A good portion of ad fraud can be prevented through advertiser diligence. With Instapage, you’ll not only be able to create personalized post-click landing pages that turn real clicks into conversions, but you’ll also have the industry’s most advanced analytics dashboard to monitor KPIs and take ownership of your data.

Learn how with a demo of Instapage, the only post-click automation platform.

Turn More Ad Clicks into Conversions

Try the world's first Post-Click Automation™ solution today. Start a trial or schedule a demo to learn more about the Enterprise plan.