Common Types of PPC Ad Fraud You Should Know About

Your Ultimate Guide To Using Google Ads IF Functions

Online fraud is the fastest growing category of crime and this threatens advertisers, as well as the digital advertising industry generally. If you run PPC campaigns, ad fraud can potentially devastate you marketing budgets, campaign data and ad profits. 

If you haven’t heard of click fraud, this describes those one in five clicks on PPC ads that are fraudulent; this does not mean that all invalid clicks are fraudulent, but taken together that is a significant amount of investment lost when taken cumulatively over the course of your campaigns.

Worryingly, ad fraud comes in many guises, but they will target PPC ads in particular. To shine a light in this dark advertising space and learn how advertisers can protect themselves, let’s dig in…

Generally speaking there are two main perpetrators of ad fraud: fraudulent publishers, often organised crime groups seeking clicks to their ‘piggy-back’ sites that look like your pages, but when clicked to initiate the download of malware to your customers’ devices.

Your competitors also seek to undermine your competitiveness online, scraping data on your ad performance in order to under-cut you. 

Both players use a variety of methods of what is broadly termed ‘click fraud’. Here’s your handful to start you on a path to tightening up your online security. 

Click Farms 

Click Farms have been around for a long-time and vary in sophistication. Unreal as it sounds, imagine a someone in a poor part of the world where people are paid maybe a dollar a day to sit in front of a computer, or sitting with a cheap mobile phone, clicking away at your ads, to bust through your PPC budget by upping your cost per click.   

This is made possible due to poor online advertising regulation in countries like the Philippines, India, or China.   Until that environment changes, be aware that click farms are big (illegitimate) business, albeit the likes of Google, Yahoo and others are doing their best to protect their advertisers by keeping abreast of potential loopholes and backdoors. 

Bots 

Incredibly, automated bots have been estimated to account for 40% of internet traffic; fortunately their success rates can be made much lower with correct campaign set up. Otherwise, these algorithmic ‘bad bots’ mimic real human activities across online digital applications, but with malicious purpose.  They can perform repetitive, simple tasks extremely rapidly, such as faking ad clicks. Imagine then the scale possible here for speedily draining your PPC advertising budgets. 

Of course, this too increases your CPC rate and the overall cost of your ad campaigns.  If your ads are targeted by malicious competitors, running profitable campaigns becomes impossible without protections in place. 

Click Spam 

Fraudsters can target your ads with click spamming, where real users’ identity is hijacked to execute clicks.  This clearly requires a level of sophistication, but lucrative for organised crime groups.

This is made possible when a real would-be customer loads a mobile web page or an app, where fraudsters are operating. Unbeknownst to the user, fraudsters can then:

  • Manually or automatically click ads in the background
  • Direct the user’s clicks to invisible ads in the background 
  • Send clicks from a user’s device to selected affiliate programme hosting vendors to receive payouts for ad clicks they have generated for the advertiser

Geomasking 

Geomasking is a common fraudster technique to hide the location of clicks they generate. This is particularly a problem for advertisers in countries or areas perceived as lucrative by criminals.  Locations such as the U.S.A. or U.K. may be targeted because of levels of ad spend in those countries. 

Data Centre Traffic

Data centres and hosting providers are not immune to fraudulent activity.  This internet infrastructure is invaluable for operating fraud schemes.  For instance, facilitating fast, high-bandwidth networks, allowing anonymity, and ‘on-demand, elastic hardware’.  IBM describes Elastic Capacity on Demand as being able to create flexible capacity for data transmission, “…by activating and deactivating processor cores and memory units…”. This means that when bandwidth increase for greater activity online is only intermittent, those users become less easy to detect, particularly if fraudsters operate different business peaks to those one might ordinarily expect.

Fraudsters are exploiting data centre potential for anonymity.  Their infrastructure is especially valuable to criminals as a proxy/anonymizer VPN, which covers the true location of their operations, or event their purposes.  Operating invisibly, they can launch malware and catastrophic automated software from their computers.

A number of criminal operations have exposed fraudsters using hundreds of servers in cloud data centres.  Emulator programmes allow fraudsters to run software from an alternative device on a computer, or use a different operating system. This means criminals can use emulators or browsers to generate mobile and desktop traffic on a huge scale. 

Fool Proof Advertising is in Seeing the Scale of the Problem

Just to get a feel for levels of fraud in advertising, we’re sharing some statistics here:

  • This year, so far, ad fraud costs have been calculated at $81 billion. This is predicted to increase to $100 billion next year.
  • Interceptd claim 31% of iOS app and 25% of Android app installations are fraudulent. (Yes £1 in every £3 lost; your own apps need to be fraud proofed!)
  • Adobe claim ‘non-human’ web traffic was 28% of 2018’s total; i.e. $66 billion of all ad spend
  • The APAC region is impacted hugely: $75 billion in 2022
  • Fraud attempts are 25% lower for in-app advertising than web ads
  • Total Ad Fraud, 2018 breakdown:
    • App Install Farms: 42%
    • Click Spam and Ad Stacking: 27%
    • Click Injection: 30%.

       

The Business of Apps cites “…the impersonal nature of the transactions, a complex and often-opaque supply chain, and a reliance on easily-fiddled metrics…” driving ad fraud. Mobile tech makes security challenges more complex.

Cost management demands click fraud prevention, alongside tackling security from identity theft for buyers.   Understanding fraud amongst your traffic metrics is not an over-night exercise and is a necessary learning curve for any company looking to minimise business risk. Ad agency partnerships help you address issues faster.

Sam Nouri
Sam Nouri
Hi! I'm Sam Nouri, the founder of AdsRunner. I've been working as a full-funnel digital marketer for nearly a decade, and have managed millions in ad spend for my clients. My aim is to help businesses scale and hit their growth milestones one at a time using innovative advertising methods and proven digital marketing strategies across all digital channels.
Sam Nouri
Sam Nouri
Hi! I'm Sam Nouri, the founder of AdsRunner. I've been working as a full-funnel digital marketer for nearly a decade, and have managed millions in ad spend for my clients. My aim is to help businesses scale and hit their growth milestones one at a time using innovative advertising methods and proven digital marketing strategies across all digital channels.