Jump to content

Ad fraud

From Wikipedia, the free encyclopedia

Ad fraud (also referred to as Click Fraud or PPC Fraud) is concerned with the practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue. Ad-frauds are particularly popular among cybercriminals.[1][2]

While ad fraud is frequently associated with banner ads, video ads and in-app ads, click fraud has been associated with search marketing, mobile advertising and conversion fraud with affiliate marketing. AppsFlyer estimates financial exposure to app install fraud in Q1 of 2018 was as much as $800 million.[3]

Ad fraud is the categorical term inclusive of all forms of online advertising fraud. A successful ad-fraud campaign generally involves a sophisticated combination of Identity fraud and attribution fraud: for instance, sending fake traffic through bots using fake social accounts and falsified cookies; bots will click on the ads available on a scam page that is faking a famous brand.[4] In 2004 Google's CFO George Reyes said that fraud is the biggest threat to internet economy[5] with the first research paper covering the topic in 1999[6] or earlier. In 2016 World Federation of Advertisers published its first guidance on Ad fraud[7] to advise its members on how to counter the problem allegedly eating close to US$20 billion of its members ad budgets in 2015.[8]

Recent research has revealed new insights into ad fraud within search engine marketing. A study[9] conducted in 2023 found that the average rate of fraudulent activities in search engine advertisements is approximately 11.5%. This statistic highlights the growing importance of implementing effective fraud protection measures in search engine marketing to combat ad fraud.

Comparison with other Cybercrime[edit]

In a 2017 report Juniper Research estimates ad fraud to be worth US$19 billion[10] equivalent to $51 million per day. This figure, representing advertising on online and mobile devices, will continue to rise, reaching $44 billion by 2022. Ad fraud is the #1 cybercrime in terms of revenue, ahead of Tax-refund fraud.[11] HP Enterprise in its Business of Hacking report highlighted ad fraud as the easiest and the most lucrative form of Cybercrime.

Important Classifications[edit]

Types of Fraud[edit]

  • Bots / Non-Human Traffic Ad Fraud
  • Click Farms Ad Fraud
  • Ad Injection Fraud
  • Domain Spoofing
  • Cookie Stuffing[12]


Responses to Ad Fraud[edit]

In 2017, P&G and Chase suspended their digital ad budget of $200 million dollars and reduced their ad shares from 400 thousand to 5 thousand in an attempt to reduce their exposure to ad fraud.[14]

Sources of Traffic[edit]


  • Banner
  • Video
  • In-App
  • Social

Types of mobile ad fraud[edit]

Online advertising fraud is a leading concern amongst almost 50% of mobile marketers according to a report from iotec.[16] Ad measurement and verification vendor TrafficGuard reports 7 different types of mobile ad fraud across 2 different categories:[17]

Category Description Types
Attribution Fraud[18] Attribution fraud is when a real user downloads an app and a fraudster attempts to claim attribution for that install. Attribution fraud sees the advertiser pay for a user it attracted through other channels. Types of attribution fraud:
  • Click Spam
  • Ad Stacking
  • Click Injection
  • In-app Event
  • Evasion Techniques
Install fraud[19] Install fraud is when app installs are not from genuine app users. These installs may be from bots or from people that are not its intended users. These installs don't deliver return on ad spend (ROAS). Types of install fraud:
  • App Install Farms
  • SDK Spoofing
  • Evasion Techniques

Sourced Traffic[edit]

In a recent publication by Association of National Advertisers sourced traffic was reported as a notable form of ad fraud,[20] a practice where companies partaking in the formal online advertising market buy fraudulent traffic to resell it as legitimate. Sourced traffic has been mistakenly referred to as arbitrage, because buying Sourced traffic does not have any potential for return where as in financial markets arbitrage refers to "risk-free" trading of legitimate assets. While there is no evidence to support the claim, and such evidence would be impossible to conclusively gather, it may be that Sourced Traffic represents lion's share of the Ad fraud market due to the ease and popularity of acquiring and reselling it. The only evidence-based study to Sourced Traffic found in 2016 that around 50% of the acquired traffic was originating from data center IP addresses[21] and that selected Ad Fraud verification vendors Integral Ad Science and Moat largely failed to detect it as ad fraud. The report also showed how easy it is to acquired Sourced traffic as low as $0.001 per click, a price in stark contrast to the going price for click in the formal market which is typically $1 or more.[22]

Non-profit activity[edit]

In 2016 there were four notable non-profit organizations focused on creating awareness and availability of resources for countering ad fraud: Botlab, JiCWEBS, Media Rating Council (MRC), and Trustworthy Accountability Group (TAG). Each have published various guidelines and commentaries on ad fraud, most notable of which is the Media Rating Council's Invalid Traffic Detection Guidelines.[23]


  1. ^ Wilbur, Kenneth C.; Zhu, Yi (2008-10-24). "Click Fraud". Marketing Science. 28 (2): 293–308. doi:10.1287/mksc.1080.0397. ISSN 0732-2399.
  2. ^ Richet, Jean-Loup (2022). "How cybercriminal communities grow and change: An investigation of ad-fraud communities". Technological Forecasting and Social Change. 174 (121282): 121282. doi:10.1016/j.techfore.2021.121282. ISSN 0040-1625. S2CID 239962449.
  3. ^ Natanson, Elad (11 June 2018). "Mobile Ad Fraud in 2018 - Tackling the Newest Threats". Forbes.
  4. ^ Richet, Jean-Loup (2022-01-01). "How cybercriminal communities grow and change: An investigation of ad-fraud communities". Technological Forecasting and Social Change. 174 (121282): 121282. doi:10.1016/j.techfore.2021.121282. ISSN 0040-1625. S2CID 239962449.
  5. ^ Crawford, Krysten. "Google CFO sounds an alarm - Dec. 2, 2004". money.cnn.com. Retrieved 2017-01-07.
  6. ^ "On the security of pay-per-click and other Web advertising schemes" (PDF).
  7. ^ "Compendium of ad fraud knowledge for media investors" (PDF). Archived from the original (PDF) on 2018-02-01.
  8. ^ "Report: For Every $3 Spent on Digital Ads, Fraud Takes $1". Retrieved 2017-01-07.
  9. ^ admin (2023-11-22). "Fraud Protection Report 2023 - KIM LABS® GmbH, Trier". Kim Weinand - Kim Labs (in German). Retrieved 2023-12-05.
  10. ^ Barker, Sam (25 September 2017). "Juniper Research - Future Digital Advertising: AI, Ad Fraud & Ad Blocking 2017-2022". Juniper Research.
  12. ^ "The Main Types of Mobile Ad Fraud | Interceptd". January 14, 2020.
  13. ^ "5 Common Types of Ad Fraud and How They Affect Publishers". www.adpushup.com. Retrieved 2022-10-24.
  14. ^ Fou, Dr Augustine. "Out Of The Darkness (Of Ad Fraud) And Into The Light". Forbes. Retrieved 2020-08-02.
  15. ^ "Click Farms: What Are They & What Are They For? | ClickCease". 25 March 2021.
  16. ^ "Mobile ad trends: Ad fraud tops transparency concerns". iotec. 13 November 2017.
  17. ^ "Your definitive guide to mobile advertising fraud". TrafficGuard. 13 August 2018.
  18. ^ "Attribution Fraud: Are You Getting Gamed? | AdExchanger". AdExchanger. 2016-07-08. Retrieved 2018-10-23.
  19. ^ "Study: App install fraud jumped 30% in Q1". Mobile Marketer. Retrieved 2018-10-23.
  20. ^ "Sourced Traffic: Buyer Beware | Industry Insights | All MKC Content | ANA". www.ana.net. Retrieved 2017-01-07.
  21. ^ "Mystery Shopping Inside the Ad-Verification Bubble". 2016-06-08. {{cite journal}}: Cite journal requires |journal= (help)
  22. ^ "The Cost of Pay-Per-Click (PPC) Advertising—Trends and Analysis - Hochman Consultants". Hochman Consultants. 2015-11-24. Retrieved 2017-01-08.
  23. ^ "Invalid Traffic Detection and Filtration Guidelines Addendum" (PDF).