It is estimated that advertisers could lose more than $6 billion globally to ad fraud in 2015 according to a study conducted by the Association of National Advertisers and detection firm White Ops Inc. The combination of advanced technologies, programmatic buying and a large influx of spend on online and mobile advertising make this a lucrative target for sophisticated cybercriminals, particularly in two areas.

The bulk of digital ad dollars are spent on two types of ads: impression-based ads such as banners, videos or mobile ads; and click-based ads such as paid search or mobile paid search. Given this combined $50 billion segment comprises 30 percent of all U.S. digital ad spending industry-wide, it makes sense that those are the two areas the cybercriminals focus on most – the payout potential is the largest.

Impression-based fraud

Impression-based fraud is perpetrated by cyber criminals in a few ingenious ways. First, they create fake websites with an over saturation of ads spots – leaderboards, boomboxes and skyscrapers all over the place surrounding content that looks like editorial to give the appearance of legitimacy. Then the pages are loaded with hidden iframes with up to 72 layers all placed “above the fold” to maximize viewability for ads that are set to be transparent to the viewer. These pages are populated with auto refresh code so the banners load continuously when visited. Imagine 72 layers of ads multiplied by 10 ads per page refreshing every 30 seconds. It is the equivalent of approximately 1,500 impressions per minute from only one unique visitor.

The second part of this scheme is the employment of bots.

These are software programs that run automated actions. There are good bots that help gather data, but in this case bad bots are mimicking a human’s visit to a website causing the page to load. You can see how easily the impressions served can quickly escalate into the millions in a given month. The ad space on these websites is sold to advertisers via a blind ad exchange where, through a bidding process, legitimate advertisers may be running ads on these fake websites that are being seen by no one. Many advertisers engage in programmatic advertising where all the transactions for securing advertising are automated making it harder to identify potential fraud issues.

To add to the complexity, bots can not only view the pages but they can also mimic a human’s actions by mousing over links and clicking on them. Some are even trained to complete forms making gating a somewhat ineffective way to measure the “humanness” of an interaction.

In addition to standard websites, video ads and mobile display are also becoming more of a target. Video is an enticing target because its cost per thousand is higher indicating there is more money to abscond from advertisers. Mobile is an appealing target because monitoring of it is not as sophisticated as online advertising, yet opportunities and investment in the medium are growing. For more on mobile media opportunities, see Sherie’s recent article.

Click-based fraud

Click-based fraud operates similarly to impression fraud in the way that fake sites are erected often using templates to mimic credible site formats. Expensive keywords are targeted and bots are instructed to type in the search terms. When a pay-per-click ad is returned the bot then clicks on the ad charging the advertiser and, ultimately, stealing money for their fake site. They are also sophisticated in hiding the referrer in the referring domain by redirecting multiple times and cloaking the links, making it harder to identify the clicker as fraudulent.

As you can tell from the common theme, cybercriminals are following the money – going after the bigger spenders and the highest margins. According to ad spend data from eMarketer March 2014 and the Integral Ad Science Q2 2014 Fraud Report, the travel, consumer electronics and pharma industries are prime targets because of their advertising spend and high volume of paid search investment. Running an iSpionage query on Wal-Mart reveals that the retailer spends an estimated more than $48 million a year on pay per click (PPC)! But B2B companies who spend significantly less cannot breathe a sigh of relief. As mentioned in Pam’s blog on B2B audiences, 57 percent of research is done online before contact is ever made with a company. With more and more money going to digital media to try and reach this audience while they’re researching online, identifying and protecting your company from ad fraud is not just a consumer advertising problem.

Whether you are consumer-focused or a B2B company, there are ways to help protect your advertising investment.

  • Work with trusted business partners – Make sure your partners are trusted and they have measures in place to combat bot traffic on their own sites. Vendors that offer site retargeting services employ ad networks but actively monitor the sites offered to advertise their client’s business. Ad exchanges and ad networks are more likely to have fraudulent impressions whereas publisher direct sites only make up 2 percent of fraudulent impressions. The fact that direct publishers are at 2 percent is a good thing for the B2B market since they are more likely to advertise there to reach their niche market than engage in large scale programmatic advertising.
  • Measurement of true performance – Where there is lack of measurement and ambiguity there is more of a chance for fraudulent activity.Measuring not only impressions and clicks but multiple specific actions once a visitor is on a website can help identify human or non-human visitors. These should be actions that are business levers versus ones focused solely on quantity. See my earlier blog on attribution to delve deeper into measurement.
  • Look at new tools and update blacklists and whitelists – Vet the sites that present themselves as harmful.
  • Work with your IT department – Aside from the efforts on external websites, your internal IT department is critical in combatting bots by keeping them from entering your own site and skewing action data.
  • Enlist professionals – With the seriousness of this issue, new types of companies that specialize in this area have formed to provide advanced analysis, develop technology platforms that look at viewability and brand safety, and offer services that detect non-human activity. In combination with your agency, IT professionals and a balanced, diverse media plan, these additional services may be helpful.

This article was taken from The M/C/C Blog.

Read more: How The Ad Fraud Menace Is Hitting Advertisers [Infographic]