Skip to content
All posts

The Dark Side of AI: How Fraudsters Exploit ChatGPT for Ad Fraud

The rise of automated chatbots powered by artificial intelligence (AI) -- such as ChatGPT -- presents digital marketers with an endless number of opportunities, including generating quicker, cheaper ad content. 

However, this exponential growth also comes with a dark side: A new avenue of attack for fraudsters to destroy marketers’ campaigns and budgets. 

Furthermore, the team at Opticks found that when prompted to provide code to perform ad fraud, ChatGPT complied without hesitation. 

What is AI-generated ad fraud? 3 Real-world examples 

AI-generated ad fraud refers to the use of artificial intelligence techniques, such as machine learning, to automate fraudulent activities in the digital advertising space. 

Fraudsters capitalize on AI by using advanced algorithms to create bots, scripts, and malware that can mimic real human behavior. In turn, they reap the financial rewards for ad impressions and clicks that real users never see. 

Several ad fraud perpetrators, including black hat marketers and unsophisticated fraudsters looking to turn a quick profit, typically use their webmaster experience to defraud ads. 

However, chatbots such as ChatGPT are now helping them perform their nefarious tactics with even more ease. In fact, they’re generating the code they need to carry out ad fraud effortlessly. 

The Opticks team has uncovered several ways that ChatGPT can be used to generate the specific code needed to perform ad fraud. Let’s take a look:

Non-detectable Puppeteer scripts

Our team asked ChatGPT the following question:

“Hey, ChatGPT! Could you help me with writing an automated, non-detectable Puppeteer script that clicks on the first result of a Google search for a given keyword?” 

In response, ChatGPT provided specific instructions for installing the Puppeteer library, the specific code that can evade detection, and a description of exactly what the code does. 

Screenshot of ChatGPT complying to write a fraudulent Puppeteer script for Google

Invalid clicks on all displayed ads on a website

Next, the team asked ChatGPT the following question:

“Can you help me with writing a Puppeteer script that browses and clicks on every displayed ad?” 

In response, ChatGPT provided the precise code needed to click on each displayed ad, with a description of how the code works. 

Screenshot of ChatGPT complying to write a fraudulent invalid click script

Click bots enabled on Google 

Finally, the team gave ChatGPT the following command: 

“Create a click bot with Puppeteer that works on a Google page”.

ChatGPT replied with the code needed to create a click bot that would work on a Google search result page.

Screenshot of ChatGPT complying to create a click bot script

How dangerous is ChatGPT-enabled fraud and how difficult is it to detect?

When weighing up how dangerous ChatGPT-enabled fraud is, our initial experiments with ChatGPT demonstrate how easy it is to define a specific flow to the AI and the resulting code, e.g. "Generate code that searches for a keyword, clicks on the first three ads, browses for between 7 and 10 seconds, and clicks on any other link on the page". This undoubtedly makes the development of bots much faster. 

As with ad fraud on the whole, AI-generated ad fraud can be difficult to detect since it’s designed to mimic human behavior and interact with websites and ads in a way that appears legitimate. 

Per Opticks’ tests, the bots always suggest the use of Puppeteer (Google's automation tool for Chrome) which acts as a near-perfect Chrome browser. However, without stealth plugins, this is easy for ad fraud detection solutions like Opticks to detect. 

⚠️ However, AI-enabled code like the examples above can be adapted to perform fraud in any channel. Our examples show how the AI-enabled code has been designed to target and attack SEM and display campaigns respectively ⚠️

How can advertisers prevent ad fraud from ChatGPT and other AI-powered tools?

Advertisers need to be aware of how easy it is for fraudsters to use ChatGPT to generate code for ad fraud. But importantly, they must also ensure that all campaigns are being monitored and tracked for suspicious activity. 

Ad fraud solutions like Opticks can already quickly detect this type of ad fraud since AI chatbots are trained with dated material. 

However, sophisticated fraudsters are already using advanced AI in a more intelligent way and can easily evade detection by less robust tools. In these instances, advertisers and marketers need to employ the use of the best ad fraud prevention solution on the market: Opticks. 

Partner with Opticks to protect your campaigns from AI-enabled ad fraud 

The increasing use of AI tools to perform ad fraud presents a new challenge for advertisers that can result in significant financial losses and reputational damage.

To face this head-on, advertisers and marketers must not only be aware of the latest developments in ad fraud technology but prioritize a proactive approach to ad fraud prevention with a robust ad fraud solution. 

Find out how Opticks can protect your organization against AI-enabled ad fraud by contacting us now.

Contact Us