The Ultimate Mobile Ad Fraud Glossary
According to Juniper Research, online ad spend lost to ad fraud will amount to $100 billion world wide by 2023.
What Does This Mean for You?
Firstly, if you’re not yet fully clued up about ad fraud, now’s the time to start familiarizing yourself with what it is and how you can prevent it.
In addition to wasted ad budgets, our Annual Ad Fraud Report revealed that ad fraud has had a global impact, and no country, business, or organization is fully free of the damage it causes, including:
- Negative impacts on brand safety and product optimization
- Erosion of trust in publishers, sub-publishers, ad agencies, MPPs, and ad networks
- Basing business decisions on skewed analytics and campaigns data
Keeping up with industry developments can be exhausting, especially when fraudsters are consistently developing new ad fraud techniques. Let’s start by taking a look at the basics of online traffic:
- Valid traffic: valid online traffic is generated by real users, people using their devices to surf the web with genuine interest.
- Invalid traffic: according to Google, invalid traffic is any activity that doesn't come from a real user with genuine interest. It can include accidental clicks caused by intrusive ad implementations, fraudulent clicking by competing advertisers, advertising botnets and more.
Depending on the level of sophistication there are two types of invalid traffic :
- General Invalid Traffic (GIVT) this would be fraudulent traffic that can be identified through simple means of filtration or metrics analysis.
- Sophisticated Invalid Traffic (SIVT) is more difficult to detect as it is developed by high-tech fraud organizations.
But that’s just the start: We’ve created the ultimate ad fraud glossary to make sure you know exactly what and who you’re dealing with when it comes to ad fraud.
Your Mobile Ad Fraud Glossary
Ad fraud: The act of intentionally falsifying engagement on an online advertisement.
Ad fraud prevention committee: A fraud prevention committee is a group of individuals that are tasked with overseeing deterring ad fraud within an organization.
Ad fraud prevention function: This comprises an ad fraud prevention process, a fraud prevention committee, and fraud prevention systems that help organizations prevent ad fraud. Some organizations have no ad fraud prevention function in place, while others may complete an annual ad fraud audit, or have a fully deployed ad fraud function.
Ad fraud prevention process: A fraud prevention process is a combination of people, systems, timings, and agendas that enable organizations to prevent ad fraud. Its main function is to align siloed systems, departments, and individuals to focus on ad fraud prevention as a holistic process.
Ad fraud prevention systems: These are the various tools and systems that organizations use to prevent ad fraud. They include anti-fraud SaaS tools, Content Management Systems (CMS), Customer Relationship Management (CRM) platforms, and analytics solutions that gather important data that helps in detecting fraud.
Ad injection: The visible or hidden insertion of ads into an app, web page, or other online resources. This is done without the consent of the publisher or operator of that resource. Ad injections occur when ad tags are taken from a publisher’s site and put onto another site without the publisher’s consent in order to gain more impressions, clicks, leads, or downloads.
Ad stacking: Fraudsters turn one ad placement into multiple ads. This is done by invisibly “stacking” them on top of multiple other ads to drive invalid impressions and clicks to ads that haven’t been displayed to any user—in fact, visitors are able to see only one ad.
Ad tag hijacking: According to Google Ads, ad tags can be stolen from a publisher's website and used on another site, often as an attempt to sabotage the brand’s reputation. Other times, it can occur as a side-effect of scraping and republishing content without the publisher's consent.
Ad fraud technique: The actual technical method used by fraudsters to perform ad fraud. Currently, these can be grouped into around 14 different main ad fraud techniques. You can find out more about each of them in this article.
Adware: Also known as Malware, adware is malignant software that is automatically installed on mobile devices, and is designed to fake legitimate user-generated traffic to a site or app. Adware generally serves visible or hidden ads to users in order to boost ad consumption. This belongs to the category of SIVT or Sophisticated Invalid Traffic.
Affiliate marketing fraud: This occurs when fraudsters fake conversions such as clicks, visits, lead captures, subscriptions, and app installs, which lead to click fraud, lead fraud, subscription fraud, and install fraud. Fraudsters can exploit all types of affiliate marketing programs, including CPM (cost-per-mille), CPC (cost-per-click), CPL (cost-per-lead), or CPA (cost-per-acquisition) payment models.
Bot fraud: This occurs when non-human traffic registers as an impression or click on an ad. However, not all bot traffic is bad traffic. Examples of good bots include search engine crawlers, site monitoring bots, and others that execute helpful, useful, and legitimate tasks without malicious intent.
Botnet: These are collections of multiple, malware-infected devices that are connected and controlled by fraudsters. Often, they are connected by a common piece of code and are controlled remotely by threat actors. Their aim is to infect as many connected devices as possible in order to use them for automated tasks.
Click farming: This type of ad fraud involves large groups of human workers (in a singular location or multiple locations) that are paid low wages or are otherwise incentivized to view and/or click on ads on behalf of a third party. This third party financially benefits from the workers’ illegitimate consumption of the ads.
Click fraud: This involves repeatedly clicking on ads in order to either generate revenue for the host website or to drain revenue from the advertiser.
Crawler traffic: Browsers, servers, or apps that make page load calls automatically without declaring themselves as robots. Instead, they masquerade as legitimate users.
Creative hijacking: Fraudsters copy creative tags from a legitimately-served ad without the advertiser's consent. This means that the ad can be shown again at a later time on another site or app. This can make it appear as if the publisher is getting more traffic than they really are from unwanted sources.
Click injection: This is a common form of mobile ad fraud involving the injection of clicks on mobile ads. It can also occur while an app download is taking place in an attempt to attribute that conversion to a different source. Fraudsters employ this scheme through malware that users unknowingly download to their mobile phones. Seemingly harmless applications will then infect a user’s device once downloaded.
Clickjacking: Fraudsters trick users into clicking a web page element that is invisible or disguised as another element within the site or app. Clickjacking can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
Click spamming: Similar to click injections, yet less sophisticated, click spamming produces thousands of illegitimate clicks. Instead of faking the click at the last second before a download, fraudsters use click spamming to flood a measurement system with thousands of low-quality clicks.
Conversion fraud: This happens when fraudsters’ actions, such as sign-ups to receive more information about a product, are reported as legitimate.
Cookie Stuffing: Cookies are text files that store information about a visitor’s browsing history (and therefore behavior and preferences). A browser's cookie history helps brands deliver targeted advertising by relaying information about the user. By using cookie stuffing, a browser’s history can be hijacked and filled with incorrect information about the visitor. For example, fraudsters operating in the mobile gaming industry stuff a user’s browsing history with mobile gaming-related cookies that drive up the cost of that user’s click, and then receive a higher payout for each click they generate.
Data-center traffic: This originates from servers in data centers, rather than residential or corporate networks. The ad is not rendered on a user’s device, but fake clicks are generated by an undeclared source.
Domain spoofing: This technique masks unsafe websites by actively hiding, tampering with, or mismatching the domain where the traffic originates from to hide the real website domains from users. These domains or URLs often look reputable and legitimate.
Geo masking: The cost of traffic depends on its location, and effective geo-targeting is essential to the majority of ad campaigns. Using geo masking, fraudsters get paid for traffic that doesn’t originate in a specified geographical location. For example, sign-ups from Nigeria can be masked as originating from the US, which makes undesirable, low-quality downloads appear to be of higher quality.
iFrame traffic: Fraudsters insert external content from another URL or other web pages into a webpage in order to exploit real users’ interactions and profit from advertisers.
Impression fraud: This is a type of mobile ad fraud where fraudsters create artificial impressions that create the appearance that ads have been viewed when in reality, they have not been. This type of ad fraud targets the pay-per-impression advertising model.
Malware: An umbrella term used to refer to a variety of forms of intrusive software, malware includes adware designed with malignant intentions.
Malware APKs (Android Application Packages): These application packages are essentially files in the format used by the Android operating system for distribution and installation of mobile apps, mobile games and middleware. In this case, the files are infected with malware. A common technique fraudsters use to spread malicious apps is to fake app package names.
Non-browser user-agent header or MSISDN injection: is when an infected device declares a user-agent header not normally associated with human activity. HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated. MSISDN information in browser headers is a clear indication of online fraud.
Non-human traffic: A generic term that is most often used to refer to bots or crawler traffic that create fraudulent ad impressions.
Phantom layer: These are websites that are operated specifically for the generation and laundering of ad fraud, by obscuring the source of inventory and impressions entering the online advertising ecosystem.
Pixel stuffing: Users are presented with a normal-looking ad that has been embedded with an illegitimate pixel that is so small it is undetectable. Users are unaware of being shown multiple ads at once, yet fraudsters get attributed for many more impressions. This method of fraud can be repeated countless times on a single page and can be achieved by using normal-sized pixels or tiny pixels.
Social spambots: These bots share unwanted content and links from social platforms.
Web crawler: Internet bots that systematically browse websites, typically for the purpose of web indexing.
Web scraper: A computer software technique that extracts information and data from websites.
The digital ad landscape is constantly evolving, and so are fraudsters’ techniques. Proactive ad fraud prevention is the only way to protect your organization’s future, improve key metrics, and ensure you’re making the best, data-driven business decisions.