Ad Fraud — The Third Horseman of the Adblockalypse

Odysseus and the Sirens. An 1891 painting by John William Waterhouse.- Wikipedia

In Greek mythology, Sirens were beautiful yet dangerous creatures. Sirens lured nearby sailors with their enchanting music and voices to shipwreck. For the purpose of our classical theme let’s call the Adblockalypse a shipwreck (of sorts). The sirens can represent various forms of ad fraud: the third horseman of the Adblockalypse.

Ad Fraud Explained

Ad fraud has risen in popularity in line with increased spending on programmatic advertising. The more advertising on the internet means the more opportunity for ad fraud. To understand ad fraud further, it is important to first understand how programmatic advertising works.

In basic terms:

  1. An advertising order gets sent to an ad exchange
  2. This order includes the target audience type based on user data
  3. The algorithms which drive the exchange find the most likely sites (within that exchange) that will deliver best results (results in most cases are clicks — to get customers into the mouth of the conversion funnel)
  4. The ads are served to the right person on the right device at the right time
  5. The campaign shows a good click rate or not

But how many of those clicks were clicks by humans?

The Real You — Aaron Jasinski

Globally, it is estimated marketers will spend nearly $200bn on digital campaigns in 2016. This will account for almost a third of total ad spending, according to the consultancy eMarketer.

Ad fraud will total $7.2bn in 2016, up 15% since 2015 according to recent research by White Ops and the Association of National Advertisers (ANA). This growth in ad fraud is in line with the growth of digital ad spend with some fraudsters scamming $250k per day.

How they do it?

By now you will have heard of bots. Bots are automated computer programs, which are programmed human behaviour. So just as I can code a bot to complete repetitive tasks, so too I can programme a bot to mimic mouse movements on a website and to click on display ads. Advertisers pay for those clicks and traffic even though they are not seen by people at all.

Like anything there are various levels of sophistication. Complex bots can mimic human behaviour, but more basic bots can easily be identified by machine learning other methods.

Different types of fraud — Enter The Sirens

Ghost Sites

This is a very common scam, where a website is essentially cloned and the content is scraped from a legitimate site. A ghost site has the sole aim of driving fake traffic using bots to serve ads and of course clicks, again delivered by more bots. Once created and content scraped, these sites are entered into ad networks and exchanges. Once accepted they are in the pool of legitimate sites that participate in programmatic advertising. Naturally, these sites perform well because the traffic and clicks are false.

Bots (The Trojan Horse)

The Procession of the Trojan Horse in Troy Giovanni Domenico Tiepolo (1727–1804)

Like the famous Trojan horse, bots can secretly take over your PC (using Malware) and falsify page views to sites and drive clicks on an advertising campaign, video or piece of content marketing.

Now think of the above at scale. Groups of bots hosted on many household computers driving thousands of page views are called Botnets. According to the White Ops report the vast majority of the bots came from home networks. They often use existing browser cookies to use real identities and appear as members of certain desirable demographics.

Ad Stacking


When multiple ads are stacked on top of one another, with only the top ad visible is called Ad Stacking. In the case of ad stacking, think of making paper dolls when you were a kid, when stacked only one is visible, while the rest remain hidden underneath the stack. In the digital publishing world where every impression counts (when CPM and impressions are the metric) this can be an effective scam.

SDK Stuffing

Keep the paper dolls in your head above and now let us move to mobile. Software Development Kits or SDK’s are a set of software development tools that allow the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform.

Like ad stacking above multiple SDKs can be put into an app and ads served, while the user will only see the one on the top.

iFrame or Pixel Stuffing

iFrame / Pixel stuffing is when a 1x1 pixel (invisible piece of code) is placed on a site. The user won’t see this, but these pixels can end up loading an entirely different website. The site that loads out of view in a 1x1

Auto-play Video

So many publishers still allow auto-play video when you go to a page, even more crazily with the volume up also. Sometimes these are extremely small or even barely visible on the page. What is really happening here is that when the ad plays that drives up both the view-count of the video and the thus the impressions of the ad.


Software exists than can send of a volley of clicks when the user just clicks once.

See no Evil


It would be remiss of me not to mention that there is a bit of ignorance is bliss in all this. Let’s cast ourselves back to the first Thursday Thought where we examined the knowledge gap in the industry.

Some marketers are simply reporting metrics that don’t really matter. Clicks rather than conversions, fans rather than engagement, unique users rather than community members.

To that end click through rate or web traffic being high keeps the monkey off your back, even if the monkey sees no evil, hears no evil and speaks no evil.

This mindset of hearing no evil is also representative of the main image of this post. The sirens used to lure sailors towards the rocks through temptation. Some publishers will have been similarly tempted to buy traffic to drive up their impressions so they are seen as more desirable by often time starved agency workers who buy advertising at scale. Those publishers are unwittingly buying traffic from the botnet fraudsters, who are simply selling traffic through a chain of middle men. So the fraudsters now have two revenue streams, the traffic sales of bot driven impressions and the advertising sales of bot driven clicks.

Don’t accept simple short term wins of higher traffic now, focus on slower organic growth of a community of advocates.

What can be done and is being done?


One of the reasons for the rise in viewability is to combat ad fraud. It is a tragedy of the commons situation where the few are ruining it for the many. Fraudsters driving poor user experiences means the more respectful and trusted publishers also suffer. The respectful ones pay the price with ad blockers, but also with all the hoops they need to jump through to make viewability changes on their sites.

Strip out and don’t charge for bot traffic

Some publishers and networks are running their own analytics and stripping out any fraudulent traffic. However during the latest report, Dan Kaminsky, co-founder and chief scientist at White Ops revealed that when they found fraudulent traffic, not everyone at those company knew they were doing this.

Google’s Work

Google has large dedicated anti-fraud hardcore teams scouring sites looking for botnet scripts. They reverse-engineer botnet code which gives them detailed blueprints of botnet behavior. Because of Google’s huge wealth of data, these blueprints can then be applied to the web and these blueprints tracked down.

The really interesting thing here is that the software Google have developed tracks certain blueprints. Because non-human traffic is coded it follows certain movement patterns, think of a mouse moving and clicking in a similar sequence over and over. This leaves a finger print. When Google spots this fingerprint in their exchanges they do not charge for this traffic. It is in their interest to clean up the web.

Measure Differently

Publishers can get technology to track more than clicks, behavioural data over historical data, so you can see how the click is happening. This can be in the form of heat mapping or hovers for example.


This is a huge element and one that just keeps on cropping up. Know your sites, know your sales reps, know your publisher and know your exchanges.

The entire marketing ecosystem needs to manage their media plans with far more accuracy. The data must be interrogated before the campaign, in real time during the campaign and effectiveness measured afterwards.

If you are an advertiser using exchanges you can also blacklist sites you are suspicious of, just be careful because you could really damage a publisher if this is done in error.

In next week’s Thursday Thought we will wrap up the Adblockalypse, although it is not going away and is going to get worse before it gets better, but in the meantime you could always hire Buyral.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.