Are Bots Hijacking Your Marketing Budget?

Editor’s note: Noam Schwartz is leading Business Development in SimilarWeb. His previous company Tapdog was acquired by SimilarWeb in the beginning of 2014.

Ad fraud is a well-known “secret” in the online marketing world, and it’s been around ever since ads have existed on the Internet. Experts estimate that for every $1 a company spends on online advertising, almost half is lost to digital ad fraud.

But in 2014, ad fraud has taken center stage. This month the Interactive Advertising Bureau (IAB) released their “Anti-Fraud Principles,” meant to reduce robotic traffic, or bots, and other forms of online traffic fraud. And earlier this year, IAB chairman and Ziff Davis CEO Vivek Shah publicly admitted that 36% of all web traffic is non-human traffic. (Other ad execs say it’s closer to 50%.)

What more, the problem seems to be growing. Last year, Google disabled ads from more than 400,000 sites hiding malware, up from 123,000 sites in 2012.

Bots, Stuffing, and Stacking Scams

So how exactly do fraudsters hijack your marketing budget? Unfortunately, there are a lot of ways to perpetrate traffic fraud, including the following:

  • Clickjacking malware. This kind of malware sends real users to websites they never planned to visit in the first place. Another method is to have bots imitate real users by “clicking” on ads or repeatedly loading a page.
  • iFrame stuffing. iFrame stuffing compresses an ad into a tiny one-by-one pixel size. The ad is served up on a site as a real ad and reported as a view, even though a real user would never be able to view such a tiny ad.
  • Ad stacking. In this type of scam, multiple ads are placed on top of each other in a single ad placement. Only the top ad is in view, but all of the ads are reported as viewed.

These kinds of traffic fraud manipulate metrics like page views and click-through rate, making cost-per-impression a dangerous pricing model for advertisers.

To get an idea of just how dangerous it can be, let’s look at one of the most elegant scams out there today, one that works using illegal bot activity. To set up the scam, a fraudster could create a magazine-style website for the sole purpose of hosting ads. Content is added automatically from content farms or copied from real publishers.

Then, the fraudster distributes malicious software (or piggybacks on existing ones), that causes the infected computers to open numerous browser windows in the background, completely hidden from the user.

The browsers are directed to the fraudster’s fake webpage and emulate human behavior by hopping from link to link, virtually moving the cursor, scrolling, and occasionally clicking on ads.

Here you can see a video of illegal bots in action:

So here’s where advertisers take a hit in the marketing budget. Let’s say that the fraudster manages to distribute malicious software to just 100,000 computers. If each of these computers opens 50 hidden browsers every day, spending 30 seconds on each page and clicking an ad once every 200 pages, the fraudster can generate 72 million fake clicks in a single day! And advertisers are paying for every one of those clicks.

Online Ads Are Easy Targets

Online advertising is a fraudster’s heaven, and even the savviest advertisers lose millions of dollars each month.

So what makes ads so easy to target?

For one thing, advertisers often have no idea fraud has even occurred. Typically, advertisers only get standard metrics on their ad campaigns, like cost per lead and conversion rate. There’s no way to detect ad fraud or to know just how much it cost you because it’s just rolled into the cost of acquiring real customers.

Also, ad networks don’t ask a lot of questions when a new ad publisher registers their site. Usually the ad network only asks for a publisher’s basic traffic, engagement, and demographic stats, and that’s it. Then the publisher gets the code that will allow them to present ads from the ad network inventory. The ad networks have nothing to lose—if the publisher generates clicks, it’s a win. If not, the ad server will push the ads elsewhere.

Finally, those same ad networks actually benefit from ad fraud. They get paid for each click or impression, regardless of whether the ad is served to a real person or a fraudulent bot. So eliminating 36-50% of those bad clicks would negatively affect their bottom line.

What Advertisers Can Do About Ad Fraud

Few substantial and scalable solutions exist for ad fraud.

Ad fraud detection companies such as Telemetry, Forensiq, White Ops, (recently acquired by Google), and SimilarWeb’s Traffic Guardian use several approaches, including comparing visit patterns with known behavior, monitoring malicious software, proxy unmasking, device verification, and manipulation recognition.

For instance, an algorithm can determine whether a website is legitimate or fraudulent by comparing the way real people are using that website to actual online behavior. Advertisers can view that data themselves, which can help them decide whether one of their publishers needs to be red-flagged, or even rejected immediately.

Unfortunately, the outcome of the online ad game will not decided by a knockout. New technologies and state-of-the-art algorithms are continually being developed both by fraudsters and those trying to fight them.

And while it’s promising that agencies and publishers have started talking about the problem, advertisers have to be involved, too. After all, they’re the ones with the most skin in the game.

 Image via Shutterstock user Inozemtsev Konstantin