Secure 2024: Forrester Wave™ Q2 2022 Showcases Leading Bot Management Solutions

What is

AD FRAUD?

Human-Ad Fraud-Header Image@2x
Ad fraud is when cybercriminals deploy bots to exploit advertising platforms and advertisers. Because bots are capable of defrauding real people, publishers, and most devices—from desktop and mobile to other emerging ecosystems, such as Connected TV (CTV)—this type of fake activity can be both extremely difficult to detect and frustratingly pervasive. Monitoring and disrupting ad fraud has become a major priority for many marketers, so that they can ensure that their ad spend is going toward real customers and defend themselves against security threats, brand erosion, and much more.

How does ad fraud work?

Ad fraud comes in many different forms and levels of sophistication. Here are some of its main methods.

Cybercriminals seeking financial gain through ad fraud use malicious bots that mimic the behaviors of real users. This means that ad fraud has many different forms and levels of sophistication. 


The many different types of ad fraud can be bucketed into two categories: device-driven fraud and content driven-fraud.

Human-Ad Fraud-Device driven fraud@2x
Device-driven fraud
Cybercriminals use computers, servers, phones, and more to spoof advertisers by faking real ad impressions, utilizing bots hidden within these user devices to mimic typical human behavior on websites or to otherwise impersonate real devices.

This type of bot activity, known as sophisticated invalid traffic (SIVT), is highly advanced and often starts with a publisher commissioning a third-party traffic provider to rack up clicks. Those providers occasionally subcontract the work out to fourth- and fifth-party aggregators—which is where, typically, malicious bots have infiltrated.
Human-Ad Fraud-Content driven fraud@2x
Content-driven fraud
Content-driven fraud, which is slightly more complex, uses fake sites and apps to sell space to advertisers who think their ads will be reaching human eyes. This is mainly achieved on “ghost sites” or “cashout sites,” which are visited by bots who facilitate the fake impressions. 

Sometimes, cybercriminals will also counterfeit, or “spoof,” reputable websites and brands. Because the malicious actors behind such schemes make these requests look nearly identical to those from the reputable website, it becomes difficult for advertisers to differentiate, meaning fraudsters earn a higher cost-per-click for ads that will earn no human impressions.

As technology evolves, cybercriminals do, too, and emerging formats such as CTV have become recent targets. Sophisticated bots are impersonating CTV devices, soliciting advertisers, and then selling these expensive impressions. Cybercriminals often attack these CTV ecosystems through SSAI spoofing—where ads are delivered, by way of proxy servers, in tandem with the video content so that the viewing experiences appear seamless. 

In mobile advertising, meanwhile, there is the problem of app spoofing: the creation of fake apps to serve exclusively as a space for ads and even using a device to commit additional types of fraud, such as device impersonation.
Human-Ad Fraud-Do fraudsters make money@2x

Do fraudsters make money from ad fraud?

In short, yes. And a lot of it.

Fraud is a multi-billion dollar industry. With every new ecosystem that enters the market, the opportunities for cybercriminals grow. In recent years, the advertising industry has made significant inroads in their fight against fraudulent activity—with improvements in built-in fraud prevention measures and many other third-party security tools. With this increase in cybersecurity defenses, the cost and risk of crime has also increased, dissuading many would-be fraudsters from pursuing this particular method of cybercrime. However, increased protections have given way to more advanced evasion tactics from cybercriminals, as malicious actors continue to adapt to avoid detection.
Human-Ad Fraud-How does ad fraud impact@2x

How does ad fraud impact advertisers?

From revenue leakage to brand erosion, ad fraud has a major and lasting impact on many advertisers.

Ad fraud is a loss for publishers, users, and advertisers. Among these victims, however, advertisers are often the hardest hit. Through the malicious activity of these sophisticated, difficult-to-detect bots, a single advertiser can lose thousands, if not millions, of dollars to ad fraud every year. When bots rob ads of real, human impressions, an advertiser’s reach is severely impacted, with some of the highest risk in new and emerging ecosystems like mobile and CTV. Just take a look at a couple of recent botnets shutdown by HUMAN:
  • PARETO: Affecting nearly a million Android phones, this botnet generated an average of 650 million daily bid request by spoofing more than 6,000 CTV apps.
  • TERRACOTTA: Upwards of 65,000 unwitting participating devices were embroiled in this ad fraud operation, which spoofed more than 5,000 apps and faked over 2 billion bid requests, tempting users with a false promise of free sneakers.

As bots have become more sophisticated, it’s harder to determine what is a bot and what is not, which can derail advertiser insights into budget, customer base, and product design.

How does HUMAN fight ad fraud?

Empowered by our collective protection approach, HUMAN is on a mission to disrupt the economics of cybercrime.

HUMAN believes that the best way to dismantle ad fraud is to disincentivize it. Our cutting-edge detection methods help ensure that committing ad fraud has real and lasting consequences. We verify more than 15 trillion digital interactions every week and can give our clients insight into the difference between human and bot traffic patterns with just a single line of code. Receive multilayered protection through our leading ad fraud product:

  • MediaGuard
    With this tool, we help ad tech platforms, media owners and advertisers gain context into each impression, even before the bid; cross-referencing our findings against our global detection knowledge base in order to identify ad fraud within milliseconds. Advertisers can utilize MediaGuard to provide insight into and protection against even the most dynamic bots, across any device or ecosystem.
Human-Ad Fraud-9.49 percent
Our approach gets results,

both big and small.

In 2016, for instance, we took down Methbot, at the time the world’s largest ad fraud botnet, whose ringleader, the self-proclaimed “King of Fraud,” was recently sentenced to 10 years in prison. Since that exhilarating success, we’ve invested even more deeply in our belief in collective protection with the formation of the Human Collective – a group of more than 25 industry leaders who come together to fight ad fraud.

Read this next: