Is there such a thing as bad traffic? Or bad clicks? Or bad ads? Unfortunately, the answer is “yes”. Digital marketing offers a vast playground to driven and creative marketers. But it also offers opportunities for cybercriminals to commit fraud. Fraud in digital marketing is real.
It may be difficult to spot and stop, but nothing is impossible in modern marketing. Here is what you should know about fraud in digital marketing and about what you can do to protect your digital advertising efforts.
What Is Fraud in Digital Marketing?
Digital marketing fraud consists of the use of fake traffic and engagement to “hijack” advertising traffic for the financial benefit of cybercriminals. Fraud in digital marketing involves spammers using malware or “bad code” to create fraudulent traffic or engagement on ads. The advertising costs paid by the fraud victims go to the fraudsters.
Advertisers create pay-per-click (PPC) campaigns assuming that their ads are viewed by real people that fit their target demographic. Unfortunately, they are sometimes wrong. According to our research, almost half of internet traffic is driven by bots.
While some of these bots are “good” bots, like Google’s crawlers, a vast majority of them are “bad”. Bad bots are designed to pose as real human traffic. The ultimate purpose of bad bots is to help spammers or fraudsters “steal” advertisers’ campaign budgets.
The Propensity of Fraud in Digital Marketing
The worldwide digital ad market is huge. According to a recent Statista report, Google's 2020 revenue from Google Ads was $146.92 billion. As more companies are investing in digital advertising, more cybercriminals are trying to take advantage.
Here are some more worrying statistics about fraud in digital marketing:
- The cost of ad fraud is expected to grow to $44 billion in 2022. (Statista)
- 17% of all PPC clicks are estimated to be click fraud. (ClickGUARD)
- The global fraud detection and prevention market is expected to reach $92.3 billion by 2027. (Vynz Research)
- 56% of impressions served across Google’s display advertising platforms aren’t viewable for the users. (Google)
8 Types of Fraud in Digital Marketing
Cybersecurity and digital fraud are never easy to identify and stop. To complicate things even more, fraud in digital marketing comes in different shapes and sizes. And it’s getting more complex every day.
Depending on how it is implemented, however, there are a few features that can help differentiate between different kinds of fraud. Here are 8 common types of fraud in digital marketing:
Domain spoofing is a type of digital ad fraud that involves disguising one website as a different, more valuable one. Through domain spoofing, cybercriminals trick advertisers into paying more for advertising space. As the website is seen as valuable, advertising costs are set higher.
Traffic from the spoofed domain may not match the kind of traffic that the website should be getting. This is one way to identify domain spoofing. Another sign could be that the publisher is not selling ad space in real-time bidding (RTB) auctions. Any other kind of inconsistent information, like the site using a different email domain, can be a sign of domain spoofing.
Click spamming is a kind of mobile ad fraud that happens through mobile apps or mobile web pages. Usually, the unsuspecting user will download a mobile app that is infected with a piece of “bad” code or malware. This code will make the app click ads in the background, while the app is in use. Often the user doesn’t even get to see the ads that are being clicked.
For the user, it is very difficult to identify such a fraudulent app. However, click spamming can often lead to a high amount of clicks in a low amount of time. These clicks most likely will not convert. This can be a sign that a certain mobile website or app is actually click spamming.
Similar to click spamming, this ad fraud involves cybercriminals putting malware on user devices. However, click injection is somewhat more sophisticated. Instead of just automatically and continuously clicking on ads, this method uses a ‘just in time’ method of clicking.
The infected apps generate clicks on ads, such as Facebook ads, banner ads, or Google Ads. As in the case of click spam, this method inflates the spending on those ads so that the cybercriminals get paid more for ad clicks.
In this case of digital ad fraud, fraudsters create a small advertising display that a user never actually gets to see. This is usually a 1x1-pixel area. Using this method, a single web page can display hundreds of “invisible” ads.
This kind of digital marketing fraud is meant to take advantage of marketing campaigns that target a high number of impressions. Since the advertiser pays for impressions, the fraudster can receive credit for dozens or even hundreds of display ads at once.
Of course, pixel stuffing does not produce any other kind of results. Clicks and conversions will never happen since the users don’t get to actually see the ads.
Ad stacking is rather similar to pixel stuffing. The difference is that this fraud method doesn’t use pixels, but real ads. The ads aren’t invisible, but they are “stacked” one on top of the other in the web browser. The user only sees one of the ads, but the fraudsters can claim credit for all the stacked ads.
The goal of ad stacking is to display more ads to visitors at the same time. This then artificially grows the number of impressions. This of course works in the case of display ads.
Through ad injection, cybercriminals insert ads in places where they shouldn’t actually appear.
This is done through browser extensions, plugins, and malware. The ads either appear illicitly or replace other ads.
When people click on one of these “injected” ads, the fraudster gets credit for the click, even though he doesn’t own the website used as placement.
Another fraud in digital marketing is geo masking. This happens when a fraudster hides the location of the leads they generate. This method involves spoofing the IP addresses of the leads they generate to make them look more valuable.
This type of ad fraud is aimed at advertising campaigns that target different locations or that have different budgets for different locations. The cybercriminals will spoof the IP addresses so that they increase their earnings.
Can Digital Marketing Fraud Be Stopped?
Fraud in digital marketing can have a series of negative effects on advertising campaigns and businesses in general. These effects include:
- Wasted budgets on fake traffic, clicks, or leads.
- A bad reputation: if the ads appear on irrelevant or spammy websites.
- Bad metrics: when fake traffic and engagement are registered as legitimate.
- Bad business decisions: if the advertiser uses the “spoiled” metrics, this can affect all marketing decisions and their business in general.
While it is difficult to completely stop fraud in digital marketing, efforts are being made. Advertising networks try to detect fraud and eliminate bad platforms. But these efforts are of course limited.
As a digital marketer or business owner, you need to acknowledge that fraud in digital marketing is a real problem. Constantly monitoring your campaigns to identify unusual traffic and engagement patterns is a must. Any sudden change in traffic or suspicious activity - like a high amount of traffic with no conversions - can be a sign of fraud.
As a next step, you can choose to invest in fraud detection and blocking mechanisms. At ClickGUARD, we offer our users an advanced, automated system meant to help them block all kinds of wasteful, invalid, and bot-driven clicks -- all at the flick of a switch.
Fraud in digital marketing is a real problem. And it’s here to stay. Even though companies are aware of the dangers of digital fraud, it is very difficult to completely stop it; cybercriminals are very adaptable and ingenious. The best protection is education, constant ad monitoring, and taking swift action in case of fraudulent activities.