Digital Advertising Fraud

The most efficient way to host advertising on web pages or social media is through some form of programmatic advertising.  The owner (publisher) of the site sells space to an agent who will fill it with adverts.  The publisher will receive revenue based on click-throughs from the advert or possibly just page impressions.  The agent will be using programmatic advertising to serve adverts that are most appropriate to the audience of the host page, these are more likely to be clicked on and should earn the agent and host the most commission.  The advertising organisations bid for page space on a ‘Cost Per Mille’ (CPM) model; paying for sets of 1,000 impressions.  One of the simplest solutions would be Google AdSense.

This methodology should benefit everyone except perhaps the humble web surfer who will see pages padded with adverts.  The advertiser optimises revenue with adverts targeted to an audience that is most likely to click onto them.  The host does not have to search for appropriate advertisers and is assured that whatever is hosted will have a good chance of generating revenue.  It is no surprise that ways have been found to make money out of the system at the expense of the various bodies involved.

Although the programmatic advertiser should be doing everything possible to prevent their system being exploited or compromised they are in the business of making money from a large number of relatively small transactions. They cannot monitor all of these in detail and will be relying on their software algorithms and the vigilance of their users to keep the system efficient. Any organisation hosting or paying for web and mobile adverts through a computerised delivery system needs to consider the checks and balances in place. They also need to make use of them. The service should provide reports of activity and allow the consumer to make changes on what they host or where. If the wrong messages are appearing on the wrong sites then neither host nor creator will be getting the income or leads they expect from the deal. These issues may be apparent from the URLs where adverts are hosted or the company names of advert creators.

At the front end scammers will create pages whose prime purpose is to host adverts, collect clicks and their revenue. The content of these pages is not going to be of high quality. It might be copied or computer generated. The ‘better’ examples will be constructed to maximise their Google search rank. Another trick is to use look alike URLs. These will all pull traffic away from high quality original content, frustrate the reader and make it harder for genuine creators to get their message across. Original corporate creators may use some degree of click bait content to attract visitors and promote their business model but will need to set a standard above the fraudulent host sites to keep visitors on their pages.

If the advertising contract is paying by impression rather than click through all the fraudster needs to do is convince the contractor to display an advert. Here is an incentive to display as many adverts as possible with the ultimate extreme being pixel stuffing; reducing the dimensions of each advert to a single pixel. Clearly the author of these adverts is not going to see any click through traffic. Website hosts that are paid by the click can take advantage of click fraud by sending automated clicks to their adverts and pull in the cash. These types of scam not only provide income from their websites but also harm the advert creator as they will be paying for content that will not be converted to income.

The genuine website host is not immune to the fraudster if they rely on automated advert engines. There is some control over the subject of the advert but as this is largely algorithm based there could be unfortunate exceptions with improper placements. The host is at the mercy of the programmatic engine and this could pick up malware. This has been coined the label malvertising and results in compromised adverts hosting malware appearing on the host’s website.

Costs per impression can seem reasonable but with enough traffic they do add up.  The expected conversion rate will never be high but by allowing scammers to hijack the system users are paying for nothing.  In addition fraudulent content can affect the user’s opinion of the brand and its Internet presence.  Relying on the programmatic advertising engine to sort it all out is not enough.  The process needs to be audited and any advertising plan modified to maximise its effect.

More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus