As it turns out, ad fraud knows no strangers.
A comprehensive study by the Association of National Advertisers, focusing heavily on bot traffic, illustrated the extent to which a surprise group of publishers were part of the ad fraud game.
Previously thought to be above the fray when it comes to ad fraud, it was discovered that a large percentage of it occurred on premium publisher sites.
Traffic from premium publishers consists of almost 20 percent bots. While much of that can be linked to sourced traffic, often it’s the publishers who are victims of ad-fraud attacks, according to the study which was released by the ANA in conjunction with WhiteOps, a platform for reducing fraud traffic.
One of the top methods used to attack a website and use its legitimate traffic for fraud was ad injection, when a browser plug-in “inserts” ads into publishers’ sites, without permission and without payment to those publishers. To a buyer that has whitelisted a particular domain, it looks like that domain’s inventory when, in fact, it isn’t. In many cases the ad may be hidden — a pop-up/under, an overlay, etc. — and the performance (or lack there of) is credited to that domain though the publisher of that domain has no control of or benefit from the impression(s).
One case study showed that more than 500,000 ads were injected daily on a top-tier publisher’s site. Ads were found to have even been injected on subscriptions-based sites that promise an ad-free environment for users.
Injected ads also ruin the user experience, cause slower load times, and deliver an overabundance of ads (often highly-intrusive to the user). This type of ad injection is just as bad (if not worse) for the user as it is for the publisher, especially considering the infection is often rooted in the user’s computer.
“(These) ads were displayed using malware illicitly installed on residential computers,” the report stated. “Victims of malware-driven ad injection inadvertently expose private information. Malware-driven ad injection software on the victim’s computer allows potentially malicious, unknown actors to gain access to personally identifiable information (PII), including browsing history, interests, and financial information.”
Publishers receive no money for ads injected on their site, as the payment for those served ads goes instead to the operator of the malware.
One way publishers can protect themselves is through the use of true domain technology, which “identifies the actual domain on which an ad displays, rather than the domain reported by the ad server, which can be falsified,” the report said.
Copying content from premium sites and selling ads around that content is another form of ad fraud that harms publishers, where fraudsters set up bogus sites with stolen content that still manage to get some amount of human traffic (along with sourced traffic that also can include bots). Of the most bot-trafficked sites in the study, 22 percent were found to have had duplicated content. Fraudsters set up a website, and can sometimes rip off a legitimate publisher’s content in bulk in order to draw search traffic away from the original publisher. Ads are served on that site, to bots and humans alike, and the ad revenue goes to the thief instead of the original publisher of the work.
The first step in protecting yourself from this type of fraud is to be aware if your content is being stolen. Hubspot has a great rundown about ways to find out. Taking it a step further, KissMetrics illustrates ways you can combat content theft.
Download a copy of the full report here.