The average individual ad fraudsters make $5-20 million dollars a year. The average ad fraud corporation pulls “many multiples of that,” says TrafficGuard chief operating officer Luke Taylor.
In other words: more than most drug dealers.
Estimates on how much ad fraud costs are all over the map. Juniper Research says that digital ad spend will hit $520 billion by 2023. But Juniper also says the fraudulent component of that spent hit $42 billion last year. With these kinds of numbers, you know it’s not just script kiddies in a basement somewhere. In fact, Google just kicked Cheetah Mobile, a half-billion-dollar company with stock traded on the NYSE, off Google Play, citing “mobile ad fraud” in an accompanying statement.
I dove deep into mobile ad fraud in my latest Tech First Draft podcast with Taylor, an ad fraud prevention expert.
Ad fraud ranges from app install farms, which feature hundreds or thousands of smartphones on which people click ads and install apps endlessly, to electronic simulated versions of the same thing, to sophisticated spoofing of ad measurement platforms, Taylor says.
And some uses malware infecting our own computers to spoof domains like Forbes.com or the NYTimes.com, so advertisers think they’re buying premium ad inventory.
“This type of malware resides on people’s local computer and then as they navigate through different websites it’s able to change up the domain,” says Taylor. “So a site that is not premium can be represented as one that is, or a site that’s just covered solely in ads says that it’s the New York Times.”
Some old-school tricks still work too, like cookie stuffing.
Cookie stuffing, Taylor explains, is setting small bits of code in your browser that say you’ve visited a website that in fact you haven’t. Retailers like Amazon might look for cookies that indicate that a sale happened because of a click on a affiliated partner who drove the customer to the point of purchase, and when they find it, reward that affiliate with a bounty or commission.
Cookie stuffing gets the commission without having to do the work.
Ad stacking is another oldy but goodie in the fraudster’s bag of tricks, both on the web and in mobile apps.
“There’s some apps that we’ve been looking into lately and within three seconds of opening the app you get ten ads,” Taylor told me. “A couple of those are full screens just overlaid over themselves … when you’ve got a website that’s only got a certain amount of space to display ads, if you want to increase the amount of ads that you can display to a user you just put ten of them in the same spot. You know that the consumer is never going to see the other nine, but they still charge for them nonetheless.”
Naturally advertisers have gotten more sophisticated over the past decade and use multiple verification systems, like TrafficGuard, to ensure that their ads are being seen by real people on real devices and lead to real impact.
But advertising and ad fraud is an ongoing arms race, with fraudsters continually developing new technology to steal from advertisers.
And, ultimately, from all of us.
If we’re watching free videos online, it’s because an advertiser paid for that to be available. If we’re getting free news on the web, it’s because a brand bought ads, ultimately sponsoring journalists to do their work. And the same is true with free search, free email, free social media, free messaging, free games, and the list goes on …
One of the newer technologies, Taylor says, is bots that pretend to be people and act like people, even inside mobile games.
Think: a bot playing a game and winning a level.
Paid app installs is big business — growing to $118 billion/year in 2022 according to AppsFlyer — and sophisticated app publishers rarely pay just for an install anymore. Instead, they pay for a new user that doesn’t just install the app but actually uses it and does something: beating a level in a game, signing up for an account in a fintech app, or initiating a purchase in a retail app.
Now though, bots do that too.
In fact, that’s where the big money is. Instead of $1, think perhaps $25.
“And then there’s the bad bots and they can range from pretty trivial examples to highly sophisticated bots that can download an application, install it, play the game for days,” Taylor says. “Many of these games might be paying for purchase after level seven, say, and the reward for that is far greater … they might earn tens of dollars for that kind of a conversion and so they’re incentivized to put in this effort.”
Solving this isn’t easy, says Taylor, though using AI to distinguish between good actors and bad actors helps. One in three clicks in pay-per-click display advertising is fraudulent, Taylor said.
Ultimately, however, only removing the economic incentive for fraud will be a complete and final solution. And that is challenging to do, to say the least.
One reason: the complexity of the modern advertising ecosystem.
“The advertising ecosystem has so many layers that the ultimate fraudster at the top of the funnel could be sitting behind many networks,” Taylor says. “So when they get blocked at one they’re still running with hundreds more so they’re not affected as much.”
The entire transcript of our conversation is available on my site.