Ad networks have become an integral part of the digital advertising landscape. They allow advertisers to reach their target audience across a wide range of websites while providing publishers with a way to monetize their content. However, there are concerns about how ad networks serve ads, make money, and the potential for ad fraud and device hijacking. Digital Ad Fraud is estimated to cost brands around $44 billion in fraudulent activities in 2022, reaching up to 45% of the total ad spend. Long story short, countless ad networks are involved in fraudulent activity, immensely damaging to the industry as a whole and here we’ll try to explain how this got to be such a dangerous ground for brands.
Table of Contents
How Do Ad Networks Serve Ads?
Let’s start with how ad networks serve ads. Ad networks work by partnering with publishers and advertisers. Advertisers launch ads on the network, which then serves them to the publisher’s website or app. Ad networks use various targeting methods to ensure the ads are shown to the most relevant audience. This can include demographic targeting, behavioral targeting, and contextual targeting. 
How Do Ad Networks Make Money?
Ad networks make money by taking a cut of the ad revenue. Typically, the advertiser pays the ad network on a cost-per-click (CPC) or cost-per-impression (CPM) basis, and the ad network pays the publisher a portion of that revenue. The ad network takes a percentage of the revenue as their fee. Some ad networks also charge fees for services such as ad optimization and fraud prevention.
So, What is Ad Fraud?
Ad fraud involves ad networks exaggerating impressions, clicks, or conversion data to gain a financial advantage while squandering the advertiser’s money. The activity encompasses a wide variety of dishonest practices in internet advertising. This can result in advertisers paying for ads that were never actually seen by a human. Examples of ad fraud include click farms, bot traffic, and ad stacking. Ad fraud not only harms advertisers but also damages the credibility of the entire industryCybercriminals who work alone or in groups can perpetrate ad fraud. No matter who is responsible, the outcome is always the same: businesses squander money on ads that the target consumers do not see.
Do Ad Networks Hijack User Devices?
One concern around ad networks is the potential for device hijacking. This occurs when an ad network serves an ad that contains malicious code, which then takes over the user’s device. This can result in anything from annoying pop-ups to serious security breaches. While there have been instances of ad networks inadvertently serving malicious ads, the industry has taken steps to combat this issue. Many ad networks use advanced fraud detection tools to ensure that only safe and secure ads are served to users. Yet, ad fraud is still a significant issue in the industry.
Examples of Fraudulent Ad Network Activity
Ad fraud is also known as invalid traffic (IVT) because it generates activity that doesn’t originate from a real user. There are two kinds of IVT:
- General invalid traffic (GIVT) can be detected using standard filtration techniques like lists or other common tests.
- Sophisticated invalid traffic (SIVT) is only detectable with multi-point collaboration, advanced analytics, and/or human intervention.
Here are some of the SIVT tactics employed by ad fraudsters:
- Domain Spoofing
- Click Fraud
- Cookie Stuffing
- Click Injection
- Pixel Stuffing
- Ad Stacking
- Ad Injection
- Geo Masking
- Bots/Non Human Traffic
Most fraudulent ad networks use a combination of these tactics together to defraud advertisers. Let’s examine a couple of high-profile cases.
The Methbot Scandal
Uncovered in 2016, the fraud involved a group of cybercriminals who created a network of fake websites and bots to generate fraudulent views and clicks on video ads, resulting in advertisers paying for non-existent views. The Methbot fraud scheme was highly sophisticated, with the criminals creating thousands of fake web domains and using data centers to make it look like the traffic was coming from legitimate sources – a mixture of both geo masking and a sophisticated example of domain spoofing. The operators of Methbot used a network of proxies and fake IP addresses to hide the fact that the ad views and clicks were actually coming from servers located in data centers in Eastern Europe. The use of these proxies and fake IP addresses allowed the scheme to evade detection and make it appear as though the ad views and clicks were coming from legitimate U.S.-based users. At its peak, the scheme reportedly generated between $3 million and $5 million in daily fraudulent revenue.
3ve
The 3ve ad fraud scheme was a complex operation that involved multiple types of fraud designed to deceive advertisers and steal their ad dollars, including ad stacking, pixel stuffing, domain spoofing, bot traffic, and faked clicks and installs. 3ve was involved in a botnet of over 1.5 million infected computers and mobile devices. The scheme worked by creating fake websites that appeared to be legitimate and then using the botnet to generate traffic to those sites. The traffic was then sold to advertisers, who believed that their ads were being viewed by real people. However, the traffic was actually generated by bots that clicked on the ads and made it appear as though they were being viewed by real users. This made it challenging to detect the fraud as the bots seemed to behave like humans. These cases are two high-profile, very lucrative ad fraud schemes that were eventually spotted, and the perpetrators (both were actually run by the same group) were charged and ordered to pay out to the FTC. However, while these schemes included an eye watering amount of money, they represent just the tip of the iceberg regarding the disingenuous agents in the digital ad space.
The Cost of Ad Fraud
A study by Forrester found 69% of brands spending $1 million per month reported that at least 20% of their budgets were being lost to digital ad fraud. In 2018, Adobe found that potentially 28% of web traffic came from bots or other non-human actors in a sample of their thousands of client websites. Based on this finding, one commentator estimated that the total cost of ad fraud might be as high as $66 billion. In 2022 and 2023, while many believe AI and blockchain technologies can help prevent ad fraud, the fact remains that estimates are still extremely high for the overall cost of ad fraud.
So, should you trust whatever your ad network is reporting?
Ad networks play an important role in the digital advertising ecosystem, but it is essential to approach the data they provide with a healthy dose of skepticism. This is especially true in cases where the reported numbers seem too good to be true or defy basic logic. Let’s take a look at a clear example. This is a real situation that happened with one of our clients: their target country (South Africa) counts 60M people. Basic math would indicate the ad network should not generate 90M clicks/month which unfortunately happened and we were fast enough to detect it. According to the ad network, we have been getting a whole country clicking on our ads, every month. By cross-checking information we found that according to DataPortal’s Digital 2023: South Africa report, more than a quarter of the country’s population still does not have access to the internet. Ad networks didn’t stand a chance in explaining how that type of CTR was possible and we ended up pausing advertising. As campaign managers, it’s mandatory to be able to recognize when you are being a fraud victim. No matter how good the post-install or post-click conversion looks like – if your ad network is doing that, it is believed to be a fraud, because publishers earn money on CPM basis.
How do publishers make money?
Publishers get paid on a CPM basis, so a publisher places an ad on their website and when a visitor sees it, they earn some money. Pretty simple. Here is when it gets complicated, when ad networks send 100 million clicks to an app and those clicks generate a $1 CPI then we need to ask ourselves; How many impressions were needed to generate such clicks, and how high was the CPM when the CPI is just $1? If the CPI is low then the CPM is low, but how would the publisher make money in this case? Let’s look at an example: Your ad gets 1.000.000 clicks at 1% CTR, which means your ad got 10.000.000 Impressions. If we assume that your CPI is low – 1$ for example – and only 50% of those clicks end up installing the app. This would cost you 500,000$ and will generate 500,000 installs. But how much did the publisher make? Well, if the CPI is 1$ then the CPM can be as low as 0.5$ which translates to 5,000$ in revenue to the publisher. Doesn’t add up because the publisher still has salaries to pay, expenses…etc and if they make 5,000$ on 10,000,000 impressions then they will be out of business soon. Imagine how many users you have to motivate to open your app every day to generate 10M Impressions – those users have to get acquired somehow as well plus we used a 50% conversion rate from click to install – a regular conversion rate is maybe much lower, meaning the actual revenue is even below $5000. Now, this looks like a fraud, publishers would never serve 10 million impressions to get only 5,000$ but actually, the fraud is from the ad network’s side. Your app didn’t get 1,000,000 clicks but way less than that regardless of how good your post-install metrics look. In situations like this, our recommendation as digital marketing experts, is following these steps:
- Validate and cross-check the data: Always validate the numbers provided by your ad network by comparing them with industry benchmarks and your own internal data. Look for any discrepancies or unusual patterns that could suggest fraudulent activity.
- Investigate the ad network’s reputation: Research the ad network’s history and reputation in the industry. Check for any red flags or past instances of fraudulent behavior. Look for reviews and feedback from other advertisers who have worked with the network.
- Use third-party tools and services: Partner with third-party ad verification and fraud prevention services to analyze and validate the data provided by your ad network. These services can help you identify and mitigate the risks of ad fraud.
- Request transparency and detailed reporting: Ask your ad network to provide more detailed reporting, including data on impressions, clicks, conversions, and other relevant metrics. This will enable you to better understand the performance of your campaigns and identify any potential issues.
- Maintain open communication with your ad network: Establish open lines of communication with your ad network and discuss any concerns or issues that you may have. If the ad network is unwilling or unable to provide satisfactory explanations for discrepancies in their reporting, consider pausing your advertising activities with them.
Conclusion
In conclusion, while ad networks are an essential component of the digital advertising ecosystem, it is crucial for advertisers to be vigilant and proactive in verifying the data they receive. By taking the necessary steps to ensure the integrity of your advertising campaigns, you can protect your advertising investment and maintain the trust of your target audience. 
