When Elon Musk decided to drop the idea of acquiring Twitter over purported under-reporting of fake accounts due to the use of bots recently, the news grabbed the attention of the entire world for multiple reasons. No matter how valid (or invalid) his points were, Musk backing out of the $44 billion Twitter deal and his accusations about ‘spam’ bots/accounts accentuated the menace of advertisement fraud, which has been haunting marketers and advertisers for the past several years now.
According to industry pundits, advertisement fraud or ad fraud is amongst the biggest challenges that the digital advertisers are facing today. Ad fraud is done by creating fake ad engagement using malicious tricks and exploiting techniques to mis-report the performance with the sole objective of jacking up KPIs as well as the ROAS (return on advertising spends). It can be done by creating fake ad traffic, getting bots to click on the ads or creating fictitious mechanisms to deliver ads that are not seen by the consumers.
As per a latest report by mFilterIt (a global digital and advertising fraud detection and protection company), the overall digital advertising spends in India is around Rs.27000 crores, and ad spends wastage due to ad fraud is around Rs.3500 crores. They estimate that by 2026, digital advertising spends in India will be over Rs.46000 crores, and ad spends wastage due to ad fraud would be over Rs.6300 crores.
What is ad-fraud?
Ad-fraud is made possible by creating fake ad engagement using malicious tricks and exploiting techniques to mis-report the performance with the sole objective of jacking up KPIs as well as the ROAS (return on advertising spends).
How serious is the menace of ad-fraud in India?
Overall digital advertising spends in India is around Rs 27,000 Crores, and ad spends wastage due to ad-fraud is around Rs. 3,500 Crores.
By 2026, digital advertising spends in India will be over Rs 46,000 crores and ad spends wastage due to ad-fraud would be over Rs 6,300 crores.
Dhiraj Gupta, CTO and Co-Founder of mFilterIt says, “As the digital advertising industry grows, brands are inclined to invest in huge ad spends. For a fraudster, it is the perfect opportunity to get lucrative benefits by scamming or stealing the invested ad spends of the brands. The ad fraud techniques are easy to commit and that makes it a perfect scam.”
Gupta believes that to understand the problem of ad fraud, the marketing teams need people with deep insights for analysing the data. He says, “Brands and agencies are now majorly focused on the creation and planning of the creative aspects of digital advertising. With the help of these data scientists, they can understand the discrepancy in the data caused by ad fraud practices. Also, with awareness on the issue, they can be the prompters for taking the right measures.”
Vishal Rupani, Ex Co-Founder & CEO, mCanvas, says, “Globally, it is estimated that 30%-45% of all digital advertising traffic is fraudulent. As per one India-specific report, 62% of all digital ad fraud occurs on mobile.”
According to Rupani, ad fraud is an online epidemic driven by the pandemic. “Covid-19 has resulted in a surge in digital activity, as people are spending relatively more time online for work, school, and entertainment. More eyeballs online means more ad spends, and when spending increases, fraud almost always follows,” he says.
“Several brands are moving large monies from traditional media to newer digital channels such as DOOH, CTV, and Programmatic, which have less mature fraud-prevention mechanisms. So, to manage the advertising budgets optimally across various media has increasingly become a tough job for the CMOs,” he further says.
Shradha Agarwal, Co-Founder and CEO of Grapes says that ad fraud can affect a company’s bottom-line in different ways. “For example, I am spending Rs. 100 on marketing, and out of that Rs. 30 has gone to waste. So, that Rs. 30 would have gotten me some kind of conversion in revenue. That means I have lost both profit and revenue.”
“It’s also about reaching out to the right users or TG. To cite another example, I am spending a certain amount of money to reach out to the TG, and to create awareness about my product among them. But if the ad is not reaching the TG because of ad fraud, there will be no awareness about the product and I am going to lose revenue. It might be a minute percentage of the overall company, but this definitely affects its bottom-line,” she says.
To tackle the menace of ad fraud, Agarwal suggests four measures. She says, “The first approach is to put a third party to track where the ad spends are going. Second, if there is any kind of spillage that happens in terms of the target audience that was given to the media publisher who’s running my ads, then I should be compensated for that. I should not be paying for that. Third, we should get better value ad deals. For example, if I am buying media for Rs.100, I should figure out a way to say that, on average, the spillage is about 20% to 30%. I would like to have a 30% value add to my overall deal. Fourth, in digital specifically when you’re working on the lower funnel, we should focus on driving sales. It’s like, I only pay you when I get X amount of sales for the organization. So, that is something that we can look at.”
So, who are the actual culprits in ad fraud?
Vishal Rupani, Ex Co-Founder & CEO, mCanvas says, “Ad Networks, Publishers, and (Brand’s) Competitors are the main perpetrators of ad fraud across the digital advertising ecosystem. Each of these fraudsters above has a different reason for doing it, be it to earn some money or to hurt a rival. No matter who engages in the fraudulent activity, the end results for the brand are the same – negative ROI, depleted budgets and inaccurate data.
“While most brands and agencies acknowledge the problem, very few of them proactively deploy resources to identify and combat the menace. Typical excuse is - ‘Ad fraud is a given in digital advertising.’ So, the best way to deal with ad fraud is to accept that it is the part and parcel of doing business and moving on,” he adds.
Even as ad fraud is widespread and the awareness on it is also increasing these days, the culprits never seem to be deterred, especially in India. Dhiraj Gupta, CTO and Co-Founder of mFilterIt says, “As far as ad fraud is concerned, there are no specific regulations or punishments for criminals in India. Therefore, it is growing at a rampant volume across the digital marketing ecosystem.”
He explains, “The cyber laws in India are majorly restricted to cyber security, money laundering, data theft, etc. Even in Europe, there are no specific laws for ad fraud. Unlike these countries, the USA has certain laws and lawsuits developed regarding this issue.”
A Google spokesperson told IMPACT, “Our dedicated Ad Traffic Quality Team uses live reviewers, automatic filters, machine learning, and deep research to detect and filter as much invalid and fraudulent activity as possible. Our global and diverse team of PhDs, data scientists, engineers, and researchers constantly monitors and analyzes traffic to prevent advertisers from paying for invalid clicks, impressions, views, or interactions, and stops publishers that generate invalid activity from receiving undeserved advertising income. Our efforts protect advertiser spend, enabling advertisers to maximize the return on their investment, while also ensuring that legitimate publishers have a level playing field that increases their chances to monetize their valuable content.”
The Spokesperson adds, “Our automated detection systems use machine learning and complex algorithms to protect our partners and keep our ad platforms clean. We also manually review suspected cases of invalid activity that may not have been detected by our automated systems. Whenever we find unusual traffic, or an advertiser or publisher raises a valid concern, our team investigates the data and makes a decision or creates a new filter. Our team uses advanced research to uncover sources of invalid traffic and to develop solutions to keep them from entering our networks and platforms.”
Sachin Sharma, Director – LinkedIn Marketing Solutions, India, says, “Our advertising policies clearly prohibit fraud and we actively work to enforce them, using technology like artificial intelligence paired with teams of experts to protect our members and brands. We continue to invest in new ways to help stop and prevent abuse, and are committed to creating a safe and trusted experience for members and for brands who choose to advertise on LinkedIn.”
LinkedIn claims that their automated defences blocked 96% of all fake accounts they stopped during the July - December 2021 period. They are continuing their investment in manual and automated defences to prevent or remove malicious accounts from LinkedIn.
A few months ago, Elon Musk decided against acquiring Twitter over the alleged under reporting of fake accounts due to the use of bots. It raised a big concern on how advertisers are basically paying for bots camouflaged as viewers. While Twitter didn’t address IMPACT’s questions on fake bots, their spokesperson mentioned, “At Twitter, providing a safe and healthy service to everyone is one of our top priorities, and we have been working towards that end through policies that lead, products that protect, and partnerships that drive industry-wide change.”
Shradha Agarwal, CO-Founder & CEO- Grapes says, “Both Google and Facebook share the same benefits/compensation for advertisers when it comes to fraud/invalid activities. On Facebook, the fraud is either detected by advertisers or the system identifies itself. If there are issues with the delivery of impressions for which decisions are made on a case-by-case basis, refunds are made to the advertiser account as ad credits, which are used in the account on a regular basis while running their campaigns.”
Umesh Shashidharan, Media Director at FoxyMoron says that the discovery of ad fraud is also increasing because the brands are getting smarter now and are spending on technology. “For example, previously a brand was spending Rs. 1 crore on Digital, but was not spending another Rs. 5- 10 lakh, which is required to detect and prevent ad-fraud. Now they have understood that and started spending that extra money. So, by using technology, they are now realising that of Rs 1 crore, 80% was spent correctly and 20% was on ad fraud,” he says.
Brands fight back
From having to tackle malicious bots to click farms to domain spoofing, the problems marketers face while making their content reach the right target audience are plenty, but just as digital adoption has accelerated owing to the pandemic, and the corresponding fraud too, the marketers are also fast on the trail of the online fraudsters by deploying a host of techniques.
Sheena Kapoor, Head - Marketing Corp Comm & CSR at ICICI Lombard says, “We work with large media agencies, and also with a slew of smaller agencies. Now, if I’m going to pay you only on the basis of the quotes that I generate on a policy, I know for a fact that it can’t be fake. For instance, if I get a hundred quotes on travel insurance, I am getting the entire lead of consumers, and I am paying you only if this lead is qualified and legit and valid. Moreover, I have my call centre support team which is contacting them and converting it. So, I can understand whether it is genuine or not.”
“We are not incentivizing agencies on followers, mentions, engagements or on comments. We look at our brand health in terms of the studies that we undertake - how we measure ourselves on awareness, considerations, affinity, preference and a sphere of metrics, both qualitative and quantitative. That tells us how strong our brand is. Having said that, we have deployed a few agencies, who are working on the diagnostics.”
Shashank Srivastava, Executive Director at Maruti Suzuki India Ltd. says that about 30% of the company’s spends on advertising is into digital. Hence, the brand has taken measures to see that this money is not getting wasted. “We are taking a few measures for this. First, we have decided to do a regular check of the keyword lists. It means, you have to refresh the keyword list every time, just to make sure that the brand is safe. Second, we use inclusion lists and other overrides. If you have inclusion lists, then you make sure that only the trusted sites are included in your strategy. Third, we are also leveraging content categories. So, we determine the risk tolerance for commonly evaluated content topics (for example, adult content, terrorism etc.), and accordingly we set our brand safety settings. This risk tolerance is very low for certain content categories. Fourth, we also engage in dialogue with media partners. That is very important because we believe that through the partnership with ethical publishers we can actually prevent ad fraud in the long run. We are also doing a POC (Proof of Concept) with some agencies for preventing ad fraud. That way we are trying to understand how those will operate. But I don’t want to talk too much about that because it is still in the process of finalizing,” he concludes.
Vishal Jacob, Chief Digital Officer, Wavemaker India says, “At Wavemaker we believe ad-fraud shouldn’t be looked in isolation. We encourage our clients to look at all three aspects, i.e., Ad-fraud, Viewability, and Brand safety, to get a complete view. We do this through three key interventions – Machine & Artificial Intelligence, wherein we deploy a third party verification provider who has demonstrated capabilities in AI/ML techniques/models to identify and mitigate various pre-bid and post-bid ad fraud; Human Intelligence, wherein we look at historical data and constantly monitor for deviations in results; and finally, collaborating with industry bodies such as MMA to create awareness and establish guidelines and benchmarks.”
Godrej and Boyce says that they do have an agency that tracks all their brands on a regular basis. Mehernosh Pithawala, Senior VP and Head of Brand and Strategic Insights, Godrej and Boyce says, “With crawlers, we get all the information with respect to what is happening, what others are doing, etc. Irrespective of whether the campaign is run or not, this tracking is conducted regularly. The crawler keeps giving us data with respect to every brand that we have on a weekly basis. Click fraud is something that we are obviously concerned about, on any social media platform. We’ve also come across instances where in a country like Nepal, there is a brand called Podrej. So, it’s a direct intrusion of the Godrej brand itself. So, we’ve taken up those cases also.”
RSH Global says that as far as ad fraud is concerned, their biggest concern is the data acquisition part. Poulomi Roy, Chief Marketing Officer, RSH Global says, “I think there is a concern about the authenticity of data for sure. While we don’t have any key performance indicators (KPIs) for measuring ad fraud, our preventive measures are there. In the quest to grow fast we should not forget the basics of marketing and fall prey to jargon and data. So, we need to step back and watch the pattern of consumer behaviour towards a particular category and then find ways to convert them. We also need to stop believing in hyper customisation for every product.”
Types of ad-fraud
GIVT (General invalid traffic)
These methods are easier to detect and have visible patterns.
• Geo-fraud: In geo-targeted ads, the fraudsters commit ad-fraud by making their bots appear from different geo-location through a variety of techniques. Some of the common ways to manipulate the geo-data is using proxy IP addresses to appear in specific geo-locations.
• VPN: A VPN is used to create a new IP address and mask the original location of a person. This is a strong tool for fraudsters to hide their tracks of ad-fraud practices.
SIVT (Sophisticated Invalid Traffic)
These methods can replicate human behaviour, hence difficult to detect. They require advanced analytics, and machine learning to identify and analyze.
• Click Spam: Also known as click flooding, this is a type of mobile ad-fraud where the fraudsters generate an inflated number of fake clicks. This method helps them to receive the credit for the last click before a conversion is made.
• Fake Attribution: It is a practice followed by fraudsters to steal the credit of an organic install by reporting a fake click as the last engagement. Being the ‘last-click attribution’, the attribution platforms consider a fake click as an organic click.
• Cookie Stuffing: This is a technique used in affiliate marketing fraud where a fraudulent affiliate fools the advertiser into thinking that they have sent traffic to their website. But in reality, they haven’t sent any traffic.
• Ad Pixel Stuffing: Pixel stuffing happens when the fraudsters place an ad or an entire website inside a frame of 1x1 pixel using an iframe. This makes it invisible to the human eye. When a normal ad runs, the impressions are tracked for the legitimate ad, as well as the ads that are stacked under the invisible pixel. In this way, the fraudsters receive compensation for those fake impressions.
• Domain Spoofing: This is a type of phishing scam where a fraud publisher disguises itself as a premium publisher in a programmatic marketplace. By spoofing a premium publisher, the ad impressions generated are more valuable and the demand is also high.
• Incent Fraud: This is a type of fraud where the fraudulent affiliates run non-incent campaigns on incent platforms. Due to this, they attract low-quality users that install only for incentives and have no interest in the actual app. This technique is usually used to increase the install volumes, fix low CR ratios, moderate the quality of user acquisition, or simply increase the margins.
• Click Injection: This is a sophisticated form of click-spamming which is majorly prevalent in android devices. When a user downloads a malicious app, he allows the fraudsters to detect when any other app is downloaded on the device. Once they know that, fraudsters trigger a click before an install is completed. As a result, the fraudster receives a credit for the install that appears legitimate and results in a CPI payout from the advertiser.
• Device Farm Setup: The device farms are a type of mobile ad-fraud where the fraudsters manually perform a task (like clicks, installs and other forms of engagement) to make the advertiser believe it is a legitimate activity. They hide their malicious activity behind fresh IP addresses and device IDs.