Online Ad Fraud’s People Problem

katie-rischData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Katie Risch, senior vice president of software client solutions at Centro.

The headlines we’ve seen about bots eating billions of dollars in digital ad budget are downright frightening.

Lots of blame goes to secret organizations creating software that turns personal computers into zombies that automatically click on ads. However, there’s a simpler get-rich-quick scheme that more commonly swindles advertisers, and it doesn’t garner big headlines because it’s straightforward and boring.

It is preventable by using common sense, but bad actors in ad tech, who rely on an endless volume of inventory, turn a blind eye and enable this scheme because they are making money by acting ignorant.

This is ad fraud that uses real Internet users who are innocent bystanders. It generates site visits from real humans, where the user’s actions are completely unintentional. These instances escape detection from monitoring technology designed to find bot traffic, not humans.

Since automated ad-buying systems homogenize impressions no matter the publisher, low-quality inventory blends in pretty well in a sea of ad spaces. And who is really going to check every single ad among the tens of thousands, maybe millions, served on a campaign?

Therefore, to cheat advertisers, many entities simply create a low-cost site and make it look good enough to pass minimum inspections, fool an ad exchange into accepting its inventory and then fool advertisers into thinking that the site has quality audiences.

For example, have you visited At a quick glance, which is the time QA specialists have to approve or reject a site, it looks nice. It’s got articles, pictures of the authors and, until recently, mainstream brands advertising on it. Its traffic patterns, according to third-party measurement sites, show that millions of people visit it every month. Maybe it has an awesome SEO and social marketing team. But it doesn’t take long to read its articles and realize they’re suspect. How does it get traffic?

Users often stumble onto sites with questionable content either randomly via misplaced click or wrong search result or by purposefully by visiting a torrent site for downloads. Then the fraudulent chain reaction begins.

Operators of these types of sites can start serving lots of pop-under ads that act as browsers that can load any site completely. In this case, they’d load Sometimes users see it and close out the site. Others don’t see the ads until they close their regular browser. Either way, the site that loads inside the pop-under fully registers real traffic from real people who didn’t intend to visit that site.

Now, to fully monetize each impression, the site within the pop-under can load its own ads but is careful not to place too many ads up and down its site. That’s a dead giveaway to an ad exchange quality-control specialist that something funny is happening. Instead, the site can use a couple of ad units – three is enough to earn a nice profit while staying below the radar of site inspectors and ad verification tools.

Who’s going to know that something’s amiss during the millisecond it takes advertisers to find a targeted user, win a bid and serve the ad?

Consider the math. Pay a shady ad network to essentially load your entire site within a sneakily hidden ad to 1000 users for $1. Your equally shady site can load three ad units and receive $1 CPM for each, though you can probably get away with more. That’s $3 revenue costing $1 – a profit big enough to attract fraudsters but small enough to escape notice from advertisers.

And don’t get me started on in-banner video ads, which charge premium CPMs because sites label them as “pre-roll” inventory when listed in ad exchanges. You wouldn’t need many ads to make lots of money.

Even though smart people in ad tech know the common fraud scheme signs, many allow this to happen because they need ad units to sell. That site I mentioned above? There are many others just like it in the ad exchanges. The human problem in ad fraud is hiding in plain sight.

Follow Centro (@Centro) and AdExchanger (@adexchanger).

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. Nice coverage on an age old black hat trick. Everyone who falls under the moniker “internet marketer” knows about this, yet this is not a story you hear often in adtech. The adtech industry is not just corrupt, but it’s also terribly ignorant. I’m saying it with a wish that we could change that. But it will be hard as long as adtech peeps think they’re the #$%^ — but trust me, they are not. I had the privilege of being mentored by people that are widely considered the among smartest in the industry. But when it comes to understanding the dark arts, there is no understanding.

    This is strange because all you had to do in early 2000’s was to visit wickedfire, or even warrior forums, and you’d learn this and so much more. I was an “internet marketer” and everything I learn about internet advertising, I learn there. What I learn in adtech, was just things like how cookie syncing and mass redirects for “waterfall” work. And you know, those two practices alone are far more corrupt than what this article is about. A standard practice in adtech “audience extension” would be considered criminal by most black hats, while the same black hat may not consider what they are doing “criminal”. To be frank, when I first heard about “audience extension” I thought it was a joke, and that no industry could be that corrupt.

    What is worse than being corrupt, is being corrupt and ignorant. Behaving in a corrupt way without even knowing it. Until IAB et all start to deal with this level of problems, black hats and cybercriminals will have a field day like nobody ever did.

  2. Excellent look at this ignored problem, thank you!!

    To add to the final paragraph, there is an almost endless supply of these sites being created and deleted regularly. Every time you find one and remove it, ten others appear.

    What would be nice is if people started publicly naming the actual people responsible for sites like these, and stop doing business with them. Naming anonymously operated URLs just lets the operators continue with this endless supply of fraud plaguing the industry.

  3. Fraud may be driven by incentives?

    If you rob a bank, you may get caught and then you may go to jail. If you steal money online, you will never go to jail. So the bad players have an incentive to keep growing.

    If the smart people in ad tech spend their time finding the shady sites, then their supply of publishers will go down. If their supply of publishers is reduced their revenues are reduced.

  4. Finally! Maybe if this dirty fraud secret in advertising starts to get some light, then companies will be forced to work towards trying to prevent this problem.

    As an ad network owner myself, I’m disgusted with what we seen in the programmatic landscape when delving in a couple of years ago.

    In fact so disgusted, that we’ve ended up re inventing our whole company just to get away from it!!