Glossary

Launched in May 2017 by the IAB Tech Lab, the Authorized Digital Sellers project aims to tackle various types of ad fraud, most notably domain spoofing and illegal inventory arbitrage.

Ads.txt is a simple text file that contains information about which companies are allowed to sell digital inventory on a particular domain. As it can be created and modified only by the webmaster of a domain, the information of the file is considered valid and authentic.

Learn more about Ads.txt in our article: Ads.txt - What it is and why it can’t protect you from invalid traffic and click fraud

A type of scam in which fraudsters intentionally falsify engagement on an ad and fool advertisers into paying for it. In most cases, ad fraud refers to fake traffic, fake leads or misrepresented and ineffective ad placement.

Some types of ad fraud include:

- Ad injection
- Ad stacking
- Ad tag hijacking
- Affiliate fraud

A technique where ads are visibly or hiddenly inserted into websites or apps without asking the publisher's permission and without paying them.

Ad injection can occur in multiple forms. Ads can be inserted on top of already existing ones or replace them entirely. Injected ads can also appear on web pages that otherwise never show ads.

The injection of ads can take place via malware such as browser plugins. When a user clicks on the ads, the plugin developer would be paid instead of the publisher.

A technology platform that serves as a broker between publishers (supply-side) and advertisers (demand-side).

Ad networks acquire available inventories from a publisher and sell them to advertisers as packaged impressions. Without ad networks, publishers would have to negotiate deals with each individual advertiser.

While there are all sorts of different media (print, television, radio etc.) the term is used exclusively to refer to online advertising.

A tool that allows a publisher to rotate two or more ads in the same place on a website. The rotator can have both a time-based trigger or update the ad when a user refreshes the page.

Technology used by publishers, advertisers, ad agencies, and ad networks to manage and run online advertising campaigns. Ad servers store advertising content and are responsible for serving them to a website or app.

Additionally, ad servers collect data about ad performance (e.g. impressions, clicks, etc.) for advertisers and publishers to gain insights and monitor the performance of their ads.

The process of placing multiple ads on top of each other in a single ad placement. While only the top ad is visible to the user, a click or impression is registered for every ad in the stack. This leads advertisers to pay for fake impressions and / or clicks.

Ad stacking is one of the most common forms of ad fraud.

Stealing an ad tag from a publisher’s website and using it on another one. This is often done as an attempt to sabotage the brand’s reputation.

Adware, or advertising supported software, is a software that automatically presents ads within an application or operating system.

In its malignant form, it often displays unwanted and in most cases hidden or obtrusive ads (e.g. pop-ups or pop-unders). In this case, the software is designed to fake legitimate user-generated traffic to a website or app.

In an affiliate program, an advertiser pays a commission to an external publisher, e.g. for the sales of a product or the generation of leads generated by its referrals.

Any false or unscrupulous activities carried out in order to receive a commission from an affiliate marketing program are referred to as affiliate fraud. This includes any activities that are explicitly prohibited in the terms and conditions of an affiliate marketing program.

Also known as outlier analysis, anomaly detection refers to a step in data analysis which identifies data points, events, or observations which deviate from the normal behavior of a dataset.

Fraudsters automatically reload pages or refresh ads slots to continuously load ads.

Introduced with iOS 14.5 in April 2021, App Tracking Transparency (ATT) is a privacy feature by Apple, that requires all iOS apps to obtain user permission in order to access the Identifier for Advertisers (IDFA) and track the user or the device.

A type of mobile ad fraud where fraudsters steal credit for app installs. This works by reporting fake clicks as the last engagement prior to the first time an app is launched by a legitimate user. This falsely credits the fraudster instead of the genuine source responsible for the app installation.

Attribution tools provide marketers with all relevant information to determine the success of digital adverting campaigns and marketing channels. They help to understand how much credit should be given to each marketing touchpoint.

The practice of automatically refreshing ad slots within a single page view in order to increase ad impressions. The ads can be refreshed after a regular time interval or due to certain user actions like scrolling, mouse movement or clicking. Users might not even notice that ads have been refreshed, but ad impressions will be registered regardless.

Combined with a CPM model, advertisers end up paying for ad impressions that were either unviewable by a real user or only visible for a very short amount of time.

Any traffic to a website, that is not generated by a real human. Automated traffic can stem from a variety of sources including search engine crawlers, website uptime checker software, automated scripts and many more.

In most cases, automated traffic originates from bots visiting websites in order to increase ad impressions and traffic.

A piece of software that was designed to verify requirements in software development via automated test scripts. Examples include Selenium and Puppeteer. Automation tools are used to automate repetitive tasks or perform those that are difficult to do manually.

However, fraudsters abuse automation tools to visit websites and click on ads automatically.

Sophisticated bots are now able to mimic human behavior in great detail. Behavioral analysis is used to examine user interactions and compare them with the behavioral profile of the entire website. In this way, abnormal behavior can be detected quickly and reliably.

The usage of lists of known or suspected malicious fraudulent IP addresses, domains, or other parameters to prevent advertisers from serving their ads to them.

The word “Bot” is short for “robot”. A bot is an automated software program designed to perform specific tasks on the internet, such as crawling websites or checking the server’s uptime.

In the context of ad fraud, bots are programmed to emulate human behavior. They vary in levels of sophistication and are capable of consuming digital content and performing several tasks, including:

- Visiting web pages
- View ads
- Click on ads
- Watch videos
- Installing apps
- Accepting cookie banners
- Adding products to the shopping cart

The Internet is full of bots. Over 57% of the world's internet traffic comes from bots – only a little over 40% from real people. Just about any device with a chip and Internet connection can be turned into a bot:

- Webcams
- Smart thermostats
- Connected cars
- Smart refrigerators
- Smartphones
- Connected TVs
- and many more

A few years ago, bots operated only from big data centers (Google Cloud, Amazon AWS, etc.). Today, they live (mostly unnoticed in the form of fake websites and apps) on real devices with real user and device IDs, a real browser history, and a real residential IP address.

While they used to have robotic click behavior, bots can now realistically imitate human behavior and mimic normal distributions in their actions.

For example, fraudsters record mouse movements of real users on websites (mostly illegal streaming platforms) and play them back on websites the bot visits to remain undetected.

Fake bot traffic can be bought now for very little money on various websites on the Internet.

A collective of bots is called a botnet.

A network of computers, smartphones or IoT devices whose security has been breached and control has been handed over to a third party that uses the network to carry out malicious attacks.

The process of analyzing the traffic to a website, mobile app, or API to detect and identify malicious bot traffic and bot impressions, while allowing access to legitimate human traffic and authorized bots.

Actively preventing bot traffic and bot impressions before inventory is bought or sold.

Automated requests made to a website, mobile app, or API that are triggered by an automated process (bot) rather than a real human user. In the context of ad fraud, this non-human traffic is designed to mimic real user behavior and inflate audience numbers.

A bot can be indistinguishable from any other web user, but there are ways you can use analytics data to help detect bot traffic. Some indications for automated traffic are unusually high page views, unfamiliar referral traffic, unusually high bounce rates, spikes in traffic from an unusual region, abnormally low time on page, very high or very low average session duration, constant refilling or refreshing of content, anomalous timing of events, frequency of visits from any single IP address (more than 100x visits from a single IP on a given day).

The bounce rate is an online marketing KPI in web traffic analysis. A bounce is a single-page session on a website. The bounce rate represents the percentage of all visitors who leave the website without navigating to another webpage.

Lookalike audiences are based on fake traffic causing advertisers to target more bad traffic with no intention of converting.

Browsers can load certain content on a website before the user accesses and interacts with it. This is done to speed up fetching the content and provide the user with a seamless experience on a website.

However, this preloading and rendering of content can result in an ad impression that the user never viewed or accessed.

Short for "Completely Automated Public Turing test to tell Computers and Humans Apart".

The test is used to distinguish human users from bots and block bots from websites, apps or APIs. CAPTCHAs are mostly used on forms, login pages or in comment sections to prevent spam bots and brute force attacks.

The most popular CAPTCHAs include:

- reCAPTCHA.
A free tool from Google that requires you to type distorted text into a field or click on images that contain a predefined symbol (e.g., a car, cat, etc.)
- No CAPTCHA reCAPTCHA
The simplified and more user-friendly version of Google's reCAPTCHA tool. Human users must confirm that they are not a robot by simply clicking a box.
- hCAPTCHA
A CAPTCHA service that focuses on privacy and security. It works similarly to Google's No CAPTCHA reCAPTCHA tool.

An automated software designed to bypass CATPCHAs on websites. CAPTCHA bots can work in different ways:

- Automatic mode.
In some cases, the CAPTCHA is quite simple and consists only of distorted text or numbers that users have to enter into a field. CAPTCHA bots are able to solve these tests on their own.
- Mode with human assistance
More challenging CAPTCHAs, which present users with images from which they have to click those with a certain characteristic, are not so easy to decipher and often require a human to be solved. In this case, the CAPTCHA bot relies on so-called CAPTCHA farms – a collective of people whose task it is to solve CAPTCHAs. The bot sends a request with the CAPTCHA to a human, who solves the task for the bot and sends the solution back to it.

Click farms consist of a large group of low-paid workers hired to click on advertisements, like, share, comment, subscribe or follow any social media account and are usually located in developing countries, such as China, India, Indonesia, and Bangladesh. Workers are paid, on average, one US dollar for a thousand clicks.

Unlike botnets, click farms involve real people sitting at physical devices and clicking on ads, often using a VPN to access ads outside their geographical location. Because click farms want to be active 24 hours a day, most click farmers work a three-shift system in miserable working conditions, operate hundreds of pieces of equipment at once, and are not allowed to listen to music.

Because of this real human behavior, it is often very difficult to detect and block click farms.

You can get an impression of a click farm in this video.

Click fraud is popular because it’s relatively easy to do. In the past, real human traffic was often used to generate fraudulent clicks by employing hundreds of people in “click farms”. More recently, due to the lower costs and advances in automation, using bots to click on ads has become the preferred method for many fraudsters. By using software that is designed to mimic real user behavior, fraudsters can rapidly generate thousands of fake clicks on any given ad.

Fraudsters trick marketers into paying them a commission even though the sale would have happened anyway by tricking the analytics/attribution platforms and sending fake data into Google Analytics. Fraudsters make it appear as if a user clicked an ad to come to the site, even though no ads were ever run. By doing so, the fraudster claims credit for sales that would have happened anyway. And no ad was ever seen or click on.

Apps load ads in the background when the app is not in use or even the device itself is not in use. Like an alarm clock app that loads ads in the background when the owner is asleep. Maybe the battery dies a little faster or the device is a little slower than usual but that’s it. Some apps also pre-load hundreds of ads, for performance reasons, that never end up getting displayed.

Fake traffic appears alongside your legitimate traffic in your analytics e.g. bots interacting with your CMP consent banner and polluting important stats such as opt-in/opt-out rate.

Bots fill out lead forms with entirely accurate information that was leaked by one of the many data breaches that occured in the past years. Whilst this fake lead infiltrates the advertiser's CRM system, the bot/fraudster is getting paid on a CPL basis.

Fraudster set up fake sites that are made only to serve ads to bots. It is usually a three step process whereby a fake website is created as a first step. As a second step, cheap bot traffic is purchased and routed to the new website. The Ad networks see that this site is getting a lot of traffic and include it in their inventory. The third and final step, advertisers buy ad space on the site and the fraudster gets paid. Ad fraud is that easy.

Advertisers often pay on impression bids won, not on ads served. So fraudsters flood DSPs with fake bid requests. Some of these requests are caught but many go through. Interestingly, no bots are required for the fraudster to cash out as the ad doesn't even have to be loaded.

Marketeers buy ad impressions on a cost-per-thousand (CPM) basis like in mobile display or video ads. However, these ads are shown to a fake audience like bot traffic.

Visitors who have no intention of converting into paying customers like bots, click farms etc.

A network of computers, smartphones or IoT devices whose security has been breached and control ceded to a third party, who is using the network to execute malicious attacks.

Instead of loading entires webpages - from sites that pay bots for traffic, only the ad is loaded to save on bandwidth.

Pixel stuffing is a way of putting many ads on a single page without the customers realizing it. Ads are loaded into small frames of one or just a few pixels in size. The visitor cannot see the ads, but the advertiser is charged for the view.

Ads and more webpages are loaded in Pop-unders - withouth the user activating this themselves and not being visible to any user. Most of this kind of traffic occurs on porn and piracy sites.

Residential proxies allow bot makers to “bounce the traffic” through residential IP addresses and disguise it. If the traffic were obviously from Amazon data centers, it could easily be blocked by fraud detection.

Ultimately a simple scam. Bots are sent to a business’s website in order to get tagged for retargeting ads. Bots are then sent to the fraudster’s website to “look” at the ads that the business is paying to display.