- Resources
- Latest Whitepaper
Unmasking the Shadows: Invalid Traffic 2024Learn everything you need to know about Invalid Traffic in 2024 based on our customers’ data. Including a breakdown into marketing channels, industries and much more.
Resources
- Blog
How Fraudsters Outplay Blocklists and Sneak Into Inclusion Lists
Dr. Augustine Fou & Oliver Kampmeier
Imagine this: a fraudster’s shady domain gets blocked by a blocklist. Do they give up? Of course not! They find a workaround to keep the ad money flowing.
How Fraudsters Bypass Exclusion Lists
It’s shockingly easy – just lie about the domain in the bid request. And just like that, they’re back in the game, earning revenue again. Fraudsters have been pulling this trick for years. They know that once their real domain disappears from placement reports, advertisers think they’ve won the battle against disinformation sites, MFA sites, piracy etc. But, surprise, they haven’t!
Here’s the catch: hardly anyone checks if the domain actually matches the sellerID listed in ads.txt. What about prebid filtering, does it help? Well, it does, but it’s far from foolproof. Take FakeWebsiteABC.com, for example. If they used their real name, no one would bid. So, they simply pose as a popular, trusted domain. And guess what? It works. They’ve been playing this game at scale, getting paid all along.
Fraudsters Trick Inclusion Lists Too
Do you believe your inclusion lists are foolproof? Let’s say your list is full of top-tier, mainstream sites. That’s great! But what if a fraudster just claims they’re one of those sites in the bid request?
Yep, that’s all it takes for them to sneak in – just pretend to be a domain on your list. Since their fake domain matches what’s on your inclusion list, the programmatic bidding process continues as usual. Ads are served, and fraudsters get paid. Easy money.
Log-level data and placement reports won’t save you, either. They only record what’s in the bid request, not where your ad actually ended up. So, what’s the solution?
By using fraud0’s in-ad tags, you can gather post-bid data to verify whether your inclusion lists are working as they should. A post-bid JavaScript tag detects where the ad really went, allowing you to tackle both problems:
- If a fake site spoofed the domain in the bid request but post-bid detection shows your ads still went there, you can take action.
- If a fraudster impersonated a site in your inclusion list, post-bid detection will reveal stray sites and apps that aren’t supposed to be there. You can then troubleshoot and take corrective action.
Post-bid JavaScript detection is key to ensuring your ads don’t end up on disinformation sites (or worse) and to verifying that ads are actually being delivered to the domains on your inclusion list. So what is stopping you from safeguarding your ad spend with our in-ad tech?
Contents
Latest Whitepaper
Unmasking the Shadows: Invalid Traffic 2024
Learn everything you need to know about Invalid Traffic in 2024 based on our customers’ data. Including a breakdown into marketing channels, industries and much more.
Subscribe to our newsletter
Share this article
How much of your marketing
is wasted on fake traffic?
1%, 4%, 36%?
1%, 4%, 36%?
Try fraud0 7 days for free and find out.
No credit card required.
Subscribe to our newsletter
Solutions
Resources
