Secure 2024: Forrester Wave™ Q2 2022 Showcases Leading Bot Management Solutions
HUMAN Blog

5 Myths About Ad Fraud

Make no mistake about it: if you’ve ever advertised on the internet, you’re likely a victim of ad fraud. Here are five common myths that have some marketers convinced that ad fraud isn’t their problem.

Myth #1: Bots are a problem, but not for me.

Every advertiser and every campaign is affected by ad fraud. Botnets attack campaigns of all sizes across all mediums, buy types, and channels without prejudice. Cybercriminals are constantly developing new tactics and strategies to maximize revenue and minimize detection.

To make things worse, botnets now piggyback on existing malware-infected computers, mimic human behaviors, and reverse engineer detection solutions. Ad fraud succeeds by happening where it’s not expected — if you haven’t already adopted a solution for it, then it’s already hurting your bottom line.

Myth #2: But I only buy directly via premium publisher relationships!

It’s easy to convince yourself that ad fraud is only found in programmatic buys. Surely premium sources don't have bots!

Unfortunately, that's not right, either. Buying direct or through a PMP does not make you immune to ad fraud. Recent White Ops research has uncovered direct buys that have 98% non-human traffic. The publisher was real, but nearly all the traffic was acquired, and all the acquired traffic was bot. Widely trusted publishers often unknowingly buy bot traffic through third-party services, meaning that a good reputation is no guarantee that bots won’t visit your website.

Myth #3: I optimize to conversions. Bots can't fake attribution.

Two-thirds of today’s bots run on devices owned by real consumers. That means they have real cookies and real device IDs, which causes them to show up in real attribution models.

For instance, retargeting only shows ads to people that have made purchase attempts, so you might expect retargeting to be 100% bot-free. Advertisers simply trust that when they write a cookie to a computer and see it later, it must be the same cookie, and that no one has messed with it. But because it can access real cookies, a bot running in the background on a residential computer is happy to watch ads targeting the owner all day long. The truth is that, no matter how human a user looks, it could very well be a bot.

Myth #4: I’m already protected by my bot detection program.

Advertisers with existing bot detection and prevention technology can still be impacted by fraud. This is the most difficult fact for some advertisers to accept, but it’s the sad, unavoidable truth. Certain bot detection strategies have been known to catch as little as 17% of fraud in a given campaign.

Every single detection strategy has a freshness date because cybercriminals are constantly developing new ways to outsmart and evade our latest techniques. What’s worse, it is nearly impossible to know for sure that you’re detecting all the bots because in bot detection, winning and losing look exactly the same. What does losing mean? It means you stopped detecting all of the bots. It means you detect less, which means bot numbers go down. To the untrained eye, that outcome is identical to that of effective detection and prevention.

Myth #5: If I didn’t have fraud last year, I won’t have it this year.

Historical trends are not good predictors for future fraud rates. Just because you were fraud-free last year doesn’t mean you’ll be protected this year. Cybercriminals are constantly developing new, more advanced bots that can do more damage and evade the detection methods that nabbed previous bots.