Best Ad Fraud Tools

Ad fraud is a major reason for wasted ad spend, and to know the Ad fraud tool that can help keep it at bay is to win half the battle.

From options like TrafficGuard, a real-time solution to ad fraud, to leaders in mobile attribution, AppsFlyer, to the thoroughly unbiased FraudScore, the best ad fraud tools proactively prevent fake data from draining your ad budget. More importantly, these options will help you maximize your return on ad spend.

Read through this article if you wish to learn about ad fraud prevention tools and how they work, but most importantly, if you want to learn how to spot and prevent ad fraud with or without tools.

With in-depth data collected from trusted sources, including official websites and trusted review channels, this ultimate guide to ad fraud and the tools that help stop it should serve as a thorough introduction to the world of digital ad fraud.

Quick Stats On Ad Fraud

In 2018, ad fraud was responsible for the loss of $6.5 billion in ad investments. Fast forward to 2020, a landmark year for ad fraud as it surpassed credit card fraud in the volume of lost funds, soaring to $35 billion to surpass the $27 billion lost in credit card fraud.

A 2020 report from FraudScore showed that an astounding 38% of global ad traffic that year came from fraudulent sources. 38.5% of this was mobile traffic; 32% came from desktops.

And it’s not looking good going forward. The Global Association of Advertisers speculates that over $50 billion will be lost to ad fraud by 2025. This is a hopeful estimation.

Ad fraud could cost marketers up to $100 billion in wasted ad spend by 2023, according to other sources.

As alarming as this trend is, a bigger concern is that only a handful of digital marketers are aware of the toll that ad fraud is placing on their activities.

Nobody really knows what ad fraud is. Its potential for damage is lost on many of the marketers. That is a big part of the problem and part of why experts project such high losses in the coming years. To stop ad fraud, we must first be aware of it and its implications. We must understand exactly what it is that constitutes ad fraud before we can start tackling what is an increasingly urgent threat to digital advertising.

What Is Ad Fraud?

Ad fraud mostly constitutes activities that generate fake ad data in order to secure marketing payouts from brands.

In such a scenario, the brand pays for advertising or publishing from a fraudulent vendor, who, rather than deliver the services paid for, opts to fake the ad’s performance.

Therefore, the brand’s ads never reach their intended audience. No matter how good they seem to be performing, the company’s bottom line never changes.

That’s the biggest indicator of ad fraud. We’ll discuss it later in depth.

Types Of Ad Fraud

Ad fraud currently exists in eight different flavors. They are:

• Geo masking
• Pixel stuffing
• Ad stacking
• Cookie stuffing
• Click injection
• Click spamming
• Ad injection
• Domain spoofing

Geo Masking

Did you know that the cost of generating traffic varies based on where it’s coming from?

Traffic from the U.S., Canada, and the U.K., for instance, is typically more expensive to generate.

However, most companies prefer traffic from these regions because these customers tend to make bigger purchases. Therefore, paying more for high-quality traffic pays off quite literally.

The importance of effective targeting is not lost on any marketer. Targeting sometimes has to be geo-specific, and that’s because some customers produce more value than others.

The problem is that fraudsters use geo masking to sell you low-quality traffic disguised as the high-value traffic that you think you’re paying for.

Geo masking allows fraudsters to charge premium prices for cheap, low-quality traffic, all at the expense of the companies paying them.

The technique is used to mask low-quality traffic to make it look like it’s coming from high-value geo-locations.

Fortunately, it’s not that hard to spot because ultimately, you’ll realize that you’re getting few high-value conversions despite the high number of clicks on your ads.

Pixel Stuffing

Pixel stuffing involves cramming numerous ads in areas as small as a 1x1 pixel. Fraudsters use this technique to show several ads at once.

But in this case, “show” is a charitable way to put it. The ads are rarely big enough to be seen. The fraudsters still get credit for the impressions, which is all they’re after anyway.

Pixel stuffing means that your ads are never actually seen by your target audience. Sure, they may be placed on a website you chose, but they’re not exactly visible without zooming in several times. Something that your audience won’t know to do.

This method can be repeated several times over in a single page, meaning fraudsters can get several impressions for different ads simultaneously, even though the ads aren’t getting any exposure.

Ad Stacking

Stacking multiple ads into one space is another way fraudsters claim impressions for several ads at once. It’s a technique that’s similar to pixel stuffing, except here, visitors can only see the ad that’s on top.

All the other ads are “stacked” behind the first ad, and even though they don’t get any exposure, they record each impression, leading you to believe that your ads are getting viewed.

A stacked ad only shows one ad, but the fraudster gets credit for the impressions on all the other ads behind the first one.

Cookie Stuffing

When you visit a website, information about your browsing behavior is stored in little text files called cookies.

Cookies make customer analytics possible. These files help brands to customize their advertising based on consumer behavior to increase engagement.

Unfortunately, not even these text files are safe from fraudsters. Cookie stuffing is the act of stuffing fake information into these text files to fraudulently claim sales made by customers.

This type of fraud is commonly witnessed in affiliate marketing. A user visits the fraudulent affiliate’s website then leaves without taking any action.

The affiliate then goes on to call the CPA platform tracker from his site several times with an aim to simulate visits to several e-commerce platforms. They then gather all these cookies and stuff them in the user’s browser.

When the user, later on, goes to make a purchase on one of these e-commerce sites, they don’t know that their browser already contains cookies from the CPA platform of the fraudster’s website.

Once the purchase is complete, cookie correspondence is conducted along with the order ID and price. This information is then forwarded to the e-commerce site, and after verification of the order details and cookies, a commission is sent to the fraudulent affiliate.

Fraudsters use cookie stuffing to get payouts they haven’t earned. In this manner, they steal commissions directly from the deserving affiliates by stuffing user browsers with falsified cookies.

Click Injection

Click injection is a method that’s used to inflate the number of clicks produced by an individual, thereby generating more revenue. This method is also used to steal credits for downloads inspired by other advertisers.

This type of ad fraud is most commonly witnessed with mobile apps. It involves the “injection” of illegitimate clicks to an app or advertising scenario, which results in misattribution that gets the fraudster paid for clicks and downloads they falsely acquired.

It is often perpetrated through the use of malicious apps. Under the guise of being a voice changer or a wallpaper app, such an app will continue to run in the background and click on unseen ads without the user’s knowledge or consent.

Click injection can also be used to take credit for app downloads. Android devices, for instance, broadcast new app installs to all existing apps, including malicious apps in the device.

When this happens, the malicious app generates a fake click, attributing the fraudster for the download.

Click Spamming

Click spamming is another way to inflate clicks to generate maximum revenue. Unlike click injection, which is more clinical in its administration, click spamming is less elegant and uses volume to confuse click measurement systems.

By spamming these systems with numerous clicks, fraudsters hope to get a few clicks through in order to steal credit.

Brittany Irhig compares click spamming to showing up at random strangers' houses, claiming to be a long-lost relative, hoping to convince some of them enough to be invited in.

Click spamming can be done using the software, as is usually the case. These tools make clicks appear more legitimate, and therefore more likely to come from a trusted source.

Fraudsters can also use click farms—which are large human-run operations that generate fake clicks—to spam their targets.

Click farms often entail large groups of low-paid employees who are hired to click on ads and install and uninstall apps to generate revenue. Often, click farms are located in different countries, so it’s relatively easy to detect click farm activity on ads and apps.

Usually, anti-ad fraud actors tend to check whether there’s a large amount of clicks coming from regions like India, which is often a prime indicator of click farm activity.

Ad Injection

Ad injection is similar to click injection, except in this case, fraudsters place ads where they don’t belong at the expense of the publishers involved.

This method of ad fraud is administered with the help of adware plugins and browser extensions. The fraudsters hijack a server first before slipping their ads into slots that are already possessed by other ads.

This eye-opening report from AdCumulus even suggests that this method can place ads on websites that don’t normally show ads.

Domain Spoofing

Domain spoofing takes advantage of the fact that quality placements cost more by tricking advertisers into thinking that they’re paying for high-quality inventory.

There are four common strategies used in domain spoofing. They are:

• URL substitution – The least technically advanced strategy is URL substitution, which is basically the replacement of a real URL with a fake one. This simple fraud scheme attempts to trick advertisers into thinking that they’re placing an ad on the high-quality inventory they bid on when in reality, it’s a different, low-quality placement.
• Human browsers – Much like how conventional malware works, human browsers infect a visitor’s system, then hijack ad placements on websites the user visits and inject their ads. The user is rarely aware of the fact that the ads being displayed have been injected.
• Custom browsers – These browsers, which are used by bots, can switch the URL of any website with the URL of a premium website. This way, an advertiser can be convinced that their ad is placed on the desired inventory, when in fact, it’s on a completely different website.
• Cross-domain overlays – This is the most technically advanced form of domain spoofing, and it involves the use of two websites—one with high-quality traffic and one with low-quality traffic. The fraudster uses something called an iframe to create an overlay of the high-value website on the low-value one. By doing this, they can hide brand-unsafe content like pornography and hate speech, making it possible to show brand-safe ads. This allows the monetization of their traffic at the full expense of the advertiser, whose reputation suffers as a result.

Domain spoofing seeks to defraud both advertisers and publishers, but luckily, methods like URL substitution are easy to spot. Though not easily detected, the other forms of spoofing can be pinpointed using the ad-fraud tools that we will discuss later on.

What Can We Do About Ad Fraud?

Ad fraud is a globally prevalent issue, one that 70% of all executives cite as the main hindrance to budget growth.

Although there’s no single piece of advice that will keep you safe from fraudsters completely, ad fraud is avoidable. The reason why it costs marketers billions every year is because it can be quite hard to detect.

You can’t stop ad fraud if you’re not aware of it. Ad fraud is an uncomfortable topic that many marketers love to file in the “no big deal” cabinet.

Marketers, especially those new to display advertising, need to understand how ad fraud works and how to detect it.

More importantly, they need to understand the danger it poses. Even though it starts from fake impressions and clicks, ad fraud can quickly poison all other areas of brand optimization, including brand safety, viewability, and optimization.

That’s why one of the best forms of protection when it comes to ad fraud is early detection. If you can detect the early warning signs of fraud in your campaigns, then you can avoid fraud before it bleeds your ad spend dry.

Some forms of ad fraud are easy to detect with a little diligence. Others aren’t so obvious, which is why ad fraud detection tools exist. These tools are a key frontline defense against fraud for many companies.

But before you opt for detection tools, it is important that you know how to spot (and stop) the warning signs of ad fraud on your own.

Detecting Ad Fraud Without Tools

To detect ad fraud without the use of sophisticated tools, you must be the only one that manages your company’s display advertising campaigns. All that’s needed from there is a little analysis and common marketing knowledge.

These warning signs include:

• Unrealistic CTRs – CTRs (click-through rates) tell you a lot about the quality of traffic coming your way, but when they’re unusually high, it often means that something is amiss. If you notice high CTRs that don’t match your performance and bottom line, it’s time to investigate.
• Lack of performance – If you’re observing high CTRs but no performance in your sales or conversion, that’s a major warning sign of ad fraud. You can be sure of fraud once you notice that your display advertising is performing poorly compared to channels like Facebook ads even when they share the same attributes (same number of landing pages, ads, offers, etc.)
• Datacenter IP addresses – A quick way to check the legitimacy of your ads’ clickers is by analyzing IP addresses. It’s common for web users to use either residential or corporate IP addresses. What’s not as common is seeing visitors using data center IPs, which indicates traffic that’s coming from a hosted server. Often, such proof is enough to suggest fraudulent activity and can even earn you a refund from your ad agency.
• Suspicious long-tail sites – If you notice long-tail publishers in your campaign reports, it’s not necessarily a sign of ad fraud. However, a very large number of long-tail sites in your report may suggest fraudulent activity. Remember, real human visitors only go to recognized publishers, so if most of your traffic seems to be coming from these obscure long-tail sites, there’s cause for suspicion.
• Very poor site-level analytics – Ad fraud doesn’t stay hidden for long. If you compare the on-site analytics of two of your marketing channels, you can immediately point out discrepancies. For instance, if you’re getting 100 clicks on Facebook, 10 of which convert, but your display advertising is giving you 500 clicks with no conversions, that's irrefutable proof of ad fraud.

The Best Ad Fraud Detection Tools

Detecting ad fraud is sometimes easier said than done. In such cases, you’re better off deploying an ad fraud detection tool to make the process quicker and more accurate.

These tools are specially made to notice the warning signs we talked about earlier and much more. They’re very handy, especially for brands and companies with large campaigns to manage.

Let’s see what they have to offer.

TrafficGuard – Best General Option

TrafficGuard sits right within your advertising journey and monitors clicks, impressions, conversions, and events to mitigate ad fraud right from the start.

The reason it tops our list is because it adopts a proactive approach to fraud detection. Rather than wait for data, it analyses it in real-time, ensuring that every click or impression comes from your audience.

This allows you to scale your advertising quite confidently. After all, any trace of fraud is immediately detected so that you can act quickly.

TrafficGuard is rather surgical in its approach. Rather than deploy blanket blocking, it singles out suspicious traffic using statistical invalidation.

It goes as far as to provide you with clear reasons behind the invalidation of every engagement it disables.

This keeps your valid engagements safe. It also allows you to optimize your campaigns in real-time by giving your traffic sources and agencies access to traffic reports.

Features

• Blocks fraud and suspicious traffic at the impression and click levels.
• Three layers of protection against fraud.
• Granular ad performance reporting.
• Transaction level exports.
• Dedicated reporting to your traffic sources.
• Powered by machine learning.

TrafficGuard offers a free version with only the basic ad fraud detection features included.

If you’d like the full version, it starts at $50/month. There is a free trial, though, so you can sample its features before buying the full version.

Adjust – Great For Mobile Applications

Officially, Adjust is described as an analytics and attribution software. It’s designed exclusively for mobile apps.

With it, mobile app marketers have reliable protection from ad fraud and a source of advanced analytics that are useful for monetization.

And while it’s used by Yelp, Spotify, and SoundCloud, to mention a few companies, Adjust is still a small-company tool that’s basic in its iteration and thorough in its performance.

Features

• Attribution and tracking of mobile users.
• Audience segmentation.
• Evaluates and adapts to traffic patterns automatically.
• In-built marketing automation.
• Unlimited access to raw data.
• Reliable fraud prevention.
• Centralizes marketing campaigns.
• Great customer service.

Adjust comes with an Audience Builder that allows you to perform quick actions involving your audience.

For example, you can create segments based on in-app behavior or upload entire lists with a single click. The feature updates your audience list in real-time, so it always stays updated.

It’s a handy feature for exclusion targeting as well as accurate retargeting.

Adjust offers three plaid plans, but prices are disclosed on consultation. The plans are Basic, Business, and Custom.

Basic offers feature like:

• Advanced deep linking.
• Unlimited tracking (for both apps and partners).
• SMS tracking (tracks push notifications too).
• Retargeting via any of your partners.
• LTV, cohorts, and retention reports.
• “Lookback” window with unlimited view.

The business combines all the features of the Basic plan and also includes:

• Organic search (Google only).
• Impression tracking.
• Access to raw data.
• Client callbacks in real-time.
• CSV uploading.

The Custom plan allows businesses to tailor these fraud prevention features according to their needs. It gives access to all features in Basic and Business and adds the following on top:

• A dedicated account manager.
• A filter for attribution sources.
• Tracker attribution.
• TV attribution.
• Attribution for view-through engagement.
• KPI service (Pull KPI).
• Cost reporting.

The company says that pricing varies based on two factors; the number of app installs your app has and the type of features it bears.

Perfomcb – Excellent Automation

Performcb is not an all-out fraud prevention tool, but it does offer some serious protection from ad fraud. The company is officially a pay-for-results model that seeks to help brands grow their customer base via digital channels.

The company uses proprietary technology to protect your ad spend. This is in the form of a suite of ad-fraud tools collectively named PerformSHIELD.

These tools are run by complex algorithms, some rule-based, others governed by machine learning. According to the company, PerformSHIELD proactively detects ad fraud AND automatically optimizes your campaign.

As the marketer, you can set rules to govern the tools. They can be used for a variety of reasons, from the validation of traffic and target audience to the enforcement of your terms and conditions.

You also get the reassurance of a human compliance team working alongside the tools to confirm the legitimacy of your traffic and partners.

PerformSHIELD relies on data from industry experts and third-party data vendors to establish malicious or suspicious activity, even when it’s a relatively new fraud technique. This keeps your data potentially protected from evolving ad fraud methods.

Best of all, it continuously optimizes your campaigns automatically based on your rules, KPIs, and goals such as ROI. It will even shift your budget to the audience segments that are performing better than others.

That’s one perk of using Performcb as a whole—its first job is to get you new customers. Ad prevention, while not an afterthought, is just the cherry on top of a rich sundae of customer acquisition tools.

Pricing is a little different here, albeit it’s far more versatile than what the previous options offer. Performcb offers an intricate cost-per-action payment model. You can pay for click, engagement, lead, install, or sale.

Since ad fraud protection is included regardless of the action you choose to pay for, this tool offers great additional value when it comes to marketing and audience growth.

FraudScore – Thorough And Unbiased

FraudScore analyzes both mobile and web traffic data in your campaigns to ensure they’re coming from legitimate sources. If you’re a mobile developer, advertiser, or agency, this is an ideal, independent anti-fraud solution to consider.

You’ll like that it covers all steps of your campaign funnels, from clicks to engagement, to installs, and finally sales. It is one of the sources that come highly recommended for protection against bot farms.

It also protects your campaigns from click spamming and injection, adware and malware, and many more threats.

Rather than adopt a binary approach to traffic analysis (whereby it can only be “fraud” or “not fraud,” FraudScore evaluates each of your channels, conversions, and traffic sources against 150+ fraud algorithms and metrics.

It then categorizes data into “Good Traffic,” “Low-Index Fraud,” “Medium-Index Fraud,” and “High-Index Fraud.” From here on, it’s pretty easy to determine the legitimacy of your sources and conversions with a little more investigation.

It points you in the right direction with its thorough evaluation of all your campaign interactions. But what’s more interesting is the platform’s real-time click fraud prevention.

SafeClick, as the solution is called, does one of two things at any given instance: it either blocks clicks it deems fraudulent or assigns fraud scores to every suspicious click that goes through. It then leaves it up to you to further evaluate the traffic quality.

Features

• 150+ fraud metrics analyzed for detection accuracy.
• Detects fraud on all conversion levels (installs, sales, clicks, etc.).
• SafeClick – real-time click fraud prevention.
• Machine learning algorithms that spot new fraud patterns as they appear.
• Interactive fraud reports.
• The personal manager comes with every account.

FraudScore offers watertight analyses, guaranteed by its status as an independent anti-fraud solution that generates unbiased reports.

It covers all steps of the sales funnel and analyses both web and mobile traffic. It’s also easy to integrate with existing solutions, typically taking five minutes or less using platforms like AppsFlyer, FuseClick, and Adjust.

Pricing here is a little different as well. FraudScore can bill you for either Conversions & Installs Scoring or for Clicks Scoring (as powered by the proprietary technology, SafeClick).

Apart from the free trial, which you don’t need a credit card for, the platform offers the following plans:

• Starter - $490/month (or $390/month billed annually) for C&I scoring and $290/month for Click scoring. Good for 30,000 conversions ($0.02 for any additional conversion) or 10,000,000 clicks ($0.05 for each extra click). It also includes features like 1-click integration, data API access, all fraud filters (for click scoring), and email support (for both types of scoring).
• Professional - $990/month (or $790/month billed annually) for C&I and click scoring. No annual plan for click scoring. Includes 100,000 conversions, and extra conversions at $0.01 each, or 100,000,000 clicks, and $0.01 for the next 1,000 clicks. Additional features include free web training, an account manager, employee training, sources blacklist, and events analysis.
• Enterprise - $1,990/month ($1,590/month billed annually) for C&I, and $3,990/year for click scoring. Includes up to 250,000 conversions ($0.008 for additional conversions), or 1 billion clicks ($0.005 for next 1,000 clicks). Also comes with features like online call support.

Branch Metrics – Great Choice For Cross-Platform Linking

Branch Metrics brings a sophisticated ad fraud detection approach to the table. Rather than use common fingerprinting technology, it leverages its massive global identity network, which comprises Branch personas, to detect ad fraud.

Comprehensive reports, AI-based algorithms, and industry-standard blocking are three qualities offered by this option. It’s exactly the type of tool you need to optimize app marketing and advertising analytics.

Branch Metrics is the leader of cross-platform linking and attribution, which has earned the platform over three billion monthly users and 50,000+ apps. It is used by names like Reddit, Twitch, and BuzzFeed.

There’s a basic demo version for anyone looking to test out its features. Otherwise, Branch Metrics offers two pricing plans.

Billing largely depends on your traffic volume, but it ranges from $59 to $200/month.

AppsFlyer – Multilayered Protection

AppsFlyer is an excellent solution for fraud techniques like bot and device farms, fake purchases, click flowing, and install hijacking. It’s an app developer’s most potent weapon against fake in-app events too.

It excels in fraud protection thanks to its thorough multilayered approach. The tool’s several layers of protection include anomaly detection, install verification, attribution and post-attribution calibration, and validation rules.

It’s ideal for marketing and app analytics advertising. You might find it suitable because it integrates quickly (uses a universal SDK), provides real-time data, and produces comprehensive reports.

Much like FraudScore, AppsFlyer is notably unbiased in its analysis and reporting.

Features

• Quick, deep integration with a wide variety of marketing platforms.
• Deep linking leads from all your activities courtesy of OneLink.
• Retargeting attribution.
• Full control over IOs.
• Granular attribution of all app installs (down to media source and app installs).
• Quick-glance overview dashboard.
• Dynamic reports (retention and cohorts.
• Drag-and-drop editor.
• 24/7 access to user-level attribution (mobile anyway).
• Links to web activity via AppsFlyer data.

Deep Linking opens up opportunities to increase revenue, installs, and LTV. You can benefit from dedicated deep linking features like flexible use case deployment, personalized user onboarding, and conversion optimization.

AppsFlyer is available for a 30-day trial period when you start with the Basic plan. Prices are on request.

3 Tips To Help You Avoid Ad Fraud

• Know your KPIs – If you are aware of your key performance indicators and their benchmarks, you can catch fake data in your reports before too much of your ad budget is eaten up. It’s also essential to conduct due diligence on both private and open ad networks before spending a dime. Understanding how ad fraud works—and the damage it can cause—is taking a significant step to avoid it.
• Trust industry standards only – More specifically, choose advertising options that have active anti-fraud measures in place. For instance, ads.txt, a list-file of authorized ad vendors, can now be added onto publisher websites to stop activities like domain spoofing and injection. Around 80% of all programmatic video ad vendors have already adopted this measure. There is also ad.cert and app-adds.txt, two measures developed to prevent ad Injection and other forms of mobile ad fraud.
• Use proactive technology – Some of the most prevalent forms of ad fraud – bot farms, click farms, and pixel stuffing, for instance – can only be avoided using advanced technology that proactively reacts to fraud at all stages of transaction. The next best thing is to get technology that doesn’t record fraudulent impressions but instead reports and logs them to be avoided in the future.