Ad fraud

Ad fraud explained [peek inside a shady ad fraud site]

Our ELI5 series aims to "Explain it Like I'm 5". This time we'll explain what ad fraud is, and even look at a real-life example of ad fraud in action.
Ad fraud explained [peek inside a shady ad fraud site]

Let's start with the simple explanation you came here for, then we'll take a look at ad fraud in action. So what is ad fraud?

Ad fraud is where advertisers are charged for ad views, clicks, or sales that never actually happened. Or at least, a real person wasn't involved and there was no chance of the ad leading to an actual sale.

There's a few common scenarios (these are the most common):

Hijacked ad spots

Ad spots on real websites are bought by criminal organizations, who then use weird and wonderful ways of maximizing the revenue from that ad slot, to the detriment of advertisers. For example, they may use ad stacking to stack many ads on top of each other. So where an ad slot should normally get one view per page load, they get 20 or 25 views instead. The difference is the profit.

Fake publishers

Or, in another variation on ad fraud, the fraudster owns the publisher too, i.e. they own the site where the ad slot lives too. Whereas the "traffic" (visitors) in the first example is real, this time it's not. Instead, the criminals just buy the traffic from click farms or using botnets.

These fake looking websites are known as "Made for Ads" (or MFA) websites. We'll take a look at one right now.

A peek inside the world of ad fraud

At Hitprobe, we monitor our customer's sites for click fraud. So when we saw this site in October 2024 we knew right away something wasn't right:

Notice the beautiful design? The eye catching layout? The engaging content? No, neither did we. It looks like the sort of site you'd make if you really didn't give a *&^% about any of those things. Of course, it's just a basic Wordpress template.

Click into one of those intriguing articles, grab a hot cup of coffee, and settle down to learn all about Quick Solutions for Urgent Cooling Needs...

Oh, hmm. Not much going on here except some filler content and a lot of ads. Notice those three ad units just shoved right at the bottom of the page there?

But maybe this is just one of those spammy SEO (search engine optimization) sites? Well, if it is, surely there will be all the usual spammy backlinks too?

No, there isn't. No backlinks, no authority in the search results. So far we have a website that isn't made for people, OR for search engines. But a site that DID send our customer paid clicks recently.

Hitprobe provides the tools to dig into fraudulent clicks like this, so let's take a look what it showed this time. First up, let's check out the risks that were flagged up:

So it's not looking like this is a genuine click. We have a device that's seen too often, on separate ISPs, with each visit very short, and of course we already figured out the referrer website is made for ads.

Next, we'll use the referrer domain inspection tool to see exactly what it makes of this site...

We can see here what we already mentioned above, there is no "link score" (nobody links to this site), although surprisingly the site DOES feature in the top million sites (for traffic) on the internet. But this is no good measure of whether the traffic is useful to an advertiser.

Moving down the page we see that the site is hosted on Cloudflare Pages, and that the registrar is "CV. Jogjacamp":

This is an Indonesian company as we can confirm when we check out the domain registration details, which are public in this case...

So whilst it will need some more investigation to say for absolute certain this is ad fraud, we think it's highly likely in this case. It's definitely what we'd class as a Made for Ads or MFA website.

The scary thing is that there are millions, even tens of millions, of these sites all over the internet. So ad fraud is real, is happening right now, and is something you should protect your ad spend against.

Protect your site from ad fraud

All that is pretty worrying. But you did ask. Now you know what ad fraud is and how at least one type of ad fraud works. Do something about it. Hitprobe can protect your ad spend on Google, Meta (Facebook), and other networks.

Get protected now. It's free to start.

About your author

John Jackson
John Jackson
CEO & founder
John is a serial tech entrepreneur, having started his first internet business in 1996, and since then building, growing and selling several SaaS products.
More from this author...

Continue reading