There’s a lot of terminology in the murky world of ad fraud. Whether you’re new to the advertising game or a seasoned player, trying to remember what each phrase and acronym means is frustrating.
Luckily for you, we’ve made this handy glossary of common ad fraud terms you can use the next time you need to cut through the jargon and fix your fraud problems.
Ad Fraud Glossary
Ad Injection. This type of fraud occurs when software “injects,” or inserts, ads on sites without permission. Usually, internet users unsuspectingly download a browser extension or toolbar that secretly contains injection malware, which then infects their computer and displays unsolicited ads.
Ad Stacking. Found on the publisher side, ad stacking is the act of placing ads on top of each other on a page, but only the top ad is visible. However, if a user visits the page, all the ads, even the unseen ones, are charged for an impression.
Ads.txt. Short for Authorized Digital Sellers, ads.txt is a system of plain text files that publicly disclose which companies are permitted to sell a publisher’s inventory. Ads.txt files are hosted at the root level of a publisher’s domain, making it easy for programmatic distributors and buyers to access the information.
Affiliate Fraud. To pad their commission payouts, some affiliates use deceptive lead generation practices to drive campaign traffic. This includes buying traffic from unauthorized sources, incentivising leads, and using bots to click ads and fill forms.
A.I. No longer the stuff of science fiction, A.I., or artificial intelligence, refers to a computer program’s ability to simulate intelligent human actions. A.I. gains its abilities through a developmental technique called machine learning.
Blockchain. A blockchain is a type of data structure that identifies and tracks transactions across a network of computers, creating a transparent and secure digital ledger.
Bot. Derived from “robot,” bots are automated software programs designed to carry out specific tasks. While there are both good bots and bad bots, most people refer to the malicious kind when talking about these programs.
Botnet. Usually controlled by a remote source, a botnet is a group of malware-infected computers that work together to perform specific tasks, usually without the computer owner's knowledge.
Brand Safety. This term refers to the methods used by advertisers to ensure an ad doesn’t appear next to questionable, potentially brand-damaging content. Brand safety is often subjective; for instance, a family-friendly brand like Disney wouldn’t want their ads placed on a site that promotes alcohol. But an edgier brand, such as MTV, might not mind.
Call Fraud. Ad fraud extends to phone calls, too. Call fraud happens when fraudsters generate phone calls that pass a billable requirement, like call length. Often, they use unauthorized data or prerecorded messages to complete a call and generate a fake lead.
CAPTCHA. Short for “Completely Automated Public Turing test to tell Computers and Humans Apart," a CAPTCHA is a visual or audio-based puzzle designed to block bots from executing certain actions, like filling forms or posting comments.
Click Bots. A type of malicious bot, a click bot is designed to engage with advertising and target cost-per-click (CPC) ad campaigns. Advertisers end up having to pay for phony clicks caused by these bots.
Click Farms. These organized operations consist of large groups of low-paid workers that are hired to click on ads and links in order to benefit a head fraudster. Many click farms are found in foreign countries.
Related Post: Monsters of Advertising: Click Fraud
Content Farm. A content farm is a website that hosts a large amount of low-quality content in order to game search engine algorithms. Content farms make sure their content ranks high on search results, which in turn gives the illusion that the site attracts lots of traffic. As a result, advertisers are more inclined to buy space on a seemingly popular content farm.
Cookie Stuffing. It’s not as delicious as it sounds. Mainly affecting affiliate marketing, cookie stuffing involves planting third-party cookies onto users after they visit a website. However, the cookie they get is from a completely unrelated website. Fraudsters use this “stuffed” cookie to track affected users. If any of those users completes a purchase, the fraudster gets credit for the referral, not the affiliate.
CPA Fraud. Cost per acquisition (CPA) fraud is usually associated with affiliate fraud. Affiliates get rewarded for promoting a product and sending people to a brand’s website, where they might convert in some way. Fraudsters commit CPA fraud when they steal referral credits from affiliates. Types of CPA fraud include practices like cookie stuffing, mentioned above.
CPC Fraud. Cost per click (CPC) fraud is a broad fraud category that mainly deals with search manipulation. Generally, fraudsters target the most popular search keywords, as those yield the biggest payout. The most common method of committing CPC fraud involves creating phony sites or content farms filled with high ranking keywords. The sites look legitimate, letting fraudsters sell ad space at a premium.
CPL Fraud. Cost per lead (CPL) fraud is committed by both bots and humans. Here, fraudsters falsely generate leads that will never convert. Some CPL fraud actions include filling out forms and clicking on ads or CTAs in order to trigger a payable event. Retargeting fraud, described below, is a form of CPL fraud.
CPM Fraud. CPM stands for “cost per thousand,” and it describes how much money an advertiser will pay for one thousand impressions. CPM fraud is a blanket term for fraud techniques that target impression counts, such as ad stacking or pixel stuffing.
Domain Spoofing. Here, fraudsters change the URL of their sites so it looks like a more reputable site (think www.paypal.com vs. www.paypals.com). Fraudsters then sell ad space on their fake site at a discount. Spoofed sites might also host dubious content, like adult themes, which could ultimately damage a brand's reputation should their ads appear on the site.
GDPR. The General Data Protection Regulation is a European Union law that aims to regulate the collection and usage of personal data belonging to a living, identifiable EU citizen. Under GDPR, companies are legally required to protect user data as well as empower users to control, monitor, and delete any personal information they want.
Related Post: 3 Signs You Have an Ad Fraud Problem
Human Click Fraud. Similar to click farms, human click fraud is a general term describing the act of using real humans to perform payable actions, like clicks and form fills, in order to deplete an advertiser’s budget.
Incentivised Traffic. Sometimes, in order to boost site traffic, publishers will offer incentives, like monetary rewards, to people who visit the site. Having incentivised traffic coming to a campaign is not ideal because most of the traffic probably won’t convert.
Internet of Things. Often abbreviated as IoT, the Internet of Things refers to the network in which any tangible object with internet connectivity can communicate with other connected devices.
Machine Learning. Heavily reliant on data analysis, machine learning is a branch of computer science that gives computers the ability to learn and improve on specific tasks without direct programming. Essentially, machine learning is what makes A.I. possible.
Malware. Malware is often part of the ad fraud mix. This type of malicious software is generally used to gather sensitive information or disrupt computer operations.
Pixel Stuffing. Operating on the publisher’s end, pixel stuffing happens when a bunch of ads are served into a single pixel on a webpage. Technically, the ad is viewable, but they’re physically unseen by users. Advertisers still have to pay for an impression.
Retargeting Fraud. This type of CPL fraud involves bots that mimic human behavior. Fraudsters program bots to act like interested customers. For instance, the bots may click through product pages or abandon a shopping cart full of items. These actions trigger a retargeting campaign, causing advertisers to waste money on these fake customers.
Spoofed Traffic. In the tech field, “spoofing” means masking one’s identity in order to deceive or trick another computer or user. Spoofed traffic is traffic that’s been manipulated to disguise its origins. Fraudsters use spoofed traffic to make it seem like real visitors are coming to a site from a variety of locations, when in reality, it’s probably coming from a single source.
Unauthorized Sources. Advertisers generally want traffic that comes from clean, trustworthy sources. However, to meet traffic demand, sometimes publishers acquire traffic from unauthorized sources that are outside of the agreed upon terms.