Stop Bots From Taking a Bite Out of Your Marketing Spend

This post is also available in: Japanese

Marketing fraud ─ including skewed analytics, ad fraud, affiliate fraud, and lead fraud ─ is a growing problem for online businesses in every industry. And when it starts getting reported on Buzzfeed, you can be sure that it has reached alarming proportions

Juniper Research estimates that in 2019, advertisers around the world will lose $42 billion of advertising expenditure to marketing fraud in online, mobile and in-app advertising ─ a 21% increase over the $35 billion lost to ad fraud in 2018. Clearly, marketing fraud is growing rapidly and is cause for great concern in C-suites everywhere.  

First, let’s outline the types of marketing fraud that involve bots.

Skewed Analytics

Regardless of whether bots visit a website to scrape content, spam forms, takeover user accounts or carry out DDoS attacks, their traffic always result in overall skewing of website metrics. This makes it difficult for marketers to gauge the effectiveness of their strategies and hinders planning and decision-making.  

Ad Fraud

Ad fraud is possibly the second largest form of organized crime in the world today. The massive growth in programmatic digital advertising in the past two decades has provided plenty of opportunities for fraudsters to game the system to cheat publishers, advertisers and intermediaries. Moreover, the digital ad ecosystem is highly automated, lacks effective regulation, and does not have widely-accepted safeguards to prevent bad actors from taking advantage of loopholes in the system.  

[You may also like: Retailers, How Much of Your Holiday Traffic is Actually Human?]

The graph below compares aggregated traffic to our e-commerce customers over Q4 2018 with bot traffic volumes. During Black Friday week in 2018, we observed a nearly ten-fold bot traffic increase from baseline volumes, while overall traffic roughly doubled during the same period. The holiday shopping season is when we usually see major spikes in bot traffic, with corresponding spikes in bot attacks to carry out scraping, account takeover, form spam and ad fraud.  

Graph 1: E-commerce sites, overall traffic versus bot traffic, Q4 2018.

Affiliate Fraud

Affiliate marketing programs are designed to reward affiliates who promote brands and bring in customers, using a metric called Cost Per Acquisition (CPA). Fraudsters use bots to redirect qualifying traffic to affiliates, and using tracking cookies used to record conversions, snatch away commissions from legitimate affiliates. 

Lead Fraud

Lead fraud takes two forms:  

  • Humans paid to click on ads or fill and submit web forms.  
  • Bots that perform clicks on ads, submit forms, spam forums and “see” retargeted ads (activated by means of the cookie trail that they generated by visiting premium sites.)  

[You may also like: Why Organizations are Failing to Deal With Rising Bot Attacks]

The graph below shows the combined traffic trend during November 2018 across several of our customers using our solution to mitigate ad fraud. The blue trend line shows overall traffic, while the red line shows total bot traffic. We see that both overall traffic and bot traffic increased just before Thanksgiving and stayed at elevated levels until Cyber Monday ─ a trend that has been consistent for several years across our customer base.  

Graph 2: All industries, overall traffic vs. bot traffic, November 2018.

With Black Friday and Cyber Monday just around the corner, brands are advertising heavily on leading media portals to promote sales and lure buyers with attractive offers. But how many of their ads will be seen by their intended audience? Ad fraud prevention firm Pixalate has estimated that in terms of programmatic ad volume across the 15 largest advertising markets in Q3 2018, 17% of programmatic ads served in the US were invalid, ranking it fourth in IVT (Invalid Traffic) behind Australia which had an IVT rate of 20%, Indonesia (30%) and India (34%). Of note is the fact that IVT rates for video ads within apps keeps growing — smartphones were found to have 22% IVT, while tablets had 19% IVT within apps.

The largest advertisers are so concerned about ad fraud laying waste to their marketing budgets that some of them have started cutting their digital ad spends. In 2017, consumer product giant Procter & Gamble ─ the world’s biggest advertiser ─ cut its digital ad spending by $100 million and reduced the number of sites its ads ran on to just around 900. In the same year, Unilever ─ the second largest global advertiser ─  also cut its digital ad budget by 59% to stem losses caused by ad fraud. Banking giant JPMorgan Chase also slashed the number of sites on which it advertised in 2017 from 400,000 to 5,000 (though this increased to around 10,000 sites a few months later). 

In spite of this, the banking group stated that there was no impact on their marketing performance metrics, a clear sign that the quality of an audience plays a bigger role in ensuring good results when compared to using scattershot programmatic advertising that is rife with fraud, as we have seen. It’s not surprising, then, that the biggest advertisers were forced to ramp down their spending on RTB (real-time bidding) channels to get more measurable and effective returns on their marketing spends.  

The Escalating Battle Against Marketing Fraud

With trust in the programmatic advertising ecosystem having been eroded by ad fraud, industry groups have banded together to come up with ways to ensure transparency and restore trust in the system. One of them is the ‘Ads.txt’ initiative by the Interactive Advertising Bureau (IAB). However, Ads.txt directives can be gamed by fraudulent parties, as the Wall Street Journal explains.  

Industry associations have proposed more stringent verification procedures, such as Ads.cert, adCOM, and the Ad Management API, which are all part of the new OpenRTB 3.0 technical specifications. Ads.cert is currently in beta testing, and it involves cryptographically-signing bid requests to validate the authenticity of inventory sold by authorized sellers and gives marketers better visibility into the quality of impressions their ads receive. Another initiative to rein in marketing fraud is TAG, a consortium of industry associations which works with companies in the digital advertising supply chain to eliminate fraud and ensure transparency

[You may also like: A Healthy Bot Management Strategy]

The Bottom Line

First, marketing fraud is extremely attractive to cybercriminals and will not be going away anytime soon. Second, the various technical solutions that have been proposed by industry groups to eliminate ad fraud are still in a nascent stage. Third, there is no guarantee that these solutions will accurately and reliable put an end to marketing fraud ─ especially the types that leverage bots.  

Keeping these points in mind, publishers and advertisers would be well advised to adopt dedicated bot management solutions that work in real-time to not only prevent fake ads and impressions, but also several other critical threats posed by bad bots on their websites, applications and APIs. 

Specialized solutions also have the advantage of being able to easily integrate with leading analytics dashboards such as those from Google and Adobe. (It’s worth noting here that Google Analytics can only filter known bots, not the newest, most sophisticated human-like bots). Read our Success Story ‘7Pixel Eliminates Non-human Traffic from Marketing Reports and Analytics Dashboards’ to learn more about the marketing benefits that can be gained from clean analytics. 

Note: A version of this article first appeared in Multichannel Merchant.  

Read “The Ultimate Guide to Bot Management” to learn more.

Download Now

Siddharth Deb

Siddharth is a Senior Content Developer at Radware's Bot Management group. He has worked with over 150 organizations across a diverse range of industries over the past decade and a half, writing research articles, blogs, scripts, white papers, web content and much more. Siddharth has a BBA from UT Arlington, and is a passionate motorcyclist who regularly rides to his favorite destinations.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center