How to Detect Ad Fraud in Your Campaigns

Learn More About Our Products

Traffic Analytics 

Before you can detect fraud through traffic analytics, you need a solid foundation of baseline data. This baseline helps you distinguish between normal activity and suspicious patterns. For example, if you know your website typically receives 1,000 daily visitors with a 2% conversion rate, a sudden spike to 10,000 visitors with a 0.1% conversion rate would stand out as potentially fraudulent. 

Before a digital ad campaign begins, identify your key performance metrics and understand their typical ranges and the factors influencing them. Only then can you effectively spot unusual behavior signaling bot activity or fraud. Basic metrics to evaluate include: 

• Unexplained traffic spikes: Large or atypical swings in traffic could be a successful campaign or an influx of bot or click farm traffic 
• Higher bounce rates: Bots will click on a link to register engagement but immediately leave the site after it loads so a sign of fraud would be a bounce rate is higher than a typical campaign 
• Visit duration: Similar to higher bounce rates, a drop in visit duration could mean bots are visiting the site staying a short time and leaving, providing no benefit to the campaign 
• Conversion rates: Abnormally high conversion rates in sales, leads or installs while weirdly low conversion rates could happen because of bot visitors, both should be investigated.  
• Visitor locations: Spikes in users with IP addresses from parts of the world outside your target market are a clear indicator of fraud.  

Setting up automated reports with good baseline data is an important first step in detecting ad fraud before you begin your ad campaigns.  

Device Fingerprinting 

Device data a network collects when handling user requests can be used to create a device profile and compare it against typical, non-fraudulent devices. Similar to IP blocklists but instead of evaluating IP addresses for their riskiness and blocking them, you’re doing so for individual devices. The data points to pay attention to include: 

• User-agent: Browsers and operating systems have unique identifiers, if one device has several of each or has incongruent software it may be fraudulent 
• Number of users & IP addresses: One device with an inordinate number of users or IP addresses associated with it could be a public device or a device used for fraud 
• Device data: Information like battery usage, device orientation and screen resolution can be compared to legitimate devices 
• IP masking & VPNs: Not all devices using IP masking commit fraud, but all devices who commit fraud use IP masking 

Fraud detection software can recognize these patterns and identify individual devices involved in fraud. This data is used to assess the likelihood of a device harming the network and the device can be blocked or flagged for investigation. 

User Behavior Analytics

Zooming in on individual user behavior offers insights when investigating potential fraud. By analyzing patterns at the user level, you can uncover suspicious activities that might get lost in aggregate data. Here’s what to watch for when examining a potentially fraudulent user:

• Click patterns: Bots will be too regular, or erratic compared to human users with clicks, scrolls, typing and mouse movements
• Browsing behavior: An abnormal number of pages visited, and amount of time spent on a page can reveal bot behavior
• Engagement: Odd engagement like filling out multiple forms or entering weird search queries demonstrates bot or click farm engagement
• Login attempts: Scammers trying to hack someone’s account will use several login attempts or logins from multiple locations and devices

As part of your larger investigation, tracking individual users provides invaluable intel on the legitimacy of website traffic.

Working with a fraud detection partner removes the guesswork. Fraudlogix operates one of the largest fraud sensor networks in the world, monitoring 300 million+ URLs and 1 billion+ users monthly across 195 countries. Our Programmatic IVT Detection pixel gives you free post-bid analytics across bot activity, brand safety, domain spoofing, and viewability — with zero integration complexity.

For campaigns where stopping invalid traffic before it serves is the priority, the Pre-Bid IP Blocklist blocks 30 million+ high-risk IPs at the bid request level, updated hourly. Whether you’re dealing with common ad scams like click farms and ad stacking or more sophisticated IVT, Fraudlogix gives you the visibility to detect it and the tools to stop it. Contact us to get started.