Fortunately, advertising data has also never been more available. Google, Facebook, and other ad platforms offer hundreds of ways to divide up their reports into segments and countless metrics for us to see how well various segments are performing.

So with how important and available ad data is, it is quite puzzling that there is so much fraud in digital advertising and how little is apparently being done about it.

Figures on the actual size of advertising fraud vary widely. Some claim that only 2% of ads are fraudulent while The Association of National Advertisers estimates that $7.2b was lost globally to nonhuman traffic in 2016. Ad fraud researcher Dr Augustine Fou, however, thinks the problem is even worse and estimates that $31b of the $70b in digital advertising spend buys fraudulent ads.

Regardless of the total size of the market, tales of the extent of ad fraud operations are breathtaking. Methbot, an ad fraud network busted in December 2016, had over 500,000 IP addresses and was consuming 300m impressions daily, costing advertisers up to $5m per day.

That one operation can make millions of dollars per day on ad fraud makes the situation seem hopeless. What can a brand do to combat ad fraud, especially one with a marketing department which already has resource and budget constraints?

Fortunately, there are a few things even the most thrifty marketing departments can do to verify the traffic that they get from ads by using simple web analytics, five of which are detailed below. Armed with that information, brands can then shift their spending away from fraudulent ad networks and reward platforms which deliver real people to their site.

Before we start, though, Econsultancy is running a Mastering Analytics training course in Singapore on Thursday March 9th. This course will cover ad analytics and many other topics. You can find out more and sign up here.

Quick overview of ad fraud

There are many different types of ad fraud, but it fundamentally involves taking payment for ads and then either putting it on a spam site or not showing it at all.

The fraudster then uses bots to click on the non-existent or spam site ads so that marketers believe that they are getting results from the ads they are paying for. The end result is that the traffic which comes to a site from ad fraud is worthless and, therefore, should be detected and stopped.

Getting started combatting ad fraud

The first thing marketers need to do to combat ad fraud is to make sure that all ads are tagged correctly with campaign ‘utm’ variables. This will help marketers separate out paid traffic from organic traffic in their web analytics tool.

Google Analytics is used for the examples below, but note that these metrics are also available on other web analytics platforms, too.

1. Look at referring domains

One of the easiest ways to spot ad fraud is to look at the referring domain for site visitors. To do so, first segment paid traffic with an advanced segment so that the dashboard only shows paid traffic.

Then, with the paid traffic segment activated, go to Acquisition/All Traffic/Referrals to see the source of all of the traffic.

Should the sites be totally different than the usual referral sites, it is likely that you are paying for ads which are appearing on spam sites and the traffic is probably from bots.

2. Review user metrics

Checking referring sites is not enough, however. More sophisticated ad fraudsters know how to fake the referrer string and make the bot traffic appear that it is coming from legitimate sites. In these cases, another way of discovering bot traffic is to look at other user metrics such as bounce rate, time on site, and pages per visit.

Should any of these metrics be significantly different than normal web traffic (see 00:00:05 vs 00:02:24 average visit duration below), then your traffic is most likely from bots, not people.

3. Implement scroll events

User metrics, too, can be compromised by more intelligent bots which stay on a site for a random time, click links, and view two or three pages during a session. One way to distinguish bots like this from ‘real’ traffic is to implement scroll events.

Scroll Depth is one of many JavaScript scripts which, when put on a page that uses Google Analytics, will send an event to Google each time a user hits a certain scroll point (25%, 50%, 75%, 100%).

The result is an events report which shows how many visitors from a particular ad campaign are scrolling on your pages. To see the total number of events, go to Behavior/Events/Overview.

Real traffic will have some scrolling, but most bots will not trigger the scroll script and never trigger a scroll event, thereby outing themselves as fake traffic.

4. Use more ‘people-based’ marketing

Of course, there are bots which fake referrals, click around your site and scroll making it almost impossible to distinguish them from real traffic. In order to filter out the most sophisticated bot traffic, it is necessary to use ‘people-based’ marketing.

People-based marketing, available on both Facebook and Google, is a feature which lets marketers upload their customer details and create a ‘custom audience’.  This audience is matched to data held by the platform and then ads are only shown to these ‘real’ people.

The platforms also let marketers create ‘lookalike’ audiences based on these users which are more likely to be real people than anonymous web users.

While this may seem an extreme solution to the problem to some organisations, it is becoming accepted as an effective way to combat ad fraud.

5. Create ‘real people’ segments

Finally, if a marketer does create custom audiences using customer details, they can then create ‘real people’ segments in their web analytics program. Then, once the segment has a significant amount of data, marketers can compare the user metrics from the ‘real people’ segment with user metrics from other channels.

This will allow you to see whether visitors from the other channel behave like people or not. Bots may be able to simulate real user behaviour to some extent, but it is unlikely they will be able to match the ‘metric fingerprint’ of users on the site.


Ad fraud is a problem and as marketers are so reliant on ad data for their campaigns it is time to crack down on it. The analytical methods to discern real traffic from bot traffic are not difficult to implement. With a bit of work you should be able to review the outcomes and derive some action points.

Therefore, there is little reason for any site, big or small, to avoid using these techniques and continue wasting money on fraudulent ads.

Check out Econsultancy’s masterclass in advanced data analytics training.