The Ultimate Ad Fraud Glossary

Get a full understanding of click and ad fraud. All the definitions and common terms explained on invalid traffic, fake users, bots and ad fraud.


Account Takeover

Account takeover refers to the unauthorized access and use of a user’s online account, typically achieved through hacking, phishing, or credential stuffing.

This can lead to unauthorized transactions, identity theft, and unauthorized access to sensitive information, causing financial loss and damage to the user’s reputation.


Launched in May 2017 by the IAB Tech Lab, the Authorized Digital Sellers project aims to tackle various types of ad fraud, most notably domain spoofing and illegal inventory arbitrage.

Ads.txt is a simple text file that contains information about which companies are allowed to sell digital inventory on a particular domain. As it can be created and modified only by the webmaster of a domain, the information of the file is considered valid and authentic.

Ad Fraud

A type of scam in which fraudsters intentionally falsify engagement on an ad and fool advertisers into paying for it. In most cases, ad fraud refers to fake traffic, fake leads or misrepresented and ineffective ad placement.

Some types of ad fraud include:

  • Ad injection
  • Ad stacking
  • Ad tag hijacking
  • Affiliate fraud

Ad Injection

A technique where ads are visibly or hiddenly inserted into websites or apps without asking the publisher’s permission and without paying them.

Ad injection can occur in multiple forms. Ads can be inserted on top of already existing ones or replace them entirely. Injected ads can also appear on web pages that otherwise never show ads.

The injection of ads can take place via malware such as browser plugins. When a user clicks on the ads, the plugin developer would be paid instead of the publisher.

Ad Network

A technology platform that serves as a broker between publishers (supply-side) and advertisers (demand-side).

Ad networks acquire available inventories from a publisher and sell them to advertisers as packaged impressions. Without ad networks, publishers would have to negotiate deals with each individual advertiser.

While there are all sorts of different media (print, television, radio etc.) the term is used exclusively to refer to online advertising.

Ad Rotator

A tool that allows a publisher to rotate two or more ads in the same place on a website. The rotator can have both a time-based trigger or update the ad when a user refreshes the page.

Ad Server

Technology used by publishers, advertisers, ad agencies, and ad networks to manage and run online advertising campaigns. Ad servers store advertising content and are responsible for serving them to a website or app.

Additionally, ad servers collect data about ad performance (e.g. impressions, clicks, etc.) for advertisers and publishers to gain insights and monitor the performance of their ads.

Ad Stacking

The process of placing multiple ads on top of each other in a single ad placement. While only the top ad is visible to the user, a click or impression is registered for every ad in the stack. This leads advertisers to pay for fake impressions and / or clicks.

Ad stacking is one of the most common forms of ad fraud.

Ad Tag Hijacking

Stealing an ad tag from a publisher’s website and using it on another one. This is often done as an attempt to sabotage the brand’s reputation.


Adware, or advertising supported software, is a software that automatically presents ads within an application or operating system.

In its malignant form, it often displays unwanted and in most cases hidden or obtrusive ads (e.g. pop-ups or pop-unders). In this case, the software is designed to fake legitimate user-generated traffic to a website or app.

Affiliate Fraud

In an affiliate program, an advertiser pays a commission to an external publisher, e.g. for the sales of a product or the generation of leads generated by its referrals.

Any false or unscrupulous activities carried out in order to receive a commission from an affiliate marketing program are referred to as affiliate fraud. This includes any activities that are explicitly prohibited in the terms and conditions of an affiliate marketing program.

Anomaly Detection

Also known as outlier analysis, anomaly detection refers to a step in data analysis which identifies data points, events, or observations which deviate from the normal behavior of a dataset.

App Tracking Transparency (ATT)

Introduced with iOS 14.5 in April 2021, App Tracking Transparency (ATT) is a privacy feature by Apple, that requires all iOS apps to obtain user permission in order to access the Identifier for Advertisers (IDFA) and track the user or the device.

Attribution Fraud

A type of mobile ad fraud where fraudsters steal credit for app installs. This works by reporting fake clicks as the last engagement prior to the first time an app is launched by a legitimate user. This falsely credits the fraudster instead of the genuine source responsible for the app installation.

Attribution Tool

Attribution tools provide marketers with all relevant information to determine the success of digital adverting campaigns and marketing channels. They help to understand how much credit should be given to each marketing touchpoint.

Auto-reload / Auto-refresh

The practice of automatically refreshing ad slots within a single page view in order to increase ad impressions. The ads can be refreshed after a regular time interval or due to certain user actions like scrolling, mouse movement or clicking. Users might not even notice that ads have been refreshed, but ad impressions will be registered regardless.

Combined with a CPM model, advertisers end up paying for ad impressions that were either unviewable by a real user or only visible for a very short amount of time.

Automated Traffic

Any traffic to a website, that is not generated by a real human. Automated traffic can stem from a variety of sources including search engine crawlers, website uptime checker software, automated scripts and many more.

In most cases, automated traffic originates from bots visiting websites in order to increase ad impressions and traffic.

Automation Tools

A piece of software that was designed to verify requirements in software development via automated test scripts. Examples include Selenium and Puppeteer. Automation tools are used to automate repetitive tasks or perform those that are difficult to do manually.

However, fraudsters abuse automation tools to visit websites and click on ads automatically.


Behavioral Analysis

Sophisticated bots are now able to mimic human behavior in great detail. Behavioral analysis is used to examine user interactions and compare them with the behavioral profile of the entire website. In this way, abnormal behavior can be detected quickly and reliably.

Blacklisting / Blocklisting

The usage of lists of known or suspected malicious fraudulent IP addresses, domains, or other parameters to prevent advertisers from serving their ads to them.

Bots / Fake Users

A bot is an automated software program designed to perform specific tasks on the internet, such as crawling websites or checking the server’s uptime.

In the context of ad fraud, bots are programmed to emulate human behavior. They vary in levels of sophistication and are capable of consuming digital content and performing several tasks, including:

  • Visiting web pages
  • View ads
  • Click on ads
  • Watch videos
  • Installing apps
  • Accepting cookie banners
  • Adding products to the shopping cart


A network of computers, smartphones or IoT devices whose security has been breached and control has been handed over to a third party that uses the network to carry out malicious attacks.

Bot Detection

The process of analyzing the traffic to a website, mobile app, or API to detect and identify malicious bot traffic and bot impressions, while allowing access to legitimate human traffic and authorized bots.

Bot Prevention

Actively preventing bot traffic and bot impressions before inventory is bought or sold.

Bot Traffic

Automated requests made to a website, mobile app, or API that are triggered by an automated process (bot) rather than a real human user. In the context of ad fraud, this non-human traffic is designed to mimic real user behavior and inflate audience numbers.

Bot Traffic Detection using Analytics

A bot can be indistinguishable from any other web user, but there are ways you can use analytics data to help detect bot traffic. Some indications for automated traffic are unusually high page views, unfamiliar referral traffic, unusually high bounce rates, spikes in traffic from an unusual region, abnormally low time on page, very high or very low average session duration, constant refilling or refreshing of content, anomalous timing of events, frequency of visits from any single IP address (more than 100x visits from a single IP on a given day).

Bounce Rate

The bounce rate is an online marketing KPI in web traffic analysis. A bounce is a single-page session on a website. The bounce rate represents the percentage of all visitors who leave the website without navigating to another webpage.

Broken Lookalike Audiences

Lookalike audiences that are based on fake traffic are causing advertisers to target more bad traffic with no intention of converting.

Browser pre-rendering

Browsers can load certain content on a website before the user accesses and interacts with it. This is done to speed up fetching the content and provide the user with a seamless experience on a website.

However, this preloading and rendering of content can result in an ad impression that the user never viewed or accessed.

Brute Force Attack

An attack method that involves systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This technique is typically used to gain unauthorized access to user accounts or encrypted data.



Short for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

The test is used to distinguish human users from bots and block bots from websites, apps or APIs. CAPTCHAs are mostly used on forms, login pages or in comment sections to prevent spam bots and brute force attacks.

The most popular CAPTCHAs include:

  • reCAPTCHA.
    A free tool from Google that requires you to type distorted text into a field or click on images that contain a predefined symbol (e.g., a car, cat, etc.)
    The simplified and more user-friendly version of Google’s reCAPTCHA tool. Human users must confirm that they are not a robot by simply clicking a box.
    A CAPTCHA service that focuses on privacy and security. It works similarly to Google’s No CAPTCHA reCAPTCHA tool.


An automated software designed to bypass CATPCHAs on websites. CAPTCHA bots can work in different ways:

  • Automatic mode.
    In some cases, the CAPTCHA is quite simple and consists only of distorted text or numbers that users have to enter into a field. CAPTCHA bots are able to solve these tests on their own.
  • Mode with human assistance
    More challenging CAPTCHAs, which present users with images from which they have to click those with a certain characteristic, are not so easy to decipher and often require a human to be solved. In this case, the CAPTCHA bot relies on so-called CAPTCHA farms – a collective of people whose task it is to solve CAPTCHAs. The bot sends a request with the CAPTCHA to a human, who solves the task for the bot and sends the solution back to it.

Click Farm

Click farms consist of a large group of low-paid workers hired to click on advertisements, like, share, comment, subscribe or follow any social media account and are usually located in developing countries, such as China, India, Indonesia, and Bangladesh. Workers are paid, on average, one US dollar for a thousand clicks.

Unlike botnets, click farms involve real people sitting at physical devices and clicking on ads, often using a VPN to access ads outside their geographical location. Because click farms want to be active 24 hours a day, most click farmers work a three-shift system in miserable working conditions, operate hundreds of pieces of equipment at once, and are not allowed to listen to music.

Because of this real human behavior, it is often very difficult to detect and block click farms.

Click Fraud

Click fraud refers to the deceptive practice of artificially inflating the number of clicks on a pay-per-click (PPC) advertisement. This is typically done using automated bots or hired individuals (“click farms”) to click on ads. The aim is depleting the advertising budget of the targeted party, or to earn revenue from advertisers by driving fake traffic to ad placements.

This illicit activity undermines advertising campaigns and results in advertisers paying for illegitimate, non-genuine traffic.

Click Injection

Click injection is a sophisticated form of ad fraud wherein fraudsters insert or “inject” fraudulent clicks into the user journey, often taking credit for app installs or other conversion actions they did not genuinely influence. This deceptive practice utilizes malicious software on mobile devices to detect when other apps are being downloaded and rapidly generates fake clicks, aiming to appear as the last-clicked ad and thereby unjustly claim credit (and compensation) for the conversion. Consequently, advertisers pay for illegitimate actions, while genuine affiliates or marketing channels are deprived of rightful attribution and revenue.


Clickjacking involves manipulating a user’s interaction with a webpage, typically by overlaying a transparent frame over visible content, to secretly redirect their intended clicks to a different, unauthorized target. In the realm of ad fraud, clickjacking is used to generate fraudulent clicks on digital advertisements, as the fraudsters trick users into clicking on an ad without their knowledge or intent. Consequently, advertisers are misled about the authenticity and intent of the traffic, incurring costs for illegitimate engagements while the fraudsters profit from these deceitful actions.

Connected TV (CTV)

Connected TV (CTV) refers to any television that can be connected to the internet and access content beyond what is available via the normal broadcasting channels. CTV allows users to stream video content through applications, either built into the TV itself or through external digital media players such as Roku, Amazon Fire Stick, or Apple TV. This technology enables viewers to access their favorite shows, movies, and other content on-demand, while also presenting advertisers with a platform to reach viewers through targeted digital ads.

Connected TV (CTV) Fraud

Connected TV (CTV) fraud refers to fraudulent activities that exploit digital advertising efforts within internet-connected televisions. CTV ad fraud may encompass a range of malicious activities including, but not limited to, device spoofing, bot traffic, and misrepresented inventory, all aimed at deceiving advertisers and siphoning revenue by delivering ads that are not viewed by genuine users. Given the proliferation of streaming platforms and the significant advertising spend within CTV environments, it has become a lucrative target for fraudsters seeking to exploit the digital ad ecosystem.

Conversion Fraud

Conversion Fraud refers to deceitful practices wherein fraudsters manipulate or create fictitious conversion events, such as form submissions, sales, or app installs, with the aim to unjustly claim advertising commission or inflate performance metrics. This fraudulent activity is typically executed through methods like click injection, fake form submissions, or utilizing bots to simulate genuine user engagement, thereby distorting advertisers’ insights and wasting advertising spend on invalid traffic or interactions.

Cookie Stuffing

Cookie stuffing, also known as cookie dropping, is a deceptive type of ad fraud wherein unauthorized cookies are placed on a user’s browser without their knowledge or consent. Fraudsters use this technique to falsely claim commission for online sales or actions, even if they played no actual role in driving the user towards the conversion. 

Credit Card Fraud

The unauthorized use of a credit card or card details to make purchases, withdraw funds, or conduct fraudulent transactions, often leading to financial loss for the cardholder or the issuing bank. This type of fraud can occur through various means, such as phishing, data breaches, or card theft.


Denial of Inventory

A form of online attack where bots rapidly reserve available items or services, preventing legitimate users from accessing them. This can lead to loss of revenue and customer dissatisfaction, often seen in sectors like ticketing, travel, and e-commerce.

Distributed Denial of Service (DDoS)

A type of cyberattack where multiple compromised systems are used to flood and overwhelm a target’s resources or network, causing service disruptions, downtime, or unavailability for legitimate users.

DMP (Data Management Platform)

A Data Management Platform (DMP) is a centralized computing system that collects, integrates, manages, and analyzes large volumes of structured and unstructured data from various sources. The primary objective of a DMP is to generate unified customer profiles, which can then be used to create more targeted and effective advertising campaigns. These platforms facilitate advertisers and marketers in understanding their audience and effectively managing their ad targeting, thus optimizing ad spend and enhancing campaign performance.

DSP (Demand-Side Platform)

A Demand-Side Platform (DSP) is a technology platform that allows advertisers and agencies to buy ad placements programmatically across various ad exchanges, networks, and websites. DSPs enable advertisers to purchase impressions efficiently, targeting specific users based on criteria such as demographic, geographic, and behavioral data, ensuring that ads are displayed to the most relevant audience and optimizing ad spend.

Device Farm

A device farm refers to an arrangement in which numerous physical devices, often smartphones or computers, are set up and operated to systematically engage with digital advertising. Device farms are used to generate illegitimate ad clicks, ad views, or app installs to manipulate advertising metrics to either exhaust a competitor’s ad budget or increase revenue for the fraudulent parties.

Device Spoofing

Device spoofing refers to the practice in which a device pretends to be another by sending false information about itself. This can be done by manipulating various identifiers such as the user agent string which contains unique information about the device, the operating system, the web browser and many more.

Domain Spoofing

Domain spoofing refers to a deceptive practice where fraudsters misrepresent the domain on which an ad is displayed. This is achieved by manipulating the ad exchange to believe that the ad is being placed on a premium, legitimate website, whereas it actually appears on a low-quality or fake site. Advertisers are thus misled into paying premium prices for ad placements on websites that have little to no genuine visitor traffic, compromising advertising ROI.



An Exchange refers to a digital marketplace that facilitates the buying and selling of online ad inventory between advertisers and publishers. Exchanges enable advertisers to purchase ad space, often through real-time auctions, to display their advertisements on various digital platforms and websites.

Exclusion lists

Exclusion lists, also known as negative lists, blocklists or blacklists, refer to lists of IP addresses, domains, apps, or other entities that advertisers choose to exclude from their ad campaigns to prevent their ads from being displayed in undesirable or irrelevant locations. This practice is implemented to enhance ad performance, safeguard brand reputation, and avoid associations with malicious or inappropriate content. It also aids in minimizing wasted ad spend by ensuring that ads are not being served to low-quality or fraudulent traffic sources.


Fake Apps

Apps load ads in the background when the app is not in use or even the device itself is not in use. Like an alarm clock app that loads ads in the background when the owner is asleep. Maybe the battery dies a little faster or the device is a little slower than usual but that’s it. Some apps also pre-load hundreds of ads, for performance reasons, that never end up getting displayed.

Fake Bid Requests

Fake bid requests occur when fraudulent entities generate fictitious auction bid requests in programmatic advertising, attempting to mimic legitimate ones from actual advertisers. These deceptive requests aim to mislead advertisers and demand-side platforms into purchasing non-existent or low-quality ad inventory, consequently draining advertising budgets and reducing the efficacy of campaigns.

Fake Data

Fake data refers to fabricated, altered, or misrepresented information used to deceive ad platforms, advertisers, and networks. In an advertising context, fraudsters may generate fake data such as non-human traffic, counterfeit clicks, false impressions, or bogus conversions to illegitimately gain revenue, mislead campaign analytics, and exhaust advertisers’ budgets.

Fake Sites/Cash-Out Sites

Fraudster set up fake sites that are made only to serve ads to bots. It is usually a three step process whereby a fake website is created as a first step. As a second step, cheap bot traffic is purchased and routed to the new website. The ad networks see that this site is getting a lot of traffic and include it in their inventory. The third and final step, advertisers buy ad space on the site and the fraudster gets paid. Ad fraud is that easy.

Form Spam

Form spam involves the unwanted, automated submissions of online forms by bots. Fraudsters use bots to fill out and submit web forms, such as contact or subscription forms, with false or leaked personal information from the dark web, often to create fake leads. Form spam can be utilized to inflate lead generation metrics dishonestly, misleading advertisers regarding the effectiveness of their campaigns and depleting their budgets on illegitimate actions.


Geo Masking

Geo masking involves fraudsters manipulating IP addresses to disguise low-quality web traffic as high-quality to inflate its market value. By misrepresenting the geographical location of traffic, perpetrators can sell it to advertisers at premium prices, especially targeting higher-value regions. This misleading practice not only deceives advertisers into overpaying for subpar traffic, but also adversely impacts the effectiveness and ROI of their digital advertising campaigns.


Hidden Ads

Hidden ads refer to a deceptive practice where fraudsters place advertisements in a way that they are not visible to users but are registered as viewed in the advertising platforms. This can involve stacking multiple ads on top of each other, using a 1×1 pixel size, or placing ads behind page elements, ensuring that they are never actually seen by a legitimate user. However, advertisers are charged for these faux impressions as if they were legitimate, leading to wasted ad spend and skewed analytics, while the fraudsters illicitly earn revenue.

Hijacked Device

A hijacked device refers to a user’s device that has been illicitly taken over by a fraudster, often through malware or other unauthorized means, for the purpose of perpetrating ad fraud. In this context, the fraudster exploits the device to generate fraudulent ad requests, clicks, or even fake installations, thereby illicitly gaining revenue from digital advertising ecosystems. The actual user of the device may be oblivious to the fraudulent activities being conducted through their device, which can compromise user experience and privacy while defrauding advertisers and publishers.



An impression refers to the viewing of a digital ad by a user on a web page, app, or other digital platforms. Each view or display of an ad, regardless of clicks or user engagement, counts as one impression, serving as a metric to quantify the visibility and reach of an advertisement. Advertisers often use impressions to measure the frequency and distribution of their advertising messages, paying for a specified number of impressions through models like Cost per Mille (CPM).

Impression Fraud

Impression fraud involves generating illegitimate ad impressions to artificially inflate advertising costs. Perpetrators use various tactics like automated bots, non-human traffic, or pixel stuffing to create false impressions, thereby misleading advertisers into believing their ads are being viewed by genuine users. This manipulation aims to deceive advertisers into paying for non-genuine or non-human traffic, resulting in wasted advertising budgets and skewed performance metrics.

Invalid Traffic (IVT)

Invalid traffic pertains to any clicks, impressions, or interactions with an online ad that are not generated from genuine user interest. This encompasses a range of fraudulent activities including, but not limited to, bot-driven traffic, manipulative refreshing of pages, and intentional misdirection of users. Invalid traffic ultimately diminishes the efficacy of advertising campaigns by draining ad spend without providing real user engagement or opportunities for conversion.


Last Click Attribution (LCA)

Last Click Attribution (LCA) refers to a digital analytics model that attributes the entirety of the conversion value to the final click before a transaction or conversion. Essentially, it assigns 100% credit to the last advertisement with which the user interacted before making a purchase or completing a desired action. While straightforward, LCA can sometimes oversimplify the customer journey, potentially overlooking other marketing touchpoints that may have influenced the user’s decision.

Location Fraud

Location fraud refers to the deceptive practice of manipulating or falsifying the geographical location data of ad impressions, clicks, or transactions. Fraudsters employ various techniques like IP spoofing or utilizing false GPS data to misrepresent the actual location of a user, thereby making the ad traffic appear more valuable or relevant than it actually is. This fraudulent activity misleads advertisers into believing that their ads are being viewed by users in specific, often more lucrative, geographic areas.



Malware refers to malicious software utilized by fraudsters to infiltrate, damage, or disrupt user devices or networks to manipulate ad views, clicks, or create fake traffic. Ad fraud malware may force affected devices to engage with ads without the user’s knowledge or consent, generating illegitimate revenue for perpetrators by simulating genuine user interactions, skewing analytics, and unjustly siphoning advertisers’ budgets.


Naked Ad Calls

Naked ad calls are ad impressions served without webpages, so the fraudsters’ bots save time and bandwidth to interact with more ads.

Non-human Traffic (NHT)

Non-human traffic refers to online traffic generated by bots or automated programs rather than legitimate human users. In the realm of ad fraud, these bots mimic human behavior, such as clicking on ads, visiting websites, or initiating video views, with the intent of artificially inflating traffic numbers and siphoning off ad budgets. Advertisers may be misled by these inflated metrics, which do not represent genuine user engagement, thus leading to wastage of advertising budgets on ineffective placements that have no possibility of converting into genuine sales or leads.


Pay-Per-Click (PPC)

Pay-Per-Click (PPC) is a digital advertising model wherein advertisers pay a fee each time their ad is clicked by a user. Instead of earning visits organically, advertisers can buy visits to their site. PPC ads can appear on search engines, websites, and social media platforms and are often targeted to user behavior, preferences, or demographic information. Advertisers bid on the perceived value of a click in relation to the keywords, platforms, and audience type in which it originates.

Performance Max

Launched in November 2021, Performance Max campaigns allow advertisers to access all Google Ads channels through a single campaign.

It is an automated campaign type, similar to Smart Campaigns, that uses automation not only to create your ads (similar to responsive display ads from the assets you provide), but also to determine when and where ads appear to reach your goals.

Performance Max campaigns run on every platform Google owns. This includes YouTube, Google’s Display Network, Google Search, Google Discover, Gmail and Google Maps.


Phishing is a cybercrime in which attackers use deceptive communication, typically via email, to trick individuals into revealing sensitive information, such as passwords or credit card numbers, by posing as a trustworthy entity. This technique regularly involves directing users to fraudulent websites designed to mimic legitimate ones.

Pixel Stuffing

Pixel stuffing is an ad fraud tactic where fraudsters cram a full-size ad into a tiny pixel (such as 1×1) or place it in a non-viewable area of a webpage, rendering it invisible to users while still generating impressions. Advertisers pay for these illegitimate views despite the ads being unseen by users, which erodes marketing budget efficacy and skews advertising data.


Ads and more webpages are loaded in Pop-unders – withouth the user activating this themselves and not being visible to any user. Most of this kind of traffic occurs on porn and piracy sites.

Private Marketplace (PMP)

A Private Marketplace (PMP) is an exclusive advertising space where select advertisers can purchase inventory (ad space) through an invitation-only, RTB (real-time bidding) auction. Unlike open auctions, a PMP allows publishers to offer their premium ad inventory to a restricted group of advertisers, providing them with more control over who is buying their inventory and at what price. This often results in higher-quality ad placements and enables advertisers to access premium inventory that may otherwise be unavailable in open markets.

Proxy Traffic

Proxy traffic refers to web traffic that uses proxy servers to disguise the origin IP addresses, presenting it as legitimate user traffic to advertisers. Fraudsters employ proxies to simulate traffic from different geographical locations, mask illicit activities, or bypass geolocation restrictions, thus generating false impressions and clicks.


A publisher refers to an individual or entity that creates and distributes content to attract an audience, offering space within their digital platform (such as a website, app, or video channel) to display advertisements. Publishers monetize their platforms by selling ad spaces to advertisers, marketers, or ad networks, aiming to generate revenue through various compensation models, such as pay-per-click (PPC), cost per mille (CPM), or affiliate marketing, based on the exposure or engagement the advertisements receive from the audience.


Real-Time Bidding (RTB)

Real-Time Bidding (RTB) refers to the instantaneous auction that occurs for each ad impression as a webpage loads. Advertisers bid in real time for the opportunity to display their ad to a specific user based on their browsing behavior and demographic data. The winning bidder gets their ad displayed to the user, all of which occurs in milliseconds. This automated process enables advertisers to efficiently target and purchase ad impressions to optimally reach their desired audience.

Residential Proxy

A residential proxy refers to an intermediary that uses an IP address provided by an Internet Service Provider (ISP), not a data center, masking the user’s true IP address. Fraudsters employ residential proxies to mask their true location, bypass anti-fraud systems, and mimic legitimate user behavior, making their activities appear more authentic and harder to detect than those originating from data center proxies. This method is maliciously used to create the illusion of genuine user interactions from various locations and devices, misleading advertisers and skewing analytics.


Retargeting is a digital advertising strategy wherein ads are displayed to users who have previously visited a website or interacted with a specific online advertisement. By utilizing cookies or other tracking technologies, advertisers can target individuals with specific ads across different digital platforms in an effort to re-engage them, often by showing products or services they’ve previously viewed or expressed interest in.

Retargeting Fraud

Ultimately a simple scam. Bots are sent to a business’s website in order to get tagged for retargeting ads. Bots are then sent to the fraudster’s website to “look” at the ads that the business is paying to display.

Return on Advertising Spend (ROAS)

ROAS, or Return on Advertising Spend, is a metric used in online advertising to calculate the efficacy of digital advertising campaigns. It is determined by dividing the revenue generated from an ad campaign by the cost of that ad campaign. Essentially, ROAS helps advertisers understand the amount of revenue generated for each dollar spent on advertising, thus aiding in evaluating the financial success and profitability of their online advertising endeavors. A higher ROAS indicates a more effective advertising campaign.


Scalper Bots

Scalper bots are automated software designed to purchase high-demand items quickly, such as event tickets or limited-stock products, before legitimate users can access them. Scalper bots also may hoard inventory to resell at inflated prices, thus distorting market demand and prices, and creating an artificial scarcity that harms both businesses and consumers.

Scraper Bots

Scraper bots refer to automated scripts or programs designed to extract or “scrape” content or data from digital advertising platforms, websites, or apps. In the realm of ad fraud, scraper bots can steal valuable information, such as pricing, content, or customer data, to be used maliciously by competitors or fraudsters. This unauthorized data use can lead to skewed analytics, compromised user experience, and potential financial losses for advertisers or publishers.

SDK Spoofing

SDK Spoofing refers to a type of ad fraud where fraudsters simulate ad views, clicks, or installs within a spoofed app environment, without any real user involvement. They manipulate the Software Development Kit (SDK) communications between the advertiser and the app, generating fictitious activities that seem legitimate. These activities are then wrongfully attributed to genuine advertising efforts, causing advertisers to pay for interactions that were never performed by real users, thus leading to financial losses and skewed marketing data.


User-Agent Spoofing

User-agent spoofing refers to the deceptive practice of manipulating the user-agent string, which is information transmitted by a browser or application to websites describing the type of device and software being used. In the context of ad fraud, malicious actors employ user-agent spoofing to mimic legitimate user devices, browsers, or locations to fraudulently generate impressions, clicks, or to conceal the origin of fraudulent traffic, thereby misleading ad servers and analytics platforms. This tactic helps fraudsters evade detection and illegitimately monetize digital advertising efforts.


VPN (Virtual Private Network)

A VPN, or Virtual Private Network, in ad fraud, is utilized by malicious actors to mask their true IP address and geolocation, appearing to be legitimate users from desired target locations. By routing traffic through a VPN, fraudsters manipulate geographic data and demographics to create deceptive web traffic, thereby affecting advertisement impressions and clicks. This skews advertising data, dilutes marketing strategies, and can erroneously allocate ad spend towards illegitimate or non-performing markets, thereby illicitly siphoning off advertisers’ budgets.

Protect Your Data and Analytics From Bots and Invalid Traffic

Take back control over your data and try fraud0.

Rated a

High Performer

4.9 out of 5 stars

Our Customers Love Us

Subscribe to our newsletter
Try fraud0 for 7 days
No credit card required.

Already have an account? Log in