Is Your Traffic Human or Nonhuman? An Ad Fraud Investigation
Non-human or bot traffic is awesome. If you’re a fraudster. Armed with basic tools, such as an amateur understanding of various programming languages, perhaps a small rinky-dink mobile farm or perhaps the ability to automate fake clicks and installs, and you’ve got yourself a handy little ad fraud operation, ready to go!
But, let’s change gears and report some positive news, according to Dainomi, they reported that bot traffic on ad campaigns is down from 60% in 2017 to 32% in 2018. However, the industry is far from clean. When first tackling ad fraud, it helps to understand some common concepts about the different types of ad fraud. Below is our crash-course on human and non-human ad fraud types (or quick table for those short on time).
Human | Non-Human |
Emulators | Click Injection |
SDK Spoofing | SDK Spoofing |
Sophisticated Bots | Click Spamming |
Simple Bots | Click Farms |
Click Farms | Cookie Stuffing |
Bot Farms | Invisible Ads |
Domain Spoofing | |
Ad Injection | |
Pixel Stuffing |
What’s in this article/
Non-Human Traffic Ad Fraud Types
What do you imagine when we talk about ad fraud? For most, bots are a necessary part of the equation. This is certainly true for the following ad fraud types, that the traffic is solely generated by non-human based traffic.
Simple Bots
Bots that run a simple script from a server are called “simple bots”. They are easily identifiable, as they have a static user ID, device ID and IP making it much easier to block.
Sophisticated Bots
As the name suggests, this is a more sophisticated version of a bot, and thus, they are harder to detect and prevent. They employ advanced techniques such as mimicking human-like mouse movements, using random proxies and IP address spoofing. Additionally, to imitate human behavior, they exploit users’ cookies.
SDK Spoofing
This is the grand-daddy of non-human traffic, because, well – it isn’t really traffic at all! This type of ad fraud generally occurs on install and CPA fraud. It happens through listening in on the vital communication between MMPs and the app stores and other important parties in the CPI/CPA advertising cycle. This communication is then replicated, and edited if needed to replicate genuine installs and usually post-install actions. Often, SDK spoofers will write a script that simulates a string on post-install in-app actions, mimicking a real person. This is a form of hacking and is directly targeted at MMPs. It is one of the most difficult types to detect. Thus, with SDK spoofing, no actual clicks, or events have taken place, it is a form of sophisticated script hacking.
Botfarm and Device Farms
Bot farms are probably as you are imaging, a large crop of phones, all yielding juicy clicks, and installs. These are essentially a large number of organized residential computers that generate fake actions such as ad clicks or installs. Usually, they work on a simple, ‘action+reboot+repeat model’, whereby they are programmed to generate fraudulent traffic (click, install, post-install action), then are programmed to reboot and repeat the action again. Much like, GroundHog Day, a film which apparently many people find “funny”. Due to the simplicity, and indicators such as IP address and mismatched OS version (usually phone farms use outdated devices with old operating systems) are an indication of this kind of non-human traffic. Botfarms, device farms or phone farms can also be referred to as “botnets”
Emulators
Emulators are more sophisticated. You might have been introduced to emulation software, or the emulation method when trying to play different types of games across different devices. Remember the good old days when you tried to play Pokemon Green on your humble computer? What you were doing then, is making your computer emulate and disguise itself as another device, in this case, a Nintendo Advanced. This same method aims to scale-up fake clicks and installs, sent from simulated devices, disguised or ‘emulated’ as mobile devices.
Ad Fraud Types That Use Human Traffic
Human traffic, as the name suggests, utilizes real people to commit these fraudulent acts. Ad fraud is the second most profitable organized crime in the world, thus this puts it into perspective the lucrative incentives for such illegal activities. The other type of human traffic based ad fraud usually takes advantage of organic traffic and fools MMPs into attributing that organic traffic to the fraudster as a paid source. This type of ad fraud is known as “attribution fraud“.
Click Farms – Ad and Attribution Fraud
Click farms are home to some of the least sophisticated ad fraud methods: think volume and repetitive manual labor. This may be a group of people (in varying sizes), either all in one location or “working” remotely. They click on an ad, repeat. Click on another ad. Repeat. Then, surprisingly they click on another ad. Wait a minute, what do they do next? Oh yes, they repeat. Thus, the traffic being generated is human traffic. Fraudulent, but still human.
Click Injection – Install Attribution Fraud
Click injection is when the fraudster injects a fake click, right after an organic or paid install begins. This fools the MMP into believing that the organic or paid install is attributed to that fraudulent click, as it was the lack click received by the application store.
Click Spamming – Install Organic Attribution Fraud
Also known as click hijacking, this is when a large volume (think, thousands or millions, maybe even billions, depending on the spammer) of clicks are sent to an MMP. When genuine, organic, human traffic eventually converys to an install there is a low chance that the fake click (generated by the fraudster) will be accidentally attributed to the fraudulent click. This might be due to an error or some missing information, that leads to the misattributed ad fraud. Thus click spamming harnesses the power of real-human traffic to generate their fraudulent revenue.

Invisible Ads or Ad Stacking – Impression Ad Fraud
This is a form of impression advertisement fraud, where advertisers are paying for impressions that never took place. This happens when a publisher stacks multiple ads on top of each other. The only visible ad is on top, and the ads stacked beneath are clearly obstructed, thus never seen by the viewer, yet still paid for. This is almost an identical type of human-traffic based ad fraud known as pixel stuffing (below).
Pixel Stuffing – Impression Ad Fraud
This is much the same method and concept as before. One ad space, multiple ads. Only one ad is visible, yet all ads occupying that space are paid for by the advertiser in the form of impressions. The only difference is the method of concealment. Ad stacking conceals ads by layering. Pixel stuffing makes ads “invisible” by making it impossible to see by the human eye, due to the small size of the ad.
Cookie Stuffing – Impression and CPA Ad Fraud
This is a form of attribution fraud (which is a type of ad fraud). This follows the same method of click injection, however, it targets install-fraud rather than impression-based fraud. The fraudster will over-stuff user’s browsers with cookies. Perhaps even from sites they are not advertising or related to. Thus, when the user organically visits and potentially purchases something from this site, it will be counted as a paid action, and the payout will go to the fraudster who implanted that cookie
Domain Spoofing – Impression Ad Fraud
Domain spoofing is when fraudsters present their sites as a premium even though they are not. This is achieved via malware ad injections and modifying ad tags. Once a user downloads a malware application (without their knowledge), the malware starts running its own code in the user’s internet browser and commences injecting ads onto their browser’s screen. Fraudsters gain access to the code in the ad tag and impersonate any property. While advertisers think their ads are published on premium websites, they are published on substandard properties.
Ad Injection – Impression Ad Fraud
Without the user’s and publisher’s knowledge and the permission of site owners, sometimes ads can be published on websites. It is done through browser toolbars or adware plugins and called “ad injection” Injected ads can replace other ads totally or can be seen on some parts of the page not supposed to have ads at all.
Not all Bots are Bad
Some bots, such as search engine bots (or search engine spiders) are benign bots, that scour the web, performing essential activities that search engines rely upon in order to… well, be a search engine! So, yes, some bots are bad, in fact, many contribute to ad fraud. However, not all.
Final Thoughts
Whether it be human traffic or bot traffic, all ad fraud is bad. Want to see how much of your traffic is lovely and clean, promoting a healthy growth cycle? Want to optimize those channels and block that nasty fraudulent traffic? Have a chat with us today.