The importance of demand fraud malvertising: an advertiser’s guide



Open Mic article

This content is produced by a publishing partner of Open Mic.

Open Mic is the self-publishing platform for the marketing industry, allowing members to publish news, opinion and insights on

Find out more

March 7, 2023 | 6 min read

By Louis-David “LD” Mangin, CEO and co-founder, Confiant Inc

We all know ad fraud, also known as invalid traffic, occurs when malicious actors manipulate digital advertising systems to generate fraudulent traffic and false revenue. Software that pretends to be human traffic, called bot farms, are often used to pump the ad network with huge quantities of false clicks and impressions on digital ads, creating huge revenues for criminals by creating fake supply.

According to Statista, ad fraud grew from $35bn in 2018 to $81bn in 2022. At Confiant, we believe equating bot fraud to ad fraud is a misnomer and that the industry is ill served in not being more precise. Yes, bot traffic generates real costs to the ad ecosystem with their fake impressions, generating real distortion to the programmatic landscape with their fake supply. No, bot fraud isn’t the only type of invalid traffic.

Fake ads from the demand side (malvertising) can drive ad fraud as well as fake impressions

At Confiant we combine our unique technology with our unique psychology. Put another way, we combine complex integrations deep into the ad tech infrastructure with a security professional’s aspiration to be precise in our determinations, even the semantic ones. Today, we classify any malicious activity or process that comes from the demand side to be malvertising.

When we first started benchmarking the state of Malvertising in 2018 with our inaugural Malvertising Ad Quality (MAQ) benchmark (then called our Ad Quality Report), the largest attack type was so significant that we reported it as distinct from malvertising. We called it in-banner video, aka IBV, aka ad fraud. At the time, 1.5% of all programmatic display impressions were IBV. Aligning IBV with bot traffic as equivalent sources of invalid traffic does an injustice to the sophisticated technical engineering that the fraudsters execute to get the industry to fudge its attribution in their favor.

Then, and now, demand fraud is a deeply malicious activity that manipulates the lowest levels of the ad ecosystem to steal money from legitimate industry participants. It is fraud, but distinct from bot fraud enough that it deserves its own name. In this new lexicon, where ad fraud needs to encompass both supply fraud and demand fraud, malvertising is much broader, encompassing malware, cloaking, phishing, investment scams, tech support scams, romance scams, as well as consent fraud (the manipulation of the privacy signal), demand fraud, and more, as outlined in our Malvertising Attack Matrix.

In my cofounder, Jerome Dangu’s recent article, Malvertiser Makes the Big Bucks on Black Friday, Confiant unmasked Malvertising activity that lucratively combined a form of ad fraud via cookie stuffing, with cloaking and privacy consent violations to trigger invalid ad conversions by generating fake clicks. Confiant calculated that the eight year-long DatalyMedia campaign racked up an astonishing 125 million display ad impressions in 2022 alone. Cookie stuffing, cloaking and consent fraud: quite the malicious sandwich.

How does demand fraud differ from supply fraud?

Demand fraud should be a distinct concern to the advertising industry because it is structurally different from supply fraud.

Demand fraud is not about bots. Why bother showing a real ad to a fake person on a fake site when you can arbitrage buying an ad against a real user on a real site with your ability to load additional ads that are invisible to everyone except the measurement companies who count them as valid? “Thank you hidden iFrames!” is probably the rallying cry of ad fraudsters the world around.

Six reasons why demand fraud should matter distinctly from supply side fraud

1. Cost

Paying for bot impressions steals from the advertiser. Demand fraud is fake impressions and/or attribution fraud, and the latter is the largest hidden tax on the ad tech ecosystem that exists where the wrong person gets paid for the real work done by the legit publishers delivering engaged users.

2. Trust

This double-sided theft has twice the impact: less budget spent, and less budget received for legit activities achieved. Consistent activity of this type is toxic to the trust between advertisers and publishers. Advertisers no longer trust publishers and publishers no longer trust advertisers: all because a third-party criminal chose to steal from both and hide their theft in the ad tech “noise”.

3. Brand safety

If you buy a video impression it is legit to expect it to show in a video ad slot. Vice versa if you sell a display impression, it is legit for publishers to expect not to get foisted to a video ad or have dozens of hidden ads loading behind the browser page, or hundreds of cookies being dropped as it renders. Transparency is the best safety.

4. Effectiveness

Demand fraud distorts the attribution data that advertisers use to measure the effectiveness of their campaigns. If fraudulent clicks or impressions are included in the data, advertisers will believe that their campaigns are more effective than they are, which can lead to n-number of poor decisions and suboptimal results downstream.

5. Performance

Insertion of iFrame loading and other artificial delays to avoid detection cause page latency. Extra latency is the most obscure of all the tech taxes, but one that affects everyone. The slowest link limits the rest.

6. Compliance

Circumventing user consent for the rogue tracking causes privacy violations and creates liabilities for publishers and advertisers alike. The privacy violation risks are especially bad for the publisher who can get blamed for the criminals’ consent tracking.

None of this is to say that the bot traffic version of ad fraud isn’t important, it is. However, demand fraud has serious implications for advertisers and publishers regarding the security, quality and effectiveness of advertising campaigns that simply cannot and should not be ignored.


Industry insights

View all
Add your own content +