Ad Fraud Glossary

Ad Fraud

Any deliberate activity that prevents the proper delivery of ads to real, interested users. Ad fraud inflates impressions, clicks, or conversions to steal advertising budget. It includes bot traffic, click farms, ad injection, domain spoofing, and dozens of other techniques. Industry estimates put ad fraud losses at over $80 billion per year globally.

Ad Injection

Malware or browser extensions that insert unauthorised advertisements into web pages, replacing legitimate ads or adding new placements without the publisher’s consent. The fraudster earns revenue from the injected ads while the legitimate publisher and advertiser see no benefit.

Ad Stacking

A technique where multiple ads are layered on top of each other in a single ad placement. Only the top ad is visible to the user, but impressions (and sometimes clicks) are counted for every ad in the stack. This is common in mobile and display advertising.

App Install Fraud

Also known as: Install Fraud, Fake Installs

Generating fake mobile app installations using bots, device farms, or SDK spoofing. The fraudster claims credit (and payment) for installs that either never happened or were performed by non-human actors. Common in CPI (cost-per-install) campaigns.

Attribution Fraud

Also known as: Attribution Manipulation, Attribution Hijacking

Manipulating attribution data to falsely claim credit for an app install, conversion, or sale that occurred organically or through another marketing source. Methods include click injection, click spam, and cookie stuffing. The fraudster steals commission without driving any real value.

Auto-Refresh Fraud

Automatically refreshing ad placements at rapid intervals to generate additional impressions without any corresponding user engagement. The user may see the page once, but the ad server records dozens or hundreds of impressions.

Bot Traffic

Also known as: Non-Human Traffic (NHT)

Website visits or ad interactions generated by automated programs (bots) rather than real people. Bots range from simple scripts that click links to sophisticated programs that mimic mouse movements, scroll patterns, and browsing behaviour. Bot traffic can represent up to 40% of total internet traffic.

Bounce Rate Manipulation

Artificially inflating or deflating a website’s bounce rate by sending bot traffic that either leaves immediately (inflating bounce rate to harm competitors) or engages briefly (deflating bounce rate to make fraudulent traffic appear legitimate).

Brand Safety

Ensuring that ads do not appear alongside harmful, offensive, or inappropriate content that could damage the advertiser’s reputation. While not fraud per se, brand safety violations often co-occur with ad fraud — fraudulent sites frequently host low-quality or harmful content.

Click Fraud

Repeatedly clicking on pay-per-click (PPC) advertisements with no genuine interest in the advertised product or service. Click fraud is carried out by competitors trying to drain a rival’s budget, bots generating revenue for publishers, or click farms employed to inflate engagement metrics. It is the most common form of ad fraud affecting search and display campaigns.

Click Farm

An operation — typically in low-wage regions — where groups of workers or racks of devices manually click ads, like social media posts, or complete sign-up forms to generate fraudulent engagement at scale. Click farms are harder to detect than simple bots because the clicks come from real devices and IP addresses.

Click Injection

A mobile-specific fraud technique where malware on a user’s device detects when a new app is being installed and fires a fake click just before the install completes. This allows the fraudster to claim attribution credit (and payment) for an organic install they had nothing to do with.

Click Scam

Also known as: Ad Click Scam, PPC Scam, Click Fraud Scam

A broad term for any scheme where fraudsters deliberately generate fake or misleading clicks on pay-per-click advertisements to profit at the advertiser’s expense. Click scams range from competitors repeatedly clicking a rival’s ads to drain their budget, to organised operations using bots and click farms to inflate publisher revenue. Unlike accidental invalid clicks, click scams involve intentional deception — making them a form of digital advertising fraud that costs advertisers billions each year.

Click Spam

Also known as: Click Flooding, Organic Poaching

Sending large volumes of fraudulent clicks in the background of a mobile app or website, hoping that some of those clicks will be matched to real conversions that happen later. The fraudster plays the odds — with enough fake clicks, some will randomly precede a genuine install and earn a commission.

Conversion Fraud

Also known as: Lead Fraud, Fake Conversions

Generating fake conversions — form submissions, sign-ups, downloads, or purchases — using bots, stolen personal data, or incentivised users. This inflates campaign performance metrics and wastes advertiser budget on leads that will never convert into real customers.

Cookie Stuffing

Also known as: Cookie Dropping

Dropping third-party affiliate tracking cookies onto a user’s browser without their knowledge, typically through hidden iframes or image pixels. If the user later makes a purchase from the affiliated retailer, the fraudster earns a commission despite having contributed nothing to the purchase decision.

CTIT (Click-to-Install Time)

The elapsed time between a recorded ad click and the corresponding app install. Abnormally short or long CTIT values are a strong indicator of mobile fraud — click injection produces very short CTITs, while click spam produces randomly distributed, often very long CTITs.

Data Centre Traffic

Web traffic originating from servers hosted in data centres rather than residential or mobile networks. While some data centre traffic is legitimate (e.g. corporate VPNs), large volumes of ad interactions from data centre IPs are a strong signal of bot-driven fraud.

Device Emulation

Also known as: Emulator Fraud

Using software to simulate different devices, operating systems, or browsers to generate fraudulent traffic that appears to originate from a wide range of real users. A single machine can impersonate thousands of unique “devices,” making the fraud harder to detect through simple fingerprinting.

Device Fingerprinting

A fraud detection technique that identifies individual devices based on a combination of attributes — screen resolution, installed fonts, browser plugins, timezone, language settings, and more. Opticks uses device fingerprinting as one of many signals to distinguish real users from bots and emulators.

Domain Spoofing

Misrepresenting a low-quality or fraudulent website as a premium publisher in programmatic ad auctions. The fraudster edits bid request data to make their inventory appear to belong to a reputable site, charging premium CPMs for worthless ad placements. Ads.txt and sellers.json were created to combat this.

Fake Leads

Also known as: Junk Leads, Fraudulent Form Submissions

Form submissions containing fabricated or stolen personal information, submitted by bots or click farm workers. Fake leads waste sales team resources, distort conversion data, and inflate customer acquisition costs. Opticks clients like Tagada Media have detected conversion fraud rates of 5.7% in affiliate channels.

Fraud Detection

The process of identifying invalid traffic and fraudulent ad interactions in real time. Modern fraud detection platforms like Opticks use behavioural analysis, device fingerprinting, pattern recognition, and machine learning to flag and block 30+ types of invalid traffic across search, social, display, and mobile channels.

Geo-Masking

Also known as: Location Spoofing, Geo-Spoofing

Using VPNs, proxies, or other tools to disguise the true geographic location of fraudulent traffic, making it appear to originate from a targeted region. Advertisers paying premium CPCs for traffic from specific markets end up paying for clicks from entirely different countries.

GIVT (General Invalid Traffic)

Known non-human traffic that can be identified through routine, list-based filtration methods. GIVT includes search engine crawlers, monitoring bots, pre-fetching tools, and other benign automated traffic. Defined by the MRC (Media Rating Council), GIVT is the less harmful category of invalid traffic — compare with SIVT.

Hidden Ads

Also known as: Invisible Ads

Ads rendered in a way that makes them invisible to users — placed in 1×1 pixel iframes, behind other page elements, or off-screen. Impressions are recorded and billed even though no human ever sees the ad. Pixel stuffing and ad stacking are specific forms of hidden ad fraud.

Human Fraud Farm

Also known as: Device Farm, Phone Farm

A physical location filled with rows of devices (phones, tablets, computers) operated by low-paid workers who interact with ads, install apps, or complete sign-ups. Because the interactions come from real devices and appear human, they are harder to detect than purely automated bot traffic.

Impression Fraud

Artificially inflating the number of ad impressions served. Methods include pixel stuffing (rendering ads in invisible pixels), ad stacking (layering multiple ads), auto-refreshing placements, and serving ads to bot traffic. Impression fraud is most damaging in CPM (cost-per-thousand-impressions) buying models.

Invalid Traffic (IVT)

Also known as: Non-Human Traffic, Fraudulent Traffic

Any ad clicks, impressions, or conversions that do not come from genuine users with real interest in the advertised product. IVT is the umbrella term used by the MRC and TAG and is divided into two categories: GIVT (General Invalid Traffic) and SIVT (Sophisticated Invalid Traffic). Opticks detects 30+ types of IVT in real time.

IP Spoofing

Forging the source IP address in network packets to disguise the true origin of traffic. In ad fraud, IP spoofing is used alongside geo-masking to make bot traffic appear to come from legitimate residential IP addresses in high-value geographic markets.

KPI Manipulation

Using fraudulent traffic to artificially inflate key performance indicators such as click-through rate (CTR), conversion rate, or cost per acquisition (CPA). This makes low-quality or fraudulent traffic sources appear to perform well, leading advertisers to increase spend on channels that deliver no real value.

Lead Fraud

A form of conversion fraud specifically targeting lead generation campaigns. Fraudsters submit fake contact details — fabricated names, temporary emails, stolen phone numbers — to earn payouts in cost-per-lead (CPL) campaigns. Lead fraud is particularly damaging to fintech, education, and insurance advertisers where CPLs are high.

Location Fraud

Falsifying the geographic location of ad impressions or clicks, typically through VPNs, proxies, or GPS spoofing on mobile devices. Location fraud tricks advertisers into paying premium rates for traffic that does not originate from their target market. See also: Geo-Masking.

Malware-Based Fraud

Ad fraud carried out through malicious software installed on users’ devices. The malware may click ads in the background, inject ads into web pages, redirect users, or hijack attribution by firing fake clicks before app installs. The device owner is usually unaware their device is being used for fraud.

MRC (Media Rating Council)

The US-based industry body that sets standards for measuring digital media. The MRC defines the official classifications of invalid traffic (GIVT and SIVT) and accredits vendors who meet their audit standards for traffic quality measurement.

Non-Human Traffic (NHT)

Any web traffic not generated by a real person. This includes both benign bots (search engine crawlers, monitoring tools) and malicious bots (ad fraud bots, scrapers, credential stuffers). In advertising, NHT is synonymous with invalid traffic and represents wasted ad spend.

Pixel Stuffing

Rendering an entire ad inside a tiny 1×1 pixel iframe on a web page. The ad is technically “served” and the impression is counted and billed, but no human can possibly see it. A single web page can contain dozens of pixel-stuffed ads, all generating fraudulent revenue.

Programmatic Fraud

Ad fraud that exploits the automated, real-time nature of programmatic advertising. Fraudsters create fake websites, spoof domains, or generate bot traffic to siphon budget from programmatic ad exchanges. The speed and volume of programmatic buying make it particularly vulnerable — billions of bid requests per day mean fraud can scale quickly.

Proxy Traffic

Web traffic routed through proxy servers to mask the true IP address, location, or identity of the source. While proxies have legitimate uses, high volumes of ad clicks from proxy IPs are a fraud signal — the proxy is being used to disguise bot traffic or evade geographic targeting restrictions.

Retargeting Fraud

Manipulating retargeting campaigns by sending fake users to advertiser websites to populate retargeting audiences with bots. The advertiser then pays to show retargeting ads to those bots, wasting budget on impressions and clicks that will never convert.

ROAS (Return on Ad Spend)

A key advertising metric measuring the revenue generated for every euro (or dollar) spent on ads. Ad fraud deflates true ROAS by consuming budget without generating genuine conversions. When Opticks clients remove invalid traffic, they typically see ROAS improve by 2–20% — Papernest improved ROAS by 1.9% and conversion rate by 3%.

Refund-Ready Reports

Detailed fraud evidence reports formatted for submission to ad networks (Google Ads, Meta Ads, Microsoft Ads) to claim refunds or credits for invalid clicks and impressions. Opticks generates these reports automatically, documenting the fraud type, affected campaigns, and estimated spend impact.

SDK Spoofing

Also known as: Replay Attacks, Traffic Spoofing

A sophisticated mobile fraud technique that creates fake app installs or in-app events by exploiting the communication protocol between an app’s SDK and attribution servers. The fraudster reverse-engineers the SDK’s API calls and replays them with fabricated data — the app is never actually installed, but the attribution platform records a valid install.

SIVT (Sophisticated Invalid Traffic)

The harder-to-detect category of invalid traffic, as defined by the MRC. SIVT includes bots that mimic human browsing behaviour, hijacked devices and sessions, malware-driven traffic, manipulated attribution data, and incentivised or non-consented human traffic. Detecting SIVT requires advanced analytics — Opticks specialises in this area.

Spider Traffic

Also known as: Crawler Traffic

Automated traffic from web crawlers or spiders that systematically browse websites. Most spider traffic is benign (search engine indexing), but it should be filtered from advertising analytics. When spider traffic interacts with ads — either intentionally or through misconfiguration — it becomes invalid traffic.

Supply-Side Fraud

Fraud committed by publishers or supply-side platforms to inflate the value or volume of their ad inventory. Examples include domain spoofing, traffic laundering, hidden ads, and inflating audience metrics. Supply-side fraud is common in programmatic advertising where buyers have limited visibility into where their ads actually appear.

TAG (Trustworthy Accountability Group)

An industry initiative that fights criminal activity in digital advertising, including ad fraud, malware, and piracy. TAG’s “Certified Against Fraud” programme sets standards for fraud detection and requires participating companies to implement specific anti-fraud practices.

Traffic Laundering

Routing bot or low-quality traffic through a series of redirects and intermediary domains to make it appear as if it originated from legitimate, premium sources. By the time the traffic reaches the ad exchange, its true origin is obscured. This is one of the most sophisticated forms of ad fraud.

Toolbar Traffic

Traffic generated by browser toolbars or extensions that load ads or web pages in the background without the user’s explicit knowledge. Some toolbars inject ads into pages or redirect search queries to generate fraudulent ad revenue for the toolbar developer.

URL Hijacking

Also known as: Ad Hijacking, Brand Bidding Fraud

When a third party bids on an advertiser’s branded keywords or display URL in search advertising to redirect traffic through affiliate links and claim commission. The advertiser ends up paying for clicks on their own brand terms while the hijacker takes a cut of the resulting sale.

User Agent Spoofing

Changing the user agent string sent by a bot or browser to impersonate a different device, operating system, or browser. This makes fraudulent traffic appear more diverse and harder to detect through simple user-agent-based filtering.

Viewability Fraud

Manipulating viewability metrics to make non-viewable ad impressions appear viewable. An ad is considered “viewable” when at least 50% of its pixels are in the browser viewport for at least one second (display) or two seconds (video). Fraudsters use techniques like ad stacking and pixel stuffing to record “viewable” impressions that no human ever sees.

VPN Traffic

Traffic routed through virtual private networks, which mask the user’s true IP address and geographic location. While VPN use is common and legitimate, a disproportionate volume of ad clicks from VPN exit nodes can indicate geo-masking fraud — particularly when the advertiser is targeting specific regions.

Wasted Ad Spend

The portion of an advertising budget consumed by invalid traffic — clicks, impressions, and conversions from bots, click farms, and other fraudulent sources. Industry estimates suggest 10–20% of all digital ad spend is wasted on fraud. Opticks clients typically recover 3–20% of wasted budget, with verified savings of €6M+ across all clients.