AdCharta Logo
Back to Blog
ProgrammaticJune 11, 2026

How to Spot Ad Fraud Before It Eats Your Programmatic Budget

The Scale of the Problem Nobody Wants to Talk About

Here's a number that should make every media buyer uncomfortable: ad fraud is estimated to cost advertisers over $80 billion globally per year. That's not a typo. And what makes it worse is that a meaningful chunk of that money disappears from programmatic budgets specifically — the same budgets that are supposed to be "data-driven" and "optimized."

I've audited programmatic campaigns where 15-30% of impressions were fraudulent. Not suspicious — confirmed fraudulent through verification tools. The advertiser had no idea. Their DSP reports showed healthy impression numbers, reasonable CPMs, and what looked like normal campaign delivery. Everything seemed fine on the surface.

Ad fraud persists because it's in a lot of people's financial interest for it to persist. Fraudulent publishers make money. Ad networks that don't ask too many questions make money. And if a brand's agency is compensated based on media spend, there's a perverse incentive to not look too closely at where that spend is going.

So let's look closely.

The Types of Ad Fraud You Need to Know

Bot Traffic

What it is: Automated software programs (bots) that visit websites and generate fake ad impressions and clicks. These range from simple scripts to sophisticated bots that mimic human browsing behavior — moving the mouse, scrolling, even filling out forms.

How to spot it:

  • Abnormally high click-through rates (CTRs) on display campaigns — if your banner ads are getting 2-3% CTR, something is wrong
  • Traffic spikes that don't correlate with any marketing activity
  • Very high bounce rates (95%+) combined with very short session durations (under 2 seconds)
  • Geographic anomalies — sudden traffic from countries you don't target
  • Conversion rates that are suspiciously low relative to high traffic volume
Real impact: A mid-size B2B brand I consulted for was running display campaigns through an open exchange. Their click volume looked great — until we looked at post-click behavior. 73% of clicks resulted in sessions under 1 second with zero page interactions. That was bot traffic, and it had consumed roughly $40,000 over two months.

Domain Spoofing

What it is: A fraudulent publisher misrepresents their domain to make it look like ad inventory is coming from a premium website. Your DSP report shows your ad ran on nytimes.com, but it actually displayed on a low-quality site with no real audience.

How to spot it:

  • Impossibly low CPMs on premium inventory — if you're buying "New York Times" inventory at $2 CPM, it's not real
  • High impression volume from premium publishers that doesn't match those publishers' actual available inventory
  • Check ads.txt files (more on this below) to verify authorized sellers

Ad Stacking

What it is: Multiple ads are layered on top of each other in a single ad slot. Only the top ad is visible to the user, but impressions are counted for all of them. You pay for an impression that no human ever saw.

How to spot it:

  • High impression volume but near-zero viewability rates
  • Your viewability metrics show a suspiciously large gap between served impressions and viewable impressions
  • Unusually low engagement (zero clicks, zero interactions) despite high impression counts

Click Injection (Mobile)

What it is: Malware on a user's mobile device detects when an app install is about to complete and fires a fake ad click just before the install finalizes. The fraudster gets credit (and payment) for an organic install they had nothing to do with.

How to spot it:

  • Unusually low click-to-install time (CTIT) — real users take time between clicking an ad and installing an app. If installs are happening within seconds of a click, it's likely fraud
  • High install volumes from sources with very low post-install engagement
  • Install patterns that spike during off-hours when real users are sleeping

Pixel Stuffing

What it is: An ad is served in a tiny 1x1 pixel frame — technically "displayed" but invisible to the human eye. The impression counts, the advertiser pays, and nobody saw anything.

How to spot it:

  • Similar indicators to ad stacking — high impressions, near-zero viewability
  • Verification tools flag these specifically
  • If you see impression volumes that seem too good to be true from certain publishers, they probably are

How Much Money Is Actually Lost

Let's put some global numbers on this:

Fraud TypeEstimated Global Cost (Annual)
Bot traffic$30-35 billion
Domain spoofing$10-15 billion
Ad stacking & pixel stuffing$8-12 billion
Click fraud (search & display)$12-15 billion
Mobile fraud (click injection, SDK spoofing)$8-10 billion
These numbers overlap somewhat since a single fraudulent operation can combine multiple techniques. But the total picture is staggering — and it's growing as programmatic spend grows.

In Turkey specifically, the ad fraud landscape mirrors global patterns but with some regional characteristics. Open exchange buying through Turkish ad networks with less rigorous inventory vetting tends to carry higher fraud rates. Brands spending on programmatic display in Turkey should assume 10-20% of open exchange impressions are non-human unless actively verified.

Detection Red Flags — What to Watch For

Here are the signals that should trigger an immediate investigation:

  • CTR above 1% on standard display campaigns. Standard display CTR is 0.05-0.1%. If you're seeing significantly higher, question the traffic quality.
  • Viewability below 40%. Industry average is around 50-60%. Consistently lower numbers suggest inventory quality issues or stacking/stuffing.
  • Conversion rates near zero despite high traffic. Bots click but don't convert. If a placement drives thousands of clicks with zero conversions, cut it.
  • Sessions under 2 seconds with 100% bounce rate. Real humans don't behave this way at scale.
  • Traffic from data centers or hosting providers. Legitimate users don't browse the web from AWS or Google Cloud IP addresses.
  • Sudden spikes in performance that seem too good. If a placement goes from average to incredible overnight, investigate before celebrating.
  • Click timestamps clustered in patterns. Real human clicks are distributed randomly. Bots often click in regular intervals.

    • Verification Tools — Your Defense Layer

    IAS (Integral Ad Science)

    IAS provides pre-bid and post-bid fraud detection, brand safety, and viewability measurement. Their pre-bid segments can be applied in most major DSPs to filter out fraudulent inventory before you bid on it.

    Best for: Large advertisers running significant programmatic budgets who need comprehensive protection across multiple DSPs.

    DoubleVerify (DV)

    DoubleVerify offers similar capabilities to IAS with strong fraud detection, brand safety, and viewability tools. They're particularly known for their Authentic Ad metric, which combines viewability, fraud, and brand safety into a single number.

    Best for: Brands that want a unified quality metric and strong post-campaign verification reporting.

    MOAT (now part of Oracle Advertising)

    MOAT focuses on attention-based measurement alongside fraud detection. They track viewability, attention metrics, and invalid traffic in a single platform.

    Best for: Brands that want to go beyond fraud detection into attention measurement and creative performance analysis.

    Pixalate

    Pixalate specializes in CTV and mobile ad fraud detection — a growing concern as these formats attract more spend and, consequently, more fraud.

    Best for: Advertisers with significant CTV or mobile app advertising budgets.

    How to Choose

    For most mid-to-large advertisers, IAS or DoubleVerify is the standard choice. They integrate with all major DSPs, provide both pre-bid filtering and post-bid reporting, and are widely recognized by publishers and platforms. If you're running CTV campaigns, add Pixalate as a supplementary layer.

    The cost typically runs 3-7% of media spend, which is a bargain when you consider that it routinely saves 10-20%+ of budget that would otherwise go to fraud.

    ads.txt and sellers.json — The Industry's Self-Defense Mechanism

    ads.txt

    Ads.txt (Authorized Digital Sellers) is a text file that publishers place on their website listing the companies authorized to sell their ad inventory. When your DSP sees an impression from publisher.com, it can check publisher.com/ads.txt to verify that the seller offering the inventory is actually authorized to do so.

    Why it matters: It directly prevents domain spoofing. If a fraudster claims to sell nytimes.com inventory but isn't listed in nytimes.com's ads.txt file, the DSP can block the transaction.

    What to do: Configure your DSP to only buy from sellers listed in ads.txt files. Most DSPs support this filter, and enabling it is one of the easiest fraud prevention steps you can take.

    sellers.json

    Sellers.json provides transparency about the entities involved in selling ad inventory. While ads.txt tells you who is authorized to sell a publisher's inventory, sellers.json identifies the final seller in the supply chain and whether they're an intermediary or direct seller.

    Why it matters: It adds another layer of supply chain transparency, making it harder for fraudulent resellers to hide in the chain.

    app-ads.txt

    The mobile equivalent of ads.txt, app-ads.txt does the same thing for mobile app inventory. If you're running mobile campaigns, ensure your DSP checks app-ads.txt listings.

    The 10-Point Anti-Fraud Checklist for Brands

    Here's a practical checklist you can implement starting today:

    1. Enable ads.txt filtering in your DSP. Only buy inventory from authorized sellers. This is free and takes minutes to configure.

    2. Deploy a verification partner. IAS or DoubleVerify at minimum. Enable pre-bid fraud filtering, not just post-bid reporting.

    3. Set viewability thresholds. Don't pay for impressions that aren't viewable. Set a minimum 50% viewability threshold for display, 70% for video.

    4. Use inclusion lists, not just exclusion lists. Instead of trying to block every bad publisher (whack-a-mole), create an approved list of quality publishers and buy primarily from them.

    5. Analyze post-click behavior. Connect your ad data to your analytics platform. Look at bounce rates, session duration, and pages per session from each traffic source.

    6. Monitor for geographic anomalies. If you're targeting Turkey and seeing significant traffic from countries you don't serve, investigate immediately.

    7. Set up conversion validation. Don't just track conversions — validate them. A real purchase generates a shipping order. A real lead submits a verifiable email address. Cross-reference your ad-attributed conversions with actual business outcomes.

    8. Audit your supply path regularly. Use supply path optimization (SPO) to understand how many intermediaries sit between your DSP and the publisher. More intermediaries = more opportunity for fraud and more fees eating your budget.

    9. Question anomalies immediately. If a placement suddenly delivers incredible performance, investigate before scaling it. Fraud often looks like success in your campaign reports.

    10. Review your verification reports monthly. Don't set and forget. Schedule a monthly review of invalid traffic rates, viewability scores, and brand safety incidents across all campaigns.

    What to Do When You Find Fraud

    When (not if) you discover fraud in your campaigns:

  • Pause the affected placements immediately. Don't let another dollar flow to confirmed fraudulent inventory.
  • Document everything. Screenshots, data exports, verification reports. You'll need evidence for clawback requests.
  • Request a clawback from your DSP or ad network. Most platforms have policies for refunding spend on confirmed invalid traffic. You won't always get the money back, but you should always ask.
  • Block the fraudulent sellers/publishers permanently. Add them to your exclusion list across all campaigns.
  • Investigate how it got through. Was your verification tool not configured properly? Were you buying on the open exchange without adequate filters? Fix the gap.
  • Report to TAG (Trustworthy Accountability Group) or relevant industry bodies if the fraud is significant.

    • The Honest Truth

    You will never eliminate ad fraud entirely from your programmatic campaigns. As long as there's money flowing through automated systems, there will be people trying to steal a piece of it. The goal isn't perfection — it's minimizing your exposure to a level where the remaining fraud is a rounding error, not a line item.

    The brands that do this well treat fraud prevention as an ongoing operational discipline, not a one-time setup. They review their data regularly, invest in verification tools, and maintain a healthy skepticism about metrics that look too good.

    Your programmatic budget deserves the same level of scrutiny you'd give to any other significant business expense. Don't let the automation and scale of programmatic advertising lull you into trusting the numbers at face value. Look deeper. Question more. Protect your spend.

    Ready to Grow Your Ad Performance?

    Get a free audit of your current advertising setup and discover untapped growth opportunities.

    Get a Free Quote
    hello@adcharta.com

    Related Articles

    ProgrammaticJun 11, 2026

    What Changed in The Trade Desk in 2026?

    A deep dive into The Trade Desk's 2026 updates — Kokai AI improvements, CTV expansion, UID2 adoption, and what it means for advertisers.

    Read more
    ProgrammaticJun 11, 2026

    Programmatic Advertising Trends in the Finance Sector

    How financial institutions are leveraging programmatic advertising in 2026 — compliance challenges, targeting strategies, and proven campaign frameworks.

    Read more
    ProgrammaticJun 11, 2026

    How to Set Up Your First Campaign in DV360

    Step-by-step guide to launching your first DV360 campaign — from account setup to optimization. Everything a beginner needs to know.

    Read more