Ad Fraud: The Crime That Thrives Because We Let It

See no ad fraud, hear no ad fraud, speak no ad fraud

Digital advertising was built on the promise of precision at scale — or, as AdExchanger once put it, “incredibly precise, hypertargeted, zero-waste campaigns with massive reach.” Nearly 30 years in, we’ve certainly mastered the scale and hypertargeting. Billions of impressions fire every day across millions of sites, apps, and screens, delivered in milliseconds by algorithms operating at speeds and volumes far beyond human capacity.

Zero waste, however, remains a pipe dream. The same speed and automation that powered digital advertising’s meteoric rise also opened the door to something far more sinister: industrialized ad fraud. What began as a fringe annoyance has quietly matured into one of the most profitable forms of organized crime on the planet. It siphons off tens of billions from media budgets every year, all while hiding inside the very KPIs we have been taught are supposed to signal success.

But here’s the part the industry rarely admits: ad fraud persists not just because fraudsters are sophisticated — which they certainly are — but because we don’t care enough to stop them. Their tactics evolve constantly, funded by criminal networks that treat programmatic advertising like a money-printing machine. Keeping up would require relentless scrutiny, deeper transparency, and hard conversations about a broken incentive model — and these are things this industry has avoided for decades. Meanwhile, agencies, platforms, and intermediaries quietly benefit from the excess volume and inflated metrics that fraud creates.

This piece examines what ad fraud actually is, who commits it, why it’s so hard to eradicate, and how nearly every part of the ecosystem profits from looking the other way. If you work in marketing, media, or technology, the uncomfortable truth is this: you’re already paying for the fraud, and the system persists because, collectively, we’ve decided it’s easier to tolerate than to confront.

What Ad Fraud Actually Is — and Isn’t

Ad fraud is not a rounding error or a quirk of digital measurement. It is a deliberately engineered system of deception designed to mimic human behavior at industrial scale. Fraudsters create fake impressions, bots make fake clicks, and click farms make fake conversions using fake users on fake sites. With billions of dollars at stake, the machinery behind it is far more sophisticated than most marketers realize. Vast botnets, legions of spoofed devices, countless MFA farms running on AI slop, and hijacked identity signals all work together to generate activity that looks real enough for the algorithms to reward.

Pic courtesy of Zvelo

These schemes run continuously and invisibly, 24 hours a day, exploiting the sheer volume of programmatic transactions. When countless billions of impressions are bought and sold, fraud doesn’t need to be perfect, it just needs to blend in. A small percentage of manipulation multiplied across this scale turns into a massive, recurring revenue stream for malevolent actors. The result is a shadow economy that grows quietly beneath the dashboards, draining budgets and distorting outcomes long before anyone thinks to look.

A Global Problem Hiding in Every Dashboard

The scale of digital ad fraud is almost impossible to overstate, and most published estimates still wildly undershoot the real number. Reports from Cloudflare, Business of Apps, and the ANA routinely place global losses somewhere between $100 and $150 billion annually. This sounds like a lot, but analysts like Dr. Augustine Fou argue the true figure is likely much higher. Fraud thrives in the blind spots of programmatic, and those blind spots make measurement inherently conservative. If anything, the industry only sees the portion of fraud sloppy enough to get caught.

In 2024, US digital ad spend reached an estimated $259 billion, and independent ad-fraud trackers estimate that around 22 percent of digital ad spend may be fraudulent globally. If US programmatic behaves similarly — which I believe to be the case — this would imply between $40 to $60 billion annually could be flowing into the fraud economy — money that brands, agencies, and platforms rarely acknowledge but absorb with a shoulder shrug. These numbers are massive and real.

Press enter or click to view image in full size

Product Plan has a great description of Vanity versus Actionable Metrics

And it’s going on today. A recent investigation by Reuters on Meta estimated that roughly 10 percent of the company’s 2024 revenue, about $16 billion, comes from illicit or high-risk advertisers. This amounts to a whopping 15 billion suspicious ads per day, which are allowed to run unless fraud can be proven with 95 percent certainty — an impossibly high bar. Comically, the company apparently even imposed “penalty bids” on borderline accounts, charging more rather than removing them.

Recent investigations such as this one reinforce what experts like Fou and others have warned for years — namely, that fraud is not a fringe problem but a parallel economy rivaling the profitability of global organized crime. Moreover, because it hides inside dashboards showing green KPIs and “strong performance,” it remains one of the least confronted financial risks in modern marketing.

How Programmatic Supercharged Ad Fraud

Programmatic advertising was supposed to bring transparency and efficiency to digital media. Instead, it created an environment where fraud could scale faster than detection, exploiting every blind spot in an ecosystem optimized for automation and volume. When billions of impressions are traded in real time across fragmented supply paths, even small manipulations become lucrative at scale.

The rise of programmatic was Nitrous Oxide for ad fraud

Fraudsters quickly learned that programmatic rewards activity — not authenticity — so they engineered tactics to mimic human behavior across every channel. Some rely on ghost sites and MFA farms designed to generate cheap, low-quality impressions. Others deploy ad stacking, pixel stuffing, and refresh fraud, where ads are technically “served” but never visible. Mobile attackers use SDK spoofing and fake installs to fabricate entire conversion funnels, while botnets and residential proxy networks simulate human browsing patterns that slip past verification tools.

The most explosive growth has come from CTV fraud, where spoofed device IDs and falsified SSAI logs create synthetic households at premium CPMs. Audits have uncovered campaigns where upwards of 90 percent of impressions came from non-human traffic that DSPs still treated as legitimate. Whether it’s domain spoofing, fake CTV, or manufactured app activity, each tactic exploits a different structural weakness. Programmatic didn’t just create new opportunities for fraud — it made the entire system easy to manipulate at industrial scale.

Who Is Actually Committing the Fraud

It’s comforting to imagine ad fraud as a fringe activity run by a few hackers in a basement somewhere. The reality is far more industrial. Some of the largest schemes in history — with names like Methbot, 3ve, Hydra, and ICEBUCKET — were run by professional criminal organizations with large engineering teams, massive server farms, prolific malware distribution channels, and sophisticated money-laundering operations. These groups built entire infrastructures of botnets, spoofed CTV devices, and created fake publishers, all designed to look exactly like the legitimate programmatic supply chain.

Below that layer sits a sprawling ecosystem of fraud-enabled intermediaries who amplify the problem. Some low-quality ad networks knowingly pass along suspicious traffic to maintain volume — a pattern uncovered in the 3ve investigation in which multiple exchanges were routing fraudulent inventory at scale. MFA publishers like those in the Zirconium “malvertising“ network build their businesses around low-quality arbitrage, exploiting structural weaknesses without necessarily breaking the law. And we would be remiss if we didn’t call out the walled gardens Meta and Google. They may not be directly committing the fraud, but they still profit from it financially through inflated engagement.

The uncomfortable truth is ad fraud is not a fringe problem or the work of isolated “bad actors.” It is a fully developed economy involving organized criminal groups, scammy publishers, complicit intermediaries, and massive platforms that indirectly benefit from the opacity. Fraud persists not because it is undetectable, but because too many players profit from leaving it undisturbed.

The Verification Problem: Why Legacy Vendors Haven’t Solved Ad Fraud

For years, the industry placed its faith in legacy verification vendors like DoubleVerify (DV) and Integral Ad Science (IAS) to police the ecosystem. But the results have been underwhelming. These companies are marketed as fraud fighters yet primarily focus on brand-safety and viewability measurement. These are useful capabilities, but they do little to stop fraud at its source. Ironically, many of the largest fraud schemes thrive because they are “protected” by the presence of verification tags.

At issue is a structural problem, not necessarily the technology itself, to be fair. Verification vendors typically measure after the transaction, not before it, and rely on pattern-recognition models many fraudsters can evade by adjusting signals or generating traffic that mimics legitimate human behavior. Importantly, verification companies have an incentive to produce “clean” reports because clients both want and expect good news. When DV claims that its clients “don’t pay for fraudulent impressions,” what this really means is clients don’t pay for the impressions DV flags, which is accurate. The vast majority of fraud that goes undetected still clears, still invoices, and still gets paid.

Critics argue verification has become a safety blanket, not a safety mechanism. Agencies use these tools as proof they’ve done their due diligence, even though fraud continues to flow through the pipes. Marketers console themselves when they see a fee for “brand safety” in their invoice. In other words, verification is more akin to an auditing document attached to an invoice, providing a comforting veneer of control, while the underlying issue remains unresolved.

When Verification Became a KPI Game

Over the past decade, instead of focusing on fraud prevention, teams were trained to optimize to metrics like impressions, clicks, viewability, and keeping “invalid traffic under one percent.” As Erez Levin and others have argued, these numbers are vanity metrics — numbers that look impressive in a QBR deck but have little correlation with real outcomes.

Levin’s argument goes that most verification KPIs are performance indicators, not quality indicators. Teams celebrate “viewability” — even if “viewable” impressions came from MFA farms engineered for easy wins. If IVT stays below a threshold, success is declared, even though current models only catch the clumsiest, most obvious, forms of fraud. The industry stopped asking whether the traffic was real and only cares if the metrics are green. Verification has thus became a game of scoreboard management rather than truth-seeking exercise.

The Outcomes Era Is Dead. Long Live The Quality Era

This shift distorts incentives across the ecosystem. Media buyers are rewarded for hitting verification KPIs, not reducing fraud. Agencies are evaluated on their ability to manage dashboards, not the integrity of supply. And marketers, ebullient to see clean metrics, assume everything must be working. Verification KPIs are the lipstick on the proverbial pig — an attempt to obfuscate the ugliness of what’s really going on.

How Media Buyers Outsourced Responsibility

Media buyers have played a large role in accepting pervasive ad fraud as a cost of doing business. This is because as verification tools gained prominence, media buyers increasingly outsourced their responsibility for traffic quality to third parties. Instead of scrutinizing supply paths or conducting direct audits, buyers leaned on third parties to substitute for real oversight. Working with a brand safety vendor became synonymous with “the campaign is safe.” It was a quiet abdication of responsibility, disguised as industry best practice.

This outsourcing created a vacuum. DSPs built algorithms that optimized for cost and scale, not quality. Agencies prioritized efficiency over transparency, knowing verification tools would catch anything “big enough to matter.” Marketers were told their bases were covered, so they stopped asking questions. And in that vacuum, fraud scaled even faster. No one was watching closely because everyone assumed someone else was.

The result is a broken chain of accountability. Vendors blame the exchanges. Agencies blame the DSPs. DSPs blame the SSPs. SSPs blame publishers. And publishers blame intermediaries. Meanwhile, fraud continues undisturbed because the system has no clear owner. Responsibility dissolved as it moved downstream, leaving the fox in charge of the henhouse.

For many senior marketing leaders, the “fear of finding out,” or FOFO, quietly protects fraud more than any botnet ever could. Many CMOs hesitate to commission rigorous audits because discovery invites accountability. If an audit reveals 20 percent, 30 percent, or even 40 percent fraud, someone will inevitably ask why it wasn’t caught sooner. That becomes a career killer, not a measurement problem. If FOFO remains an unspoken truth, fraud will continue to flourish in the blind spots.

Who Benefits — and Why That Matters

Criminal networks are the obvious winners, but they are far from alone. Major holding-company agencies earn commissions based on total spend, which means larger budgets directly increase their revenue — regardless of whether those impressions came from humans. Many DSPs, SSPs, and exchanges operate on take rates, earning a percentage of every transaction flowing through their pipes. To them, fraud equates to volume, and volume equates to revenue.

Walled gardens like Meta and Google benefit from scale-driven economics and face little external pressure to aggressively police invalid traffic, especially when removing fraudulent impressions would mean less activity and lower growth. Even MFA publishers — while not necessarily breaking laws — exploit the same structural weaknesses, generating low-value inventory that siphons dollars away from legitimate media. In a system where nearly every participant gains financially from more impressions, not better quality impressions, the incentives quietly stack in favor of fraud thriving, not disappearing.

Programmatic works because machines transact faster than humans can verify. But that speed comes at a cost. With thousands of intermediaries, billions of daily auctions, and limited independent oversight, it is mathematically impossible to inspect every impression. Fraudsters can evolve faster than detection systems, shifting tactics whenever the industry closes a gap. The system was never designed to be secure — it was designed for scale and efficiency. In fact, I would argue that you can have precision and scale, or precision and quality. You cannot have all three.

Stopping ad fraud requires more than better detection tools. It demands structural change. Agencies probably shouldn’t be compensated based on percentage-of-spend, and AdTech fees cannot continue to scale with transactional volume, ad nauseum. Marketers need transparent supply paths, log-level data access, and independent verification by third parties without a perverse incentive to show great results. The industry must value real human attention and quality over vanity signals engineered to make dashboards flash green.

The Reckoning Ahead

Ad fraud persists because we tolerate it, almost everyone benefits from it, and no one wants to see it. If incentives reward scale and the appearance of performance, the fraud economy will continue to grow. I would argue at its core, this is not a technical challenge: it is a cultural and economic one. The real choice facing the industry is whether we want genuine outcomes or a comfortable illusion of success. The first step is to stop being afraid of what an honest assessment might actually reveal.