The advertising industry is scrambling to combat the growing threat of "ad fraud," computerized bots that fool advertisers into thinking they are reaching consumers.

By some estimates, this illegitimate online traffic means that for some brands, as much as 25 to 50 per cent of the money spent on online ads is wasted.

"They're trying to make decisions about where best to spend the money, and the illegitimate traffic is screwing up some of the metrics," said Chris Williams, president of the Interactive Advertising Bureau of Canada.

Story continues below advertisement

Ad fraud takes many forms, but the most pernicious, many agree, is "non-human traffic" that leads advertisers to believe they are speaking to their target customers, when they are actually showing ads to bots that crawl the Web pretending to be human.

It's a problem that does not just affect advertisers: It hurts legitimate publishers already scrambling for profit in a digital world. It further devalues an advertising medium whose rates already pale in comparison with traditional print media. And it hurts consumers, who are targeted with malicious software to create these networks of bots.

The trickery has become profitable because of a fundamental shift in the way advertising is bought and sold in recent years. Where advertisers used to buy ad space in a newspaper or during a television show because of the audiences that research showed were attracted to those media, now advertisers are able to target potential customers more directly. They follow behavioural patterns to create profiles of people online and on their mobile devices, and serve ads to them accordingly. (This is why you see ads all over the Web for shoes, after you've been browsing a shoe retailer's website, for example.)

And the system for buying these ads has become increasingly automated. Just like the stock market or travel agents, companies are trying to make advertising transactions more efficient by eliminating the need for employees to pick up the phone to do deals. Ad space is traded online through exchanges where exposure to potential customers (such as young shoe fanatics) are sold to the highest bidder. Google has by far the biggest slice of this market. Other big exchange operators include AppNexus, OpenX, and Yahoo.

Now that the context of an ad – the pages of a particular magazine, for example – is no longer at the heart of the transaction, shady players are able to make money by using bots to behave like the consumers that advertisers want to bid on (by sending them to auto websites to look like a person in the market for a car, for example).

Because the system of online ad exchanges is not always transparent – and often includes intermediaries – advertisers do not always know their ads are on dubious sites.

"Sometimes people say 'low-quality traffic,' as if there was a gradient scale between a person and a robot," said Ben Cormier, founder and former CEO of netProphets, a Toronto-based digital advertising technology company that was purchased in 2011 by advertising technology company AdGear. "Someone can spend $100,000 in online advertising and get incredible results and get a return on investment like nothing else. Someone else can spend $100,000 and get nothing."

Story continues below advertisement

In April of this year, advertising technology firm TubeMogul published a list of websites where it said it had detected bot traffic. Ads paid for by major brands had registered fake views on sites such as tobe.tv and stylefactor.com, the company said.

Many of those sites are designed with content humans might plausibly look at, but not always.

Those who track the problem point to websites such as http://procpm.blogspot.com/. Its name refers to a metric used in ad buying: CPM, or cost-per-mille, which is the price advertisers pay for every 1,000 views of their ad. The site itself has little content on it at all, but visits this week revealed ads for brands including Ford, Aspirin, and Disney.

Big-name brands would likely not choose to advertise there. But the mere presence of their ads suggests that the site may be registered on digital ad exchanges as having more traffic than it likely does.

In February 2012, Tsavo Media, a unit of Toronto-based Cyberplex Inc. at the time, was required to pay Yahoo to compensate for 'low-quality traffic' to ads run on its websites. The sites were owned by Tsavo Media, which Cyberplex bought in 2010. The president in charge at the time of that acquisition resigned, and just two months later, Cyberplex sold Tsavo Media. Cyberplex has since changed its name to EQ Works.

Because fake bot traffic is easy and cheap to buy from hackers online, sites can often make more on ads than they spend to attract visitors. Some more sophisticated operators create both the bots and the shady sites they visit.

Story continues below advertisement

In addition to bot traffic, disreputable sites can take the fraud even further by employing what is known as "ad stacking" – putting a number of ads on top of each other so that only one appears, but multiple ads are registered as having been seen. They can also shrink ads to fit inside a single pixel on a screen – effectively invisible to a visitor. It is also easy for disreputable sites to "spoof" a URL, mimicking the Web address of a well-known website to make themselves look legitimate.

"If the exchange broadcasts an impression that is non-human, or a bot – or a website that is completely cookie-cutter and fake – the exchange did its job by broadcasting the opportunity," said Andrew Casale, vice-president of strategy at Casale Media in Toronto, which operates its own exchange. He believes more oversight is needed. "If the buyer bid on it, the exchange is absolved, at least so far as the current rules, of any responsibility. So the current construct is allowing and enabling exchanges to just list everything."

Companies are spending money to try to fight the problem. This week, comScore announced that it has bought MdotLabs, a company that helps identify non-human traffic. Earlier this year Google Inc. acquired two firms with similar expertise: Spider.io and Adometry. PubChecker, a company that sells fraud prevention services, offers to audit publishers to verify they are fraud-free, similar to a credit rating agency.

"At some point, we have to start knowing who we're doing business with," said PubChecker founder Chris Mejia.

Last month, the Association of National Advertisers in the United States launched "The Marketers' Coalition" to study bot fraud. The ANA did not name the 30 companies participating in the study, but said they own "recognizable brands." The Interactive Advertising Bureau (IAB) has a team in the U.S. of more than 100 people working to identify and fight fraud. The IAB is concerned that the money for all this activity could be going to organized crime.

Some have responded to the problem by limiting their exposure to the open exchange system altogether. According to reports this spring, media buying giant GroupM wants to pull its clients' money out of programmatic exchanges by next year.

Story continues below advertisement

Publishers, for their part, are responding by offering more direct access to ad space on reputable websites – while keeping the efficiency of the new digital buying system – through private automated exchanges. Bell Media refuses to list its sites on open exchanges. Transcontinental Inc., which owns a host of community newspapers, websites, and magazines such as Les Affaires and Canadian Living, has not cut off open exchanges, but is offering a cleaner environment with direct deals.

"It's not good for the brands, it's not good for the agency that's representing the brand, and it's not good for the publishing economy," Heather Forrester, vice-president of sales at TC Media who formerly worked with AppNexus, said of fraud. "These are non-legit sites, and we are missing that advertising dollar. When [ad buyers] do want to do a direct deal, they think we're too expensive."

The hope is that by fighting fraud, the system can regain some of the value it has lost. Online advertising already had challenges without fraud: the prices publishers can charge are often not high enough to support the creation of high-quality content, and many people ignore ads online anyway, either by choosing not to look at them or by installing ad-blocking software. Publishers are only further hobbled by bots that make it look like there is far more supply (of consumer attention) than there is demand from advertisers, and push prices even further down.

"You don't need hackers stealing [ad money away from legitimate websites] for online to already be in trouble," Mr. Cormier said. "But it sure ain't helping. The system already had cancer and now it has, I don't know, what's worse than cancer? That. It has that."

Who gets hurt

Advertisers

Story continues below advertisement

Globally, it is estimated that brands will pour $121-billion (U.S.) into online advertising this year. The whole point is to reach real people, who are potential customers. Advertisers are being duped, and some of that money is going to illegitimate sources – reaching entities that look human, but are actually bots. That means billions of dollars of wasted investment for businesses every year.

The media industry

Today's big challenge to publishers: Online ad revenues cannot match what they used to charge for ads in print. They've moved from print dollars to digital dimes. Fraud makes that problem much, much worse. Sites with fake traffic are taking more of the money that legitimate websites desperately need. Plus, bot traffic throws the entire supply-demand dynamic out of whack on the Web: There simply aren't an infinite number of opportunities to reach people, even if the Internet is very, very big. But all this activity inflates the picture, and drives down the value of online ads even further. Dimes? Try pennies.

Consumers

Who cares if advertisers get hurt? Everyone hates advertising anyway. Consumers should care, because bots live on their computers. Hackers create fake traffic by installing malware – malicious software – on innocent people's computers (for example, by convincing them to click on a link or to download something.) Once infected, a computer works in the background as a bot, visiting sites without its owner's knowledge and clicking on things. Do you hate how easy it is for your computer to become slow and riddled with malware? Hate the fraud that makes it so profitable for people to make malware in the first place.