How Do Fraudsters Make Money? How Can You Prevent It?

TL;DR:
- Ad fraud is a multi billion-dollar industry; some fraudsters earn $5-20 million a year, while fraud rings make much more.
- Fraudsters profit by faking impressions, clicks, installs, and traffic, often through bots, spoofed sites, and ghost apps.
- Advertisers are the main victims, losing money while fraudsters get paid for traffic that never reaches real people.
- Prosecution is rare because ad fraud is difficult to detect, and laws are unclear across countries.
- The best prevention is using advanced ad fraud detection, like Anura’s ad fraud solution.
We talk a lot about ad fraud: what it is, how to spot the different types, and how to protect your marketing dollars from it. While these topics are the most immediate areas of concern for those in the business of spending advertising dollars, if you’re like a lot of our followers, you’re probably wondering how ad fraud translates to income for fraudsters. So, what’s in it for them? How do fraudsters make money?
When you hear about scams that target the bank accounts of the elderly, the reward for those committing the fraud is pretty evident; they’re stealing money, of which they will keep all or a percentage, depending on their fraud network. However, the bad actors perpetrating ad scams don’t necessarily have an obvious reward, at least not to those outside of their operations.
“The average individual ad fraudster makes $5-20 million dollars a year. The average ad fraud corporation pulls many multiples of that...
In other words: more than most drug dealers.” - Forbes
In one example of a corrupted flow of advertising dollars, a group of fraudsters, under the cover of a purported digital marketing business, had relationships with networks that paid them to place ads on websites. But rather than place the ads on real sites, the group displayed them on blank or spoof sites they created to look like premium websites. Using thousands of rented computer servers at various global locations, along with hundreds of thousands of fake IP addresses, the group was able to simulate believable internet traffic for those analyzing their ads’ performance metrics. With bots programmed to “view” the ads and simulate complex human interactions, the group was then able to rake in untold millions of dollars from the advertising budgets of unsuspecting companies.
There are officially more bots on the internet than humans, and not all of them are good. Human traffic went from 62.8% in 2019 to below 50% in 2024, and, most recently, bad bots accounted for 32.2% of internet users. Unfortunately, that’s a lot of opportunities for fraudsters to line their pockets.
It’s worth noting that advertisers are the only part of this flow to be monetarily impacted by ad fraud. The other entities in the process still receive their due portion of the budget, even when the flow back to the advertiser is interrupted by fraudsters. This means that advertisers are likely the only ones in the process with genuine motivation for this problem to be addressed.
But How Does It Work?
Device-driven fraud uses computers, servers, mobile phones, and other devices to mimic genuine ad impressions and engagement. In this type of fraud, bots are employed to imitate human users. They are programmed to take actions that simulate consumer behavior by clicking on ads, filling out forms, and downloading apps. Fraudsters perpetrating this type of fraud make money by sending traffic to publisher sites or devices and getting paid for the fake impressions, clicks, or installs.
Content-driven fraud involves the practice of creating fake websites and apps on which to sell ad space to advertisers who think their ads will appear on real websites. The most common kind of content-driven fraud is the sale of ad space on fake sites, sometimes called “ghost sites” or “cashout sites,” which are websites with no actual content. Bots then visit the counterfeit websites to generate ad views and clicks, generating payments for the fraudsters based on web traffic. Spoof websites that look like well-known websites are also types of content-driven fraud. Fraudsters sell premium ad space on sites that appear to be legitimate, high-traffic sites, earning top dollar for the placement of ads that will never see real consumer traffic.
As soon as cybercriminals start generating traffic and getting paid for it, they can keep doing so indefinitely. The only restrictions for fraudsters are their technical limits, and the more money they make, the more they can put back into improving their hacking technology.
How Do They Get Away With It?
While some fraudsters, like Aleksandr Zhukov of “Methbot,” do get caught, it’s unlikely they are ever held accountable for the full extent of their theft. Investigators covering this specific ad fraud scheme estimated that this criminal kingpin was earning millions of dollars per day, but was only prosecuted for the theft of $7 million.
Ad fraud has continued to grow steadily in recent years due to its lucrative nature and lack of accountability for those responsible. However, unlike more complex scams with a higher risk of being caught and prosecuted, like IP theft or bank fraud, ad fraud is typically fairly simple to execute and brings little risk of facing charges, even if discovered.
When it comes to digital marketing, most companies rely on third-party tracking services to measure performance and detect fraudulent activity. Unfortunately, these services are often not sophisticated enough to protect against the ever-evolving techniques of today’s fraudsters. Using bots enables fraudsters to have very little involvement in the criminal activity itself, as they just start the process and then wait in the wings for the money to roll in. Even if the bots are exposed, the criminals behind them can move on to creating new fraudulent schemes, often undetected.
Because ad fraud is hard to find and stop without specialized tools, the list of unknowing victims continues to get longer as criminals continue their fraudulent activity, mostly unchecked. International legislation isn’t clear yet on the illegality of this type of fraud, which makes prosecution even more difficult. Most countries don’t have specific laws about ad fraud, but they do have less clear laws about cybersecurity. Due to the difficulty of proving ad fraud, criminals are rarely charged for their crimes, even when it is detected.
What Can You Do to Stop Ad Fraud?
Stopping ad fraud takes a robust system that is even more sophisticated than that of the fraudsters you are trying to stop. Anura’s solution has an accuracy rate of 99.999% in identifying fraud, preserving your good leads, and stopping fraudsters in their tracks. This means you get to save marketing dollars while still bringing in conversions and growing your network. We deliver the level of accuracy, thoroughness, and analytics to exceed the demands of every industry. With Anura on your team, you can trust that your ads are being seen by legitimate consumers, and fraudsters are being stopped before they can even get started.
Sign up for your free trial of Anura today to protect your company from fraudsters who want to get rich off your marketing budget.
FAQ
How much money do fraudsters really make?
Individual fraudsters often make between $5-$20 million a year, while organized fraud rings can make far more, rivaling global criminal enterprises.
Who loses money from ad fraud?
Advertisers are the main victims. Agencies, publishers, and networks often still get their cut even when the traffic is fake.
Why is ad fraud hard to prosecute?
Many countries don’t have clear laws against ad fraud, and proving it requires highly technical evidence. Most fraudsters operate internationally, making enforcement even harder.
What types of ad fraud are most common?
Device-driven fraud (bots faking engagement) and content-driven fraud (fake or spoofed websites selling ad space) are the two primary types.
What’s the best way to protect my company?
Use a specialized ad fraud detection solution. With Anura, you can have confidence that your budget is going toward real people.