Skip to main content

Domain spoofing is a criminal act of impersonating a high-quality platform using a low-quality website to obtain programmatic bids. In Sep 2020, MultiTerra was accused of obtaining a monthly revenue of $1 million by using this malicious method for their ad inventory. The organization is a top-rated ad publisher on mobile and connected TVs or CTVs. The key reason for the attack was high CPMs or ad rates.

Botnets generated almost three million daily fake ad requests with an average of fifty impressions per nine premium publishing apps using a single IP impersonating sixteen smartphones. The Association of National Advertisers (ANA) declared a loss of $5.8 billion in May 2019 after analyzing 27 billion ad impression results of 50 online ad marketers.

However, Juniper Research disagrees with this result and estimated a global loss of $42 billion through ad frauds. Another study suggests that domain spoofing through 404bot ad frauds caused a loss exceeding $15 million in 2018. These figures tremendously affected advertisers, marketers, and publishers.

3 Types of Ad Frauds Involving Domain Spoofing

The liability of ad fraud falls directly on the publishers, and they deal by manipulating ad tags. Unfortunately, they are not rewarded for their predicted profits if caught in the act. Moreover, advertisers and marketers encounter major monetary and consumer losses. Some of the most common ad frauds involving domain spoofing are as follows:

● Ad Tag Modification

A publisher can promise a constant audience on a high-quality ad space but use sub-par websites in the background by modifying ad tags. The advertisers believe that their results appear from a high-quality platform. Ad tags are used to track the publisher’s ad effectiveness on the company website.

● Ad Injection

Another common practice by fraudsters is injecting ads into the end-user browser when they visit specific websites or accidentally click a download button. The malware or infected ads use codes for displaying ads not owned by the publishers.

● Custom Browsers

Scammers also engage in websites operational only on custom browsers. They spoof URLs by showing premium platforms to advertisers. The latter conduct transactions without knowing that it is just a disguise.

Until 2017, authorization was a concern for websites because fraud rings were operating Hypbot and Methbot. Advertisers lost more than a million dollars yearly because of these scams. They came to a halt after the introduction of the “ads.txt” file. This step taken by the Interactive Advertising Bureau (IAB) helped to combat programmatic advertising spoofing by tracking ad inventory.

Unfortunately, the problem diminished significantly but remained because advertisers failed to keep track of their inventory and gave rise to the 404bot scammers. The fraudsters used this information to target unaware buyers by spoofing publisher domains. The scheme is named after the 404-page appearance running in the background and appearing as an authorized seller to the advertiser.

Domain Spoofing Attack Indicators

The easiest method of identifying a domain spoofing attack is by checking the details of URLs. Match the URL against the one generated by the organization and check for discrepancies like misplaced or extra characters. Analytics can help in recognizing such threats to the company.

Advertisers, marketers, and publishers can check real domain names through analytics. By doing so, they can check the real-time bidding traffic. Moreover, the analysts can even verify the cost-per-mille (CPM). The latter is commonly referred to as cost-per-thousand (CPT) and used by advertisers as a monetary expenditure indicator for every thousand impressions or views.

3 Methods of Avoiding Ad Campaign Domain Spoofing

Domain spoofing drastically affects ad campaign leads and the larger impact falls on the brand reputation. Fortunately, a few methods can help to avoid ad campaign domain and email spoofing:

● Verify Publishers

Review the publisher background before making an ad placement bidding by asking for transparency and checking online or offline reviews. Ensure the publisher is not questionable and ask the third party to conduct an online background check before making any transactions.

● Use Ads.txt File

Websites that don’t update “ads.txt” file regularly become prone to domain spoofing attacks. Reconciling the same, the “Authorized Digital Sellers” file, owned by the publisher, helps in the management of authorized ad inventory. Comparing information on ads.txt and sellers. SON files help to learn about publisher inventory. The sellers.json file represents ad inventory directly authorized for the sellers.

● Avail the Services of Ad Fraud Detection Company

mFilterIt is one of the leading organizations for brand management through mobile and web ad fraud detection and analyzing traffic. The ad fraud suite of the organization weeds out fake traffic ad sources and advertisers have saved 36% on campaigns by using this suite.


Ad frauds through domain and email spoofing have become like the ongoing COVID-19 virus. It has become crucial to fight against scammers posing as publishers or advertisers to build or maintain brand reputation and customer base.


Leave a Reply