Published November 6, 2017

Retargeting advertising is one of the most powerful tools for an online business. The ability to target high-value potential customers, or users who have already shown interest in your product or service, has been a revolution for the online advertising industry.

You as a consumer may have even noticed retargeting in action. Have you ever seen ads for a product you were researching, or almost purchased, following you around the internet for several weeks? That is what it is like to be remarketed to.

Because retargeting is so effective, the ads cost significantly more… That also means that the payout for scammers is significantly higher. As a result, scammers are focusing more and more of their resources towards retargeting fraud and the large payout it delivers.

So how do the scammers profit from retargeting fraud? First, we have to understand who all of the players involved are, and the part they have to play.

The Players

In every scam, there are good guys and bad guys. When it comes to advertising fraud, there are four major players, one is good, one is bad, and the other two are unwitting automated participants.

The Business

The Business

This is the good guy, or as the fraudster calls him, the mark.

The Ad Network

The Ad Network

This is the ad network. It sells ads to the business and buys ad space from the fraudster. The ad network has several automated functions that come into play in the scam.

Automated Traffic

Automated Traffic

This is bottom of the barrel bot traffic. Bots make up nearly half of all internet traffic. Some are good bots. Some are bad. It depends on what the bots are being told to do.

The Fraudster

The Fraudster

This is the bad guy. He runs a bunch of low effort websites that run ads from the ad network. He specializes in regurgitating tech news, health topics, and celebrity gossip.

The Scam

Retargeting fraud is ultimately a simple scam once you see where the money goes. Bots are sent to a business's website in order to get tagged for retargeting ads. The bots are then sent to the fraudster’s website to “look” at the ads that the business is paying to display. Here is how it happens...

Ad Buy

1. The business buys some ads from an ad network.

If any business wants to survive online, it has to advertise. The business here has made no mistake, nor will they need to, in order to expose themselves to retargeting fraud.

Traffic Sale

2. Meanwhile the fraudster rents some bot traffic.

Where the traffic is purchased can vary. The fraudster could be buying traffic from a bot-net of infested PCs or a "traffic monetization service". The traffic is dirt cheap, and can be had for a fraction of a cent per action.

Traffic Deploy

3. The bots are disguised as normal users.

The bot traffic is designed to look like real traffic that is comprised of actual potential customers. Then the bots are sent out to search engines and social networks to find active advertising campaigns.

Traffic Deploy

4. The bot traffic finds the business's websites.

The traffic will use high-value search terms to find websites that are actively spending advertising dollars for paid search results.

Play Shopping

5. The bots pretend to shop.

The bots are programmed to interact with the business's website like normal users would. The bots perform specific actions that the ad network is watching for, called success metrics. In this case, the success metric is placing items into a shopping cart.


6. The ad network tags the bots as high-value users.

Ad networks use success metrics to determine which audience(s) a user should belong to. In this case, the ad network has unknowingly tagged these bots as high-value users with highly valued interests, and placed them into several audiences to potentially be shown retargeting ads.

Abandoned Cart

7. The bots abandon their shopping carts.

The ad network witnesses another success metric, cart abandonment, and records the behavior. The "user" is now placed in an additional audience that will be served ads for items they almost bought.


8. The business buys some retargeting ads.

The business executes its monthly advertising buy, including retargeting ads. The business still has not made a mistake and is following the best practices.

Click Fraud

9. The bot traffic is directed to the fraudster's websites.

This is where the fraudster gets paid. Bots register views and clicks on the high-paying retargeting ads being displayed on the fraudster's websites.

Click Farm

10. The fraudster repeats this thousands of times.

The scale and speed at which advertising fraud and retargeting fraud can be executed is staggering. For the fraudsters it is a simple equation, they get more for every click than it costs them. It's free money.

Stolen Budget

11. The bots continue until the ad budget is exhausted.

The ad network will continue to display ads until the ad spend is exhausted, which is when the bots will move onto the next business with a fresh budget.

So how can you protect your business from advertising and retargeting fraud? The first step is to score the traffic visiting your site for bots and fraud. Removing the ad networks that deliver the lowest quality traffic will go along way in preventing both basic ad fraud and retargeting fraud. The next step is to hide fraudulent users from any ad network scripts running on your website. Preventing bots from getting tagged will restore retargeting to a viable technique. The third step is to build better audiences out of high-scoring traffic to make retargeting even more effective. NS8 TrueStats and NS8 Protect for platforms can do all of this and more.

NS8 Protect

Protect your storefront from retargeting fraud and the other revenue killers.

Learn More