ad fraud data and facts logo
New Research Report: Quantifying The Cost Of Ad FraudView Now
New Report: Quantifying The Cost Of Ad Fraud View Now

The Biggest Ad Fraud Scam Cases (That We Know of)

top ad fraud scams

Ad fraud is now the biggest fraud globally, eclipsing even credit card fraud. In 2023 alone the cost of ad fraud was $84 billion – an eye watering sum eclipsing credit card fraud’s $10 billion in the same year.

But ad fraud is nothing new, and has been with us practically since the dawn of internet advertising. We’ve lined up some of the worst offenders, the biggest ad fraud scams of all time.

But, before we do, we’ll need to explain what ad fraud is, who wins from these scams and why they seem to be unstoppable.

How does ad fraud work?

Ad fraud is the process of fraudulently clicking on paid ads, including video ads and in-app display ads, to collect an inflated payout. It typically affects display ads on the Google Display Network and the Meta Audience Network, but occurs on every platform that provides display ads.

Fraudsters usually generate huge volumes of websites, many of which are spoofed or copied, or made for advertising (MFA websites). They will then embed banner or video ads into these websites, with most not even visible to the human eye – and then direct click bots to engage with the ads.

Another method is to embed malware into software such as apps and browser extensions which can then remotely click ads on the fraudsters behalf. These ads might be loaded in the background on the users device, or they might secretly access websites without the users knowledge.

Due to the huge volume of websites and clicks involved, and the relatively sophisticated processes involved, ad fraud networks can steal huge sums from right under the noses of both advertisers and the ad networks.

Who is behind ad fraud?

Most of the ad fraud scams that have been uncovered have been operated by either organized gangs, or, on occasion, software developers who have hidden malware within apps.

While some of the fraudsters committing ad fraud do hack servers and setup their own botnets, it’s also possible to simply hire established bots to generate fake ad traffic.

This was the case with some of the biggest ad fraud cases which simply hired established networks of bots to create huge volumes of sophisticated invalid traffic. This means that a very small group of people can cause a lot of damage.

The biggest ad fraud scams

2023: Google TrueView


A report from Adalytics found that between 42% to 75% of ads served on Google’s Trueview platform did not meet Google’s own standards. This form of impression fraud was thought to be happening for ‘many years’ according to the report.

TrueView is is Google’s platform for managing video ads, serving ads on YouTube as well as other publishers, including many mainstream sites such as Reuters, Wired and NY Times. Some of the criteria include that video that isn’t skipped after 5 seconds, are fully audible, and should be initiated by the viewer.

However, the report alleges that video content was hidden, obscured (so the skip button couldn’t be clicked), auto-played, played without audio, multiple ads displayed and that there was even evidence of ad stacking.

It’s also estimated that thousands of views were attributed to bot views.

Read our full report on this scam: Google’s TrueView is Costing Advertisers Billions in ‘Ad Fraud’

2024: Fake


Forbes is one of the most trusted publishers, both in print and online. But an investigation by the Wall Street Journal uncovered a subdomain,, which was a made for ads (MFA) version of the main Forbes site.

The www3. site was allegedly owned and run by Forbes, and used to host ads by major brands including JP Morgan, Disney, Johnson & Johnson and Ford – among many others. But the difference being that the fake site was hidden from search engines, with traffic mainly coming from third party sources. Advertisers were still paying premium prices to run their ads on the MFA Forbes site, despite the fact that their ads never reached the volume of real users or target audience they would have expected.

A report in The Wall Street Journal states that the site had been running since at least 2017, and that advertisers were unaware that their ad inventory was running on the subdomain.

2017: Uber vs their own Ad Agency (Phunware)


Ride hailing giant Uber hired several agencies to boost installs of their app. However, at some point in 2016 they became suspicious of the amount of clicks and lack of genuine installs. On inspection, it became apparent that several ad networks were using fraudulent activity including click flooding to boost their ad payout.

Click flooding, also known as click spamming or attribution fraud, is a process whereby a malware infected app generates huge volumes of automated clicks in the hope of being rewarded for a genuine install.

As well as click flooding, it was also found that one agency called Phunware used auto-redirects and fake ad placements to further inflate their earnings.

Although Uber estimated that they lost around $100 million to ad fraud as a result of their overall campaign, Phunware were found liable and ordered to pay Uber just over $4 million in 2020.

2016: DNS Changer


Vladimir Tsastin is an Estonian national who was charged in the US with being the mastermind behind an ad fraud campaign named DNS Changer. Tsastin and his colleagues established several ad networks which resold ads from other networks, but they fraudulently inflated the click traffic by using malware bot clicks, click hijacking and ad switching.

The main method used to perform this complex fraud was by infecting users’ computers with malware, and then routing their traffic through Domain Name System (DNS) servers operated by the gang. This then allowed the gang to carry out their fraud undetected, and even to prevent infected computers from updating anti-virus software.

It’s estimated that the DNS Changer malware infected 4 million computers and could process around 3000 fraudulent clicks per second.

Tsastin and his gang were found guilty of wire fraud and conspiracy to commit computer intrusion, with sentences ranging from three to seven years.

2016: Methbot


One of the most famous ad fraud scams, Methbot was carried out by Alexander Zhukov, a Russian national who gave himself the title the ‘King of Fraud’. Zhukov established an ad platform, Media Methane, which also a reseller of ads from other ad networks.

But rather than serve these display and video ads to real websites, Zhukov used an elaborate network of over 2,000 servers to spoof real websites and generate false ad impressions and clicks. For example, data would show to an advertiser that their ad was served on the New York Post’s website, but the actual ad was only ever shown on a blank webpage which was then viewed and clicked by a bot.

Although Zhukov hyped himself as the mastermind, he actually hired a large team of developers from across Russia and the former Soviet states to help him with the scam.

Zhukov was sentenced to ten years in the US for wire fraud and money laundering. It’s estimated that the Methbot campaign stole over $7 million from advertisers.

2018: 3ve


Alongside Methbot, 3ve (Eve) is often held up as one of the biggest and most audacious ad fraud scams ever. Scamming advertisers out of an estimated $29 million between 2016 and 2018, 3ve used a sophisticated process of domain spoofing, generating fake traffic using existing malware botnets and evading detection

One of the masterminds behind 3ve was a Kazakh national called Sergey Ovsyannikov, who also worked with the team behind Methbot. 3ve also used some of the infrastructure and processes used by Methbot to scam advertisers for over 3 years. However, using malware bots meant that 3ve could perform even greater volumes of click fraud and ad fraud, earning it the title of one of the biggest ad fraud scams ever.

2018: Master134


A prime example of a criminal network using ad fraud to fund further online crimes, Master134 is a complex ad fraud case. An individual named ‘Master134’ had access to around 10,000 hacked WordPress websites, and fraudulently siphoned off traffic from these sites to legitimate ad networks.

However, these ads were never seen by real human audiences. Instead, the campaign used a highly sophisticated botnet operation to simulate human traffic. This included the generation of fake clicks, mouse movements, and browsing patterns to mimic human engagement. Through this method, Master134 was able to deliver large volumes of what appeared to be legitimate traffic, but was entirely fraudulent.

As well as using malware infected sites to distribute fake clicks across these ad networks, Master134 also distributed malware infected ads. This malware was then used to perform other more insidious frauds such as ransomware and keylogging.

2019: Hydra


This sophisticated botnet was first spotted in 2019 by Protected Media, but only taken down in late 2020. During that time it was thought to have stolen around $130 million from advertisers in one of the biggest ad fraud scams of recent times.

Hydra was able to provide new bot traffic even when one source was identified and blocked – similar to the mythical Hydra with it’s many heads. And by being able to cycle through IP addresses and proxies, Hydra was able to grow and manipulate various ad networks.

Although the fraudsters behind Hydra have not been uncovered, this botnet has been taken offline.

2014-2020: Cheetah Mobile


Chinese software developers Cheetah Mobile had a turbulent history including several accusations of click fraud practices.

In one case from 2018, Cheetah Mobile are accused of using click injection via their apps to falsely claim payouts for app installs. And in 2020, Cheetah was finally removed from the Google Play Store, along with all 45 of their remaining apps, due to fraudulent practices and disruptive ads.

With billions of downloads, it’s clear that Cheetah Mobile apps were responsible for a massive amount of fake click traffic amounting to millions of dollars.

2021: Tag Barnakle


Discovered in April 2021, the threat group behind Tag Barnakle managed to infiltrate numerous ad server systems to inject malicious code and carry out fraudulent activities on a wide scale.

Tag Barnakle’s method of operation involved compromising Revive, an open-source ad serving system that numerous publishers use to manage advertising on their websites. 

Once the cybercriminals gained access to the ad servers, they injected malicious code that would execute when a legitimate ad was served to a user. This malicious code typically either redirected users to other websites or generated fake ad views without the users’ knowledge.

2024: Vastflux


Currently thought to be one of the largest ad fraud campaigns ever uncovered, Vastflux mostly affects iOS apps. Vastflux operates by using various fraudulent practices such as ad stacking and malware, generate high volumes of fake impressions on mostly video ads.

This is also thought to be an extension of the Matryoshka ad fraud campaign from 2020 which was used to both commit ad fraud and manipulate votes in the US elections of that year.

Although it’s hard to say how much Vastflux has cost advetisers, it’s thought that Matryoshska cost advertisers over $10 million in 2020 alone.

Prevent your ads from running on scammy websites

The exposure of bigger and bigger advertising fraud scams in the digital advertising industry highlights the ongoing threat of ad fraud. And while the headlines keep coming, at present the ad platforms themselves seem to be doing nothing new to prevent ad fraud – leaving the responsibility with advertisers.

While PPC advertising campaigns remain one of the best ways to promote your business online, advertisers need to be aware of the ongoing challenges from fraudulent traffic. This is especially true for any businesses targeting display ads where some of the most high risk and low quality traffic is to be found.

To fight ad fraud, you need to ensure you have a tool that monitors traffic quality and prevents bad clicks.

Fraud Blocker is fast becoming one of the most trusted ways to protect ad spend on Google, Facebook and Instagram ads. Whether you’re running paid search, display ads or paid social media campaigns, make your marketing spend go further by blocking invalid traffic.

Sign up for a 7 day free trial and find out why more and more businesses like yours are turning to Fraud Blocker.


More from Fraud Blocker