Attribution Digital Marketing

Attribution Poaching and Remaketing Fraud

Many popular Remarketing Platforms purposely report misleading metrics. Their goal is to fool advertisers into increasing ad spend. Here are the tactics they use and the ways you can protect yourself.

Common Deception Tactics by Remarketing Platforms

View Through Conversions

  • A View Through Conversion is when a user sees your ad, DOES NOT CLICK on the ad, and later makes a purchase.
  • A Click Through Conversion is when a user sees your ad, CLICKS on the ad, and later makes a purchase.

For a sales driven remarketing campaign you should exclusively focus on Click-Through Conversions and ignore View-Through Conversions. The incremental sales generated by an ad display in a remarketing campaign is almost zero.

Remember that we are working with a Remarketing campaign. We are targeting customers that are aware of your brand. Customers who have already visited your site. In many cases, customers that have added a product to their cart and are very close to purchase.

Consider this scenario: A long time customer visits your site, quickly finds the product he is looking for and starts the checkout process. In the middle of checkout, he receives an e-mail from a friend. He opens the e-mail and clicks on a link. That link takes him to a news site to read an article. Since he is in your remarketing audience, that news site shows him an ad and records a “View”. The customer finishes reading the article and returns to your site to complete his purchase. Your remarketing campaign has now taken credit for that sale because an ad was displayed to this customer.

If your customer visits any webpage during the purchase process, or if they have another browser tab open, they will likely be exposed to an ad view. That ad view will get View-Through credit for that conversion.

The number of View Through Conversions recorded in a remarketing campaign can be more than ten times that of Click Through Conversions. It is no wonder that remarketing platforms and ad agencies are eager to include View Through Conversions in ROI calculations. If you include View Through Conversions you will see fantastic performance results. This will cause you to double or triple your budget. It’s easy money for them.

Here is what a fictional remarketing campaign with a typical distribution of view vs click conversions might look like:

 Ad SpendClick ConversionsClick SalesView ConversionsView Sales
 $12,00050 $10,000 400 $80,000

If we use Click Conversions to calculate performance, we lose $0.17 for every $1.00 in ad spend. We have a negative ROI. The campaign is not profitable. We need to DECREASE our bids and budget.

 Ad SpendConversionsSalesCPAROASROI
 $12,00050 $10,000 $240 0.83-16%

If we add View-Through Conversions to our calculation, we come to a totally different conclusion: The campaign is now performing fantastically well. We profit $6.50 for every $1.00 in ad spend. That’s a 650% ROI! The campaign is super profitable. We should INCREASE our bids and budgets. This is exactly what your remarketing platform wants you to do, but is exactly the OPPOSITE of what you should do.

 Ad SpendConversionsSalesCPAROASROI
 $12,000450 $90,000 $26.60 7.5650%

The (unfortunate) reality is that the 400 view-through sales above were not a result of your remarketing campaign. The ad display is simply poaching attribution from your other channels.

Note: View Conversion metrics are valuable and useful in many scenarios. However, in the context of a sales driven remarketing campaign they should be excluded.

Cookie Bombing and Fake Impressions

Compounding the problem of View Through Conversions are fraudulent ad impressions and cookie bombing.

Over 50% of Display Ads never actually appear on the user’s screen. They are fraudulently served in a hidden iframe, or are stacked underneath other ads, or are compressed into a 1×1 pixel image, etc… These hidden fraudulent ad impressions still record a “View” in the user’s remarketing cookie. When that user eventually purchases on your site, that invisible fraudulent ad gets credit for the purchase.

If a particular ad network’s website can generate many conversions for advertisers, then those advertisers will want to spend more with that website. Fraudulent sites engage in “cookie bombing” to maximize the number of conversions they can “capture”. They serve as many ads to as many unique users as possible, so that as many users as possible have their cookie. The more users have their cookies, the more conversions will be credited to their sites, and the more ad budget money they will be paid.

To be clear, these sites are not actually serving any visible ads to any users. They are generating fraudulent ad impressions to set cookies on as many users as possible in order to “poach” conversion attribution (and budget) from your other channels. If a user with their cookie ever makes a purchase in the future, that site will get a view-attribution for that purchase, causing more ad budget money to flow to them.

All these hidden impressions distributed to as many users as possible cause View Through Conversion metrics to skyrocket. As mentioned before, View Through Conversions reported by an ad platform can easily be more than 10 times the number of Click Through Conversion reported. It is no surprise that ad platforms want you to believe in and count View Through Conversions.

New Attribution Models: View Throughs Disguised as Click Throughs

The simple way for an ad platform to fool you into counting View Through Conversions is to simply have a single “Conversions” column and lump all conversions in there. The platforms are however getting more sophisticated at transforming view conversions into click conversions, using new attribution models as a guise:

  • YouTube TrueView Conversion is any conversion that occurs after the user has watched 30 seconds of a video. Even if no click happened. TrueView conversions get counted in the Conversion column in AdWords along with the regular Click Through conversions. This makes it seem like an actual click happened, when none did. What makes this even more confusing and misleading, is that YouTube will still report View Conversions in a separate column. Since there are two separate columns, one tracking View Throughs explicitly, you will assume that the Conversions column must only contain clicks. This is not the case, and if not careful, you will significantly overspend on your YouTube remarketing campaign.
  • Steelhouse’s “Verified Visit” model counts any View-Through visit to your site within 1 hour of seeing an ad as a “Verified Visit”. Any conversion that happens within 30 days of this “Verified Visit” is counted as a Click Conversion (even though, no click ever occurred). Steelhouse will skirt the View Through question by saying that they only count conversions from “Verified Visits”. This will mislead you to think that they only count Click Through Conversions. But that is incorrect. The stats they report definitely include View conversions, which inflate your ROI, and cause you to overspend.

I spent months believing that SteelHouse’s numbers were based solely on clicks and post-click conversions. SteelHouse’s conduct made it appear to perform better than it actually was performing. Toms made spending allocation decisions and marketing vendor choices based on SteelHouse’s inflated performance.

Anna Hordov
former Online Demand Generation Manager, Toms

How to protect yourself from View Through Conversion “fraud”?

  • Insist that your platform report on Click Through and View Through Conversions in two separate columns. It is OK to include View Conversions in a report if they are in a separate column. It is NOT OK to combine View Conversions with Click Conversions in the same column.
  • Validate all data with your site analytics. Your analytics platform should report the actual accurate click through conversion data. Always compare the reports your remarketing platform generates with your own analytics data.
  • Don’t run Conversion focused YouTube remarketing campaigns. There is currently no way to opt-out of the TrueView model, therefor your conversion column will be overstated. Read more about TrueView…
  • Don’t use Steelhouse. Their Verified Visit model is designed to fool you. They also use their tracking pixel to inject data into your analytics. Scary stuff. Avoid.
  • Don’t use Criteo. They won’t tell you where your ads are displayed and their network has much more fraudulent sites participating in cookie bombing than anyone else. Avoid.

Fraudulent Automated Clicks

Fake clicks are an evolution of Cookie Bombing, except in this case clicks are auto generated onto the invisible ads, sending invisible visits to your site, and claiming Click credit for your purchases.

How Fake Clicks Work

  1. A legitimate customer visits your site but does not purchase. He is now placed into your remarketing list.
  2. This customer now visits another site on the internet. That site serves up an invisible ad and automatically “clicks” on that ad.
  3. That click causes an invisible visit to your website, by that customer. That customer’s remarketing cookie records a click and a site visit.
  4. Your legitimate customer now has a remarketing cookie set that says he saw an ad, clicked on that ad, and visited your website from that ad.
  5. When that customer comes back to your site to make a purchases, that ad will take credit for the conversion.

There are two issues here: The first is that you’ve paid for a fraudulent click. The second more important issue is that a conversion has been attributed to that fraudulent click. As a result, your remarketing platform appears to be performing better, meaning you will likely increase your budget in order to buy more of those fraudulent clicks.

Obfuscation and Lack of transparency

Anytime the remarketing network is hiding data from you, that’s an opportunity for them to fool you. For example, Criteo refuses to be transparent with the list of publisher sites where you ad appears and where your clicks and conversions come from.

3.6% of Criteo’s ‘users’ generate 25% of its clicks. Such behavior by real human users is highly unlikely. This behavior is indicative of adware, bots, click farms, or other code created by Criteo or its affiliates to generate clicks and drive up Criteo’s click-count numbers.


How to protect yourself?

  • Insist on detailed and transparent reports on where your ads were served, and where the clicks came from. If certain sites seem to have unusually high click and conversion rates, dig deeper into those sites to see if they are legitimate or not.
  • Avoid using platforms that lack transparency. Don’t use Criteo for this reason, as they refuse to provide transparent reports of where your ads are served, preventing you from doing a proper audit.

Hijacking Visits and Overwriting Analytics

When you install 3rd party javascript pixels on your site, you give the owner of that script a lot of power. In particular that script can overwrite referral data, popup hidden pages, and generate clicks to your site. It can even directly write to your analytics platform!

You may think that your analytics data is safe, but think again. When you install any 3rd party javascript on your site, you also expose your analytics account for injection.

This is super alarming and you should be very concerned about this capability. Any Advertising Platform that has any javascript installed on your site can be overwriting and modifying your analytics data. They can override referral data for direct and organic visits to make it look like they are coming from their network. They can highjack e-commerce transactions and attribute them to themselves. They can make it seem like they are out-performing all your other marketing channels.

SteelHouse used “malicious code to make it appear as though an internet user clicked on a SteelHouse-placed advertisement, even though no such click occurred.”

Leah Bliss
former Global Retargeting Manager, VistaPrint

Steelhouse, under their Verified Visit model, uses their javascript pixel to generate clicks on ads, visits to your site, and to attribute conversions to themselves directly in your analytics.

How this works:

  1. A legitimate customer visits your site but does not purchase. He is now placed into your remarketing list.
  2. This customer now visits another site and is shown an ad. The customer DOES NOT click on the ad, but the remarketing cookie records a View.
  3. An hour later, the customer revisits your site from an organic source. The pixel script on your site detects that the customer has a recent ad view recorded.
  4. The pixel script loads an invisible iFrame, in the iFrame it loads the original ad and generates an automatic click and visit to your site.
  5. Your legitimate customer now has a remarketing cookie set that says he saw an ad, clicked on that ad, and visited your website from that ad. Your analytics data also says that this customer came from an ad click, and not from the original organic source.
  6. When that customer comes back to your site to make a purchases, that ad will take credit for the conversion.

Worst still, when you look in your analytics, it will appear that your Remarketing Platform is sending you lots of visitors and conversions, which will cause you to spend more with them. The reality is that these visitors are organic visits that were hijacked by the remarketing pixel.

“SteelHouse’s practice of inserting a code into an internet user’s browser to make a view of an advertisement appear indistinguishable from a click on Decker’s Adobe Analytics system is not, in any way, common or acceptable industry practice. Nor should it be because it is deceptive.”

Graham McCulloch
Director of eCommerce, Deckers

How to protect yourself?

  • Insist on an image only tracking pixel. Although this is rarely a viable option, try to avoid 3rd party javascript when possible.
  • Keep your analytics private and hidden. The less they know about your analytics platform and setup, the more difficult it will be for them to inject data. Avoid giving them any access, and ideally don’t even tell them what platform you use.
  • Get a written declaration from the Remarketing Platform that they will not inject data into your analytics, that they will not modify referral data, that they will not generate clicks, nor do anything that will simulate visits to your site or in your analytics.
  • Don’t use Steelhouse

More steps to protect yourself

Be very skeptical

Be very skeptical of all data provided by the 3rd party platform. By default assume they are lying to you and are trying to take your money. Always rely on your in-house analytics data first (although even this can be messed with via 3rd party pixels) and always try to deeply understand how their platform and algorithms work. Explicitly ask what they are doing about ad fraud.

Beware of secret sauces, black boxes, and magical artificial intelligence powered predictive self optimizing algorithms. If something looks too good to be true, then it probably is.

Never ask the barber if you need a Haircut…

The ultimate selfish goal of any Advertising Platform is to MAXIMIZE your ad spend. You are THEIR customer and they want YOUR money. They want you to allocate as much of your budget to them as possible. They are incentivized to fool you.

Therefore be very skeptical with the data they give you and the stories they tell you. I would explicitly AVOID using either Steelhouse or Criteo due to first hand bad experiences with both.

More Reading about this topic:

2 replies on “Attribution Poaching and Remaketing Fraud”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s