Lead Generation Fraud

What is lead generation fraud?

These types of bots are typically used for generating fake leads by filling out lead generation forms. A lot of advertisers roll out lead-generation campaigns with the objective of gaining potential leads to tap into and drive the marketing efforts further. However, when such campaigns are infiltrated by bots, the fraudsters fill out the forms and earn credit for a lead with zero results.

The form bots are mainly used for the following purposes:

1. To generate fake leads for a campaign
2. To access restricted content that has been gated (online articles, e-books and white papers that require a user to fill the form before downloading the same)

Form bots can be employed by fraudsters to earn a bumper by generating fake leads. In many cases, competitors of a company can also employ them to drain the advertising budget of the rival brand through irrelevant leads.

They are most prominently used in campaigns that employ a CPL (Cost Per Lead) revenue model.

How do form bots work?

These bots function like any other bot. It usually carries a code which is programmed to perform a specific task. The task in this case is filling the required details in the form impersonating a human user. On reaching a webpage, the bot scans and analyses the page to identify a field which has the form-filling code embedded. Once the field is identified, the bot compares it to the parameters it was programmed with and performs the task of filling the form.

Now you may wonder how there is a difference between a human and a bot filling the form? This is possible because form bots are programmed to handle large databases of stolen user data. It is this data which is used for populating the form filling field pretending the lead forms to be filled by real users instead of bots.

Highly sophisticated bots also mimic human behaviour to avoid being tracked. They may spend a huge amount of time on specific pages thereby increasing the average session duration while all they are doing is analyzing the field which has the form-filling code.

These infiltrated bots can cost advertisers a lot. For example, if you run a campaign with a budget of $200,000 with the objective of generating leads, then the revenue model is CPL. In this case, let’s assume each CPL to be $100. In this way, you will be able to generate 2000 leads. If 30% of the leads generated are fake, it would directly cost the company $60,000.

How to prevent form bots?

1. Honeypot technique

The most used and proven technique of detecting bot forms on your digital assets or specific campaigns is through honeypot forms. These are clone forms that are created specifically for identifying the bots that are generating fake leads. They impersonate the actual forms with the difference that they are planted to confirm the presence of bots.

Now you may ask, what if such honeypot forms are filled by real users? This is not possible since the honeypot forms are filled with HTML code which is a CSS code that is ignored by the bots while filling out the form fields. This code prevents the forms from being viewed by the users and can only be seen by the bots. Moreover, JavaScript code can be used to handle form submissions by defining parameters related to the honeypot field.

2. Email verification for forms

A simple technique to eradicate bots from the lead generation campaign is to use email verification. This requires every user to provide his/her email while filling out the form. Once submitted, a verification link can be sent to the email. If the link remains unclicked for a certain period, it can be ignored and considered an irrelevant lead.

However, sophisticated bots may have access to emails as well in the stolen consumer database at their disposal. Thus, to make this technique more effective, the advertiser can mandate the company's domain-specific emails only. Rest other emails from universal domains can be rejected.

For example, if a user submits a form by filling in his email as [email protected] , the form can be rejected. However, if it’s submitted as [email protected] the form can be accepted. This also helps in narrowing the target for the campaign.

3. Sudden Spike in Leads

A direct evidence of bot infiltration in a campaign is the sudden increase in the number of leads. To ensure that this sign is not missed, it is important to track metrics such as Daily Active Users (DAU) or Monthly Active Users (MAU) for your digital assets. A mobile app with a monthly subscriber base of 2000 cannot generate almost 100 leads from a single campaign.

4. Using CAPTCHA Tools

A less effective but high-in-use technique of bot mitigation is using CAPTCHA tools. It strikes a clear difference between human and bot impressions by focusing on certain parameters to verify the identity of the user.

However, CAPTCHA cannot be effectively used for each lead generation campaign. It works well for blocking basic bots. However, when there are big campaigns with a specific target number of leads to be acquired, it’s best advised to not rely on CAPTCHA tools for mitigating the risk of a bot attack.

5. Fraud detection tools

A number of IVT Management software, like ClearTrust, provide automated filters that monitor and filter non-human impressions before they infiltrate any campaign and take the required action, like filling out a form in this case. Most of the software can easily be configured into your digital system in a hassle-free manner and the bot detection starts as soon as this process is completed.