It’s a shocking statistic. According to Interactive Advertising Bureau estimates, 36 percent of all Web traffic is fraudulent, and bots are the chief culprits. And as marketing dollars continue to pour into digital media, it’s an epidemic that could get much worse.

A bot is malicious software programmed to mimic human online behavior on a mass scale. In the case of cost per lead advertising, bots are used to fill out and submit online lead forms. While the motivations for bot-driven fraud are well known, broadly effective solutions are more elusive. Fraud is a lot like the flu virus – neither can be completely eradicated because they constantly adapt and mutate. And tracking down bot sources can be like searching for a needle in a haystack because the fraudulent activities are dispersed through a large and complex online advertising ecosystem.

Because online marketing fraud is such a knotty, intractable problem, some marketers just bake fraud-related waste into their budgets. But instead of throwing in the towel, there are proven strategies and resources that can help marketers avoid bot-driven fraud and reduce its severity.

If you’re running a lead generation campaign or buying Internet leads from lead vendors, you’re probably going to receive some leads that were generated by bots.  The goal is to block these junk leads before they enter your CRM/marketing database and, if they’re purchased leads, hopefully not pay for them.

A 3-Step Strategy for Battling the Bots

An effective bot defense strategy relies on three key elements:

  1. Analyzing and acting on site traffic,
  2. Analyzing and acting on the lead data submitted on the form, and
  3. Maintaining an ongoing feedback loop about fraudulent leads that make it through to your marketing database.

Step 1:  Site Traffic

If you are hosting the form where the lead is being generated, you have the ability to analyze the site traffic in real time.  There are a number of companies that specialize in this, including Forensiq, Distil Networks, Fraudlogix, and Adometry (recently acquired by Google). These companies analyze site visits to determine which traffic is real and which is likely to be from bots.  They look at numerous factors, and their methods are proprietary. So I recommend that you check them out to learn more about how their services work.

If you aren’t hosting Web forms and are buying Internet leads from a third party lead vendor, you have a more challenging situation because you don’t have direct access to the site traffic. Services like ActiveProspect’s TrustedForm lead certification solution give you access to independently collected site visitor information for 3rd party leads. Using this data, you can check the validity of that site visitor through a real-time API call to one of the services mentioned above.  We’ve partnered with Forensiq for this, and it is integrated into our platform.  Our LeadConduit platform blocks leads according to rules that integrate Forensiq results with a variety of other factors, like site visitors’ location.

Step 2: Lead Data

The data that is submitted on the form provides a lot of clues about whether it was likely submitted by a bot. There are a number of things you can do.  From our experience, bot generated leads sometimes exhibit identifiable patterns.  For example, these patterns could be related to the format of the data or the timing of submissions.  Awareness of these patterns can help you define filter rules to block them.  Sometimes the bot leads will enter in large volumes, so it is important to be able to implement these rules quickly to immediately filter them out.

Using real-time verification services, you can confirm that the submitted information is authentic.  These services can verify the authenticity of the individual data points such as name, phone, mailing address and email.   Some can verify whether those data points correspond with each other.  These services can help block bot leads that use fictitious information.

What if the information is real, but not submitted by that individual?  The real-time confirmation email can be a great tool for this.  Give consumers an opportunity to indicate that they didn’t actually sign up for your offer.  Integrate those responses back into your lead flow.

Sometimes the age of an email account can be a telltale sign. For example, it’s easy to quickly create a free email address that could be used to submit a fraudulent lead. We have seen bots that utilize free email accounts that have been created en masse.  Fortunately, there are services that allow you to check an email address in real time to determine factors like whether it is genuine, how new it is, and how often it appears online, such as on social networks.  These services have real-time APIs so we have integrated them directly into our LeadConduit platform.   Using the results from these various services, you can define rules for the leads you want to accept or reject.

Step 3: Feedback Loop

Even after implementing the bot defense tactics in the first two steps, you likely will still receive some leads generated by bots.  You mighyt be able to discover these once you start to contact the leads.  Once discovered, it is important to mark those leads appropriately and, if they’re purchased leads, return them to the lead vendor where they originated.  This allows the lead vendor to identify the traffic sources used to generate the lead.  In some cases, you might be able to get financial credit from the vendor for those leads.

Speed, Tenacity, and Continual Improvement

The key to bot detection and deterrence is vigilance. Watch for telltale signs and block bot generated leads in real time before they enter your marketing database.  We recommend using a lead qualification process that incorporates many layers of defense.  And when some get through, study how they made it through and continually improve your process.