Ad fraud activity is highest on certain browsers made by Microsoft Corp.MSFT0.14% and Alphabet Inc.GOOGL0.69%’s Google, according to research by ad fraud detection company FraudLogix.
Fraudsters can manipulate consumers’ web browser software for their financial gain by infecting browsers with malicious code and forcing them to load certain webpages. For advertisers this is bad news, since they can wind up paying for ads which can never actually be seen by real people.
To examine the role of browsers in this process, FraudLogix examined a sample of 135 million individual online ad impressions over a seven-day period in July, and analyzed the browsers to which the ads were served. The company also tracked the portion of those ads its technology deemed as delivered to “non-human” or “bot” traffic.
The browsers in which the most fraudulent impressions loaded were versions of Microsoft’s Internet Explorer browser and Google’s Chrome browser, the study found.
Some 50% of impressions served to Internet Explorer over the course of the study were to “non-human” traffic, FraudLogix said, compared with 20.5% of impressions served to Google’s Chrome browser.
Microsoft and Google each questioned FraudLogix’s methodology, saying it isn’t possible to accurately measure fraud at the browser level.
“Bots and malware often forge user agent strings to produce “fake” traffic, which can’t be attributed to a particular browser,” Microsoft said in a statement.
Google said in a statement, “When malware infects someone’s device or web browser in general, the infected machine may act as a fraudulent bot impersonating any browser, even if it isn’t installed on the infected machine. As a result, we’ve found that measuring ad fraud per browser has not been a helpful way of understanding this issue.”
FraudLogix Chief Executive Hagai Shechter acknowledged that infected computers may impersonate browsers, but said the company does not believe that happened in most instances it tracked during its study.
Instances of fraud are potentially higher for Chrome and Internet Explorer because of their widespread adoption, Mr. Shechter added. Other browsers might be more vulnerable, but they make less attractive targets because they have fewer users.
16.2% of the overall traffic FraudLogix examined was from Internet Explorer, compared with 61% from Chrome.
A recent study by the Association of National Advertisers estimated that advertisers could waste $7 billion this year on ads no people will ever see. Users may have little idea their browsers have been infected, since the webpages can be loaded in the background without them noticing.
Other browsers examined during the FraudLogix research included Mozilla’s Firefox, Apple’s Safari, and Microsoft’s newer browser, called Microsoft Edge.
Fewer than 5% of impressions delivered to all versions of those browsers were deemed fraudulent by FraudLogix.
Mr. Shechter said instances of fraudulent impressions were significantly lower for more recent versions of the Chrome browser, suggesting Google is successfully fixing “vulnerabilities” in its software. Many of the Chrome browser versions with the highest fraud rates are no longer supported by Google, and are used by a relatively small number of users.
“It seems like Google gets it, and that they’re addressing the vulnerabilities and the holes,” Mr. Shechter said.
With regard to Microsoft’s Internet Explorer, Mr. Shechter said he was surprised to see that one version of the browser, Internet Explorer 11.0, contributed the highest percentage of fake traffic overall.
That version of the browser has been discontinued, but is technically still supported by Microsoft. Because of that, “the security problems should be addressed and we’re just not seeing that,” Mr. Shechter said.
Write to Jack Marshall at Jack.Marshall@wsj.com