Mobile Ad Fraud: Guide to Identifying the types of Mobile Ad Fraud

To solve mobile ad fraud challenge, advertisers need to understand the many forms of mobile ad fraud, the detection techniques to identify when it’s happening, and — most importantly — how to stop it.

Mobile Ad Fraud.png

Mobile Ad Fraud is a type of ad fraud plaguing mobile based performance campaigns. It is an attempt to exploit mobile advertising technology by defrauding advertisers, publishers or supply partners. The objective of the fraudsters is to burn marketing and advertising budgets.

Being able to fight mobile ad fraud demands an understanding of the types of techniques fraudsters use day in and day out. Find below some of the most common types of mobile ad fraud techniques, how they work, what threats they pose, and tips on how to keep them from endangering your business.

Mobile Ad Fraud.png

Mobile Ad Fraud Techniques and how to prevent them

Not only is the occurrence of mobile ad fraud on the rise, but so are the ways it’s carried out. Below, we go through how some of the most prevalent mobile ad fraud techniques, the risks they pose to your enterprise, and how to prevent them from damaging your digital ad campaigns.

Mobile Ad Fraud Technique

Index

Bad Bots

 

Bad Bots are basically the non-human traffic coming your way and imitating the real traffic. It can be defined as the artificial inflation of clicks and impressions on any website which may affect the revenue of the publisher. It may include unintended clicks or non-human traffic. 

Bad bots consists of:

  • Using automated tools for creating engagement with ads and ad impressions. 

  • Clicks and impressions on the ads placed on their websites by the publisher itself. 

  • Spamming websites using bots for the theft of information or any malicious activities. 

Com Olho's Risk Model:

A risk model maps and assess the advertiser’s vulnerability to identify mobile ad fraud scenarios, with a scale defined as below:

Com Olho's Risk Model

Table 1: Com Olho's Risk Model

Risk Levels

Table 2: Risk Levels

 

Device Farms

Device farms as the name suggest are farms full of devices where mobile ad fraud mimic behaviour of clicks, installs and engagement to deliver desired needs of digital campaigns. Device farms or cheap inventory are still prevalent and can drive unimaginable volumes of clicks, installs and engagement.

How does Device Farm works?

  1. A device farm is a physical location loaded with devices (mainly old mobile phones) where a large group of workers is paid to commit mobile ad fraud.

  2. These are low-paid workers who are hired to click on sponsored advertising links on behalf of the farm master. 

  3. The farm master establishes connections with publishers and thus looks for opportunities that require paid traffic sources and target them for fraud.

  4. The scammer simply instructs their "farmers" to continuously click on the display ads or install mobile applications until the entire advertising budget has been consumed.

  5. The device farm operator instructs the farmers on how to download the desired apps and what post-install actions should be taken for each app. The farmers will then execute the same operations simultaneously across a number of devices.

Device Farms _ Mobile Ad Fraud.png
 

Click Injection

Click Injection is a commonly used mobile ad fraud method that steals organic and good traffic from other sources. Click Injection will use an app located on the user's device which informs the fraudsters when new app are installed on the device, triggering a click before installation is completed, enabling fraudsters to take credit for the install.

Click Injection exploits the existing drawbacks of last click attribution model, and injects click before the lead is submitted or an install is completed.

How does Click Injection works?

  1. User clicks on the ad to download an app.

  2. The malicious app on user's device features code that allows it to monitor user’s device for all new installs.

  3. Malicious publisher’s app detects that user is downloading an app.

  4. Malicious publisher injects fake click event.

  5. User opens the app for the first time.

  6. Advertiser attributes credit to malicious publisher, even though they provided no value in driving the install, and pays them a percentage of revenue.

Click Injection | Mobile Ad Fraud
 

Click Spamming

Click spamming, also known as click flooding, is a type of mobile ad fraud in which fraudsters sends fake clicks through infected mobile apps or websites. Here, the mobile user, or the owner is unaware that a malicious app has been installed on their device. The app would then spam clicks on advertisements on the smartphone, giving the impression that the ad has had a lot of traffic. 

How does Click Spamming works?

  1. User downloads malicious publisher’s app.

  2. The malicious app contains a code that generates a large number of clicks (spam clicking) on adverts.

  3. The malicious app hijacks user's device, loading hundreds of ads in the phone’s background and triggering automated click events for each ad.

  4. User may be redirected to the app store by a click event.

  5. Advertiser attributes credit to malicious publisher, even though they provided no value in driving the install, and pays them a percentage of revenue.

Click Spamming | Mobile Ad Fraud
 

Click Hijacking

Click hijacking is a very common mobile ad fraud of mobile clicks and installs that sends deceptive click reports a few moments after the actual click pops up. Generally, it is activated by malware that is easily hidden in apps that are completely legalised apps or those that are downloaded via third-party app stores.

How does Click Hijacking works?

  1. User clicks on the ad to download an app.

  2. The malware embedded in app on user's device monitor user’s device for all new installs.

  3. Malicious publisher’s app detects that user is downloading an app.

  4. Malicious publisher hijacks the organic install.

  5. User opens the app for the first time.

  6. Advertiser attributes credit to malicious publisher, even though they provided no value in driving the install, and pays them a percentage of revenue.

Click Hijacking | Mobile Ad Fraud
 

Ad Stacking

In digital advertising, each time an ad is shown to the user, it counts for an impression. These impressions are generated by both organic and paid marketing. As the ad slots are limited on a webpage or a mobile application, fraudsters often stack ads one on top of another. Sometimes, they even stack multiple ads together. The user only sees the top ad, and generally all the ads below the top ad counts for impressions but are not seen by user in reality.

How does Ad Stacking works?

Ad Stacking happens exactly how it sounds, multiple ads are layered one on top of the other in ad stacking. The fraudsters literally layer ads on top of each other in the same ad placement, yet only the ad on top is visible to the user. 

Despite the fact that the user only sees the ad on top, marketers and advertisers are charged for all of the misleading and false ad impressions and clicks obtained from the advertisements underneath. Advertisers are still charged for the unseen or un-clicked ads since they still load correctly, and meet the requirement of having one pixel shown for at least half a second (a common metric in the digital advertising industry). 

The goal of this activity is to charge publishers and advertisers for the all the stacked ad's impressions and clicks.​

Ad Stacking | Mobile Ad Fraud
 

SDK Spoofing

SDK spoofing is a relatively new, advanced, and sophisticated kind of mobile ad fraud by which a fraudster fakes a real install or engagement. This is done by running dummy data scripts mimicking real users. The data in hand of the advertiser often looks real, but sometimes is laced with sophisticated SDK spoofed traffic. 

How does SDK Spoofing works?

  1. Fraudsters bypass the SSL encryption between the communication of a tracking SDK and its backed servers by performing a man-in-the-middle attack (MITM attack).

  2. The fraudsters create a series of 'test downloads' for the app they want to hijack or infiltrate.

  3. They then figure out which URL calls correspond to which app operations.

  4. Cybercriminals investigate which sections of URLs are static and which are dynamic.

  5. They then put their setup through its paces and experiment with the dynamic elements.

  6. Finally, once a single install has been successfully tracked, fraudsters know they've found out how to produce installs using a URL setup.

  7. They then go through the process again and again, forever.

SDK Spoofing | Mobile Ad Fraud.png
 

IVT - Invalid Traffic

Also referred to as Nonhuman Traffic (NHT) or Suspicious Activity Detection (SAD), IVT is online traffic generated from machines or other bot activity that interacts with digital ads. This traffic does not fulfil any ad serving quality in terms of ad clicks and impressions. In most cases, clicks and impressions not made with genuine interest are considered invalid traffic. In the world of mobile advertising, IVT disguised as human behaviour is a huge issue.

IVT, generally, comprises of the following: 

  • Using automated tools for creating engagement with ads and ad impressions. 

  • Clicks and impressions on the ads placed on their websites by the publisher itself. 

  • Spamming websites using bots for the theft of information or any malicious activities. 

How to find and eliminate Invalid Traffic (IVT)?

  1. Examine all the reports of where the traffic is coming from and then act accordingly. Using a third party tool, you can also know the IP address and domains of bots/IVT. 

  2. If you are using paid traffic for your website, then you may get more IVT. So, compare your traffic with different paid media and track what comes with least IVT. 

  3. Traffic coming from the data centre is often confused with the authentic audience, but it is not always true. For instance, a new pilot blacklist is made by Trustworthy Accountability Group (TAG) which displays all the data centre IP addresses. You can use this blacklist to segregate the non-human attacks. 

  4. Your demand partner can help you solve this issue. So, as soon as you detect bot/IVT, talk to them. ​

Mobile Ad Fraud - Invalid Traffic.gif

You can't know how to best protect your business against mobile ad fraud if you don't know which type of mobile ad fraud is affecting your business. Some enterprises use manual filter-based approach to protect against the effects of several mobile ad fraud techniques. However, manual filter-based approaches are inadequate when it comes to safeguarding your business. Using an anti-fraud solution is the only reliable and secure option to identify and reduce mobile ad fraud.

Com Olho's Ad Fraud Detection Technology

Experience Com Olho's patented digital ad fraud detection technology to detect and reduce the types of mobile ad fraud that are impacting your businesses. We have built an indigenous, revolutionary and disruptive technology, through which we have helped our clients deterministically save minimum 25% of their ad spendings.

To find out more about how we can work together to prevent mobile ad fraud from destroying your ad campaigns, click here to 
request a free demo.