In the last blog post, we saw how financial fraudsters work in a dynamic environment and steal data. They improved their hacking and sabotage skills and mastered these skills as professionals. As we already know about phishing links, scams using online sales platforms, phishing calls, ATM card theft, and scams due to unknown/unverified mobile application downloads, SIM Cloning/ SIM Swap, frauds using Remote Access/ Screen Sharing App, scam through QR scan, frauds by compromising credentials on results through search engines, juice jacking, impersonating through social media, online job fraud, and lottery fraud among others. It must however be noted that fraudsters are now also affecting the Non-Banking Financial Companies (NBFCs). Let us first understand what a Non-Banking Financial Company or an NBFC is. The Reserve Bank of India (RBI) defines an NBFC as, a non-bank financial company (NBFC) is a company registered under the Companies Act of 1956, which engages in loan and advance business, and purchases stocks/stocks/bonds/bonds/securities or other securities similar to transferable securities issued by the government or local authorities. Nature, lease, lease purchase, insurance business, cheque business, but does not include any main business for agricultural activities, industrial activities, purchase or sale of any property (except securities), or provision of services and sales/purchase/construction. Real estate. As a non-banking institution of the company, its main business is to receive deposits under any plan or arrangement at one time or in instalments through capital contribution or any other means. It is also a non-bank financial company (Residual nonbank company). The layman must question and understand the difference between a bank and an NBFC. Among many some of the key differences can be summarised as follows: NBFC is not part of the payment and settlement system and cannot write checks on its own; Unlike banks, the deposit insurance facilities of deposit insurance and credit guarantee companies do not apply to NBFC depositors; NBFC cannot accept demand deposits. Financial fraud can thus be concluded in NBFCs too. Let us understand some of the ways pursued by scammers and how we can protect ourselves: 1. Fake Advertisements for Extending Loan by Fraudsters Modus Operandi Scammers publish false personal loan discount advertisements with attractively low-interest rates or simple payment methods or without any security requirements and require customers to contact them. To gain credibility and trust from easily fooled customers, these email IDs will be similar email IDs of well-known/real NBFC senior officials. When a customer makes a loan to a scammer, the scammer first collects various early fees, such as handling fee, GST, toll, advance EMI, unreserved expenses, etc., and ran away without issuing a loan. The scammers also created fake website links, which appeared in search engines, allowing people to search for information about loans. Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that a user should be aware that an NBFC / Banker will never ask for prepayment before processing the loan application. Banks / NBFC charges a handling fee, which is deducted from the loan amount. No payment or security voucher is allowed for online quotations such as low-interest loans without verification of data from the true source. 2. SMS / Email / Instant Messaging / Call Scam Modus Operandi Scammers spread fake news about the availability of attractive loans on IM / SMS / Social Media and use any NBFC logo known as a profile picture on your shared mobile phone number to increase credibility. The scammers even shared their fake Aadhaar / Pan cards and NBFC ID cards. After the scammer sends said group SMS / SMS / email to the loan applicant, randomly dials the phone, shares a false sanction letter, copy of the fake check, etc., and requests several rates. Once the victim has paid these fees, the scammer will run away with the money, leaving the victim with a slim chance of being recovered for Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that a conscious user must never click on links sent via SMS/email or reply to promotional SMS/email. A user is advised not to open emails or reply to any emails from unknown sources that contain suspicious attachments or phishing links. Never create a loan offer that people offer yourself over the phone/email. Do not make any payments for such offers or share any personal/financial vouchers for such offers without verify their authenticity through other sources. 3. OTP based Fraud Modus Operandi The victim received a text/instant message from the scammer posing as NBFC, offering loans, or increasing the credit limit, and was asked to contact the scammer's mobile phone number. When victims make a call, the scammer asks them to fill out some forms containing financial details (even when online), and prompts / persuades them to share the OTP or PIN details, resulting in a waste of money. Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that aware users must never share OTP numbers / PINs / personal data, etc. with anybody in any way and always check SMS / Email regularly to make sure that is not generating OTP without user’s knowledge. 4. Fake Loan websites / App Frauds Modus Operandi Many unscrupulous loan applications that provide instant loans and short-term loans. These applications will mislead borrowers and may also charge much higher interest rates. To attract customers who are easily deceived, scammers promoted "limited time offers". This requires applicants to make an urgent decision and it also uses threat software strategies. Precaution: To keep the customers safe and their assets also safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that the following things should always be kept in mind: A real loan provider will never provide funds without document verification. Is the lender registered with the government / authorised agency? Verify that the loan applications supported by these NBFCs are authentic. Check if the lender provides the actual address or contact information for; otherwise, it may be difficult to communicate with them in the future. Is the lender more interested in knowing the personal information than in checking the credit score? Remember that no known bank / NBFC will request payment until processes the loan application. 5. Money Circulation/Ponzi/Multi-Level Marketing (MLM) Schemes Fraud Modus Operandi The MLM/Chain Marketing/Pyramid Plan promises to easily or quickly get US when registering/adding members. The plan not only guarantees high returns, but also promises to pay the first instalment of to win the trust of credulous people and attract more investors through word-of-mouth advertising. The plan encourages more and more people to join the chain/group, for which commissions are paid to subscribers instead of product sales commissions. Due to this model, the plan became unsustainable after the number of people joining the plan began to decrease for a period of time. After, the scammer closed the case, and disappeared with the money invested by the people. Precaution: To keep the customers safe and their assets also safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests these things should be checked out of the list before investing in a MLM/ Ponzi scheme: Always keep in mind that any payment / commission / bonus / percentage of profit for goods / services actually sold without is suspicious and may lead to fraud. Profitability is directly proportional to risk. As the common saying goes, the higher the risk, the higher the return. So if any plan continues to provide unusually high returns (such as 4050% per year), this is the first sign of potential fraud, proceed with caution. Accepting money under the coin circulation / multilevel marketing / pyramid structure is an identifiable crime under the Prize and Coin Circulation Prohibition Act of 1978. The public who comes across such an offer must present immediately a complaint to the state police. The public should not be seduced by the promise of high returns offered by entities that execute a pyramid-shaped marketing / chain marketing / multilevel program. 6. Fraudulent Loans with Forged Documents Modus Operandi Counterfeit document fraud refers to a fraud in which forged documents and any form of service provided by financial institutions are used by individuals or units. This type of fraud occurred when KYC related documents were shared with the entity without verifying the authenticity of the NBFC employees / NBFC email ID. By stealing personal information from the victim (such as identity card, bank account data, etc.), and using this information or credentials to obtain benefits from financial institutions, fraudulent loans are also sanctioned for identity theft. Precaution: As precautionary measures to be observed by the Reserve Bank of India (RBI) Ombudsman, Mumbai as given in a booklet on modus operandi of financial fraudsters. These things should be checked out of the list: Said files should only be shared with the authorised person of the entity or the authorised email ID of the entity. Clients should be vigilant when borrowing from any entity, and provides KYC and other personal documents including NACH form after loan payment. In addition, after the loan is not approved and the loan is closed, the client should always ask an entity to withdraw the documents provided by the client to an entity In the next blog post, we will learn about the general precautions that can be taken for financial transactions.

The population is on the rise and so is the demand for convenience. For as long as humans have existed, there have been transactions for any good or service provided by another human. To think of transactions, we have come a long way from the barter system to transacting using gold and other precious metals and finally paper currency which has further evolved and is now basically e-money or plastic money. But we do not need to dive so deep into the history of money, which would deviate us from the topic at hand. In today’s world, most transactions happen via digital mode. Online transactions or digital modes of payment are now being preferred over conventional cash transactions due to convenience and this is not the only reason they are being promoted, they also help in achieving the national goal of financial inclusion substantially. Like every coin has two sides, it should be understood that online/ digital transactions have their share of problems too like a fraud. Fraudsters are getting smarter and using innovative techniques to steal from the masses. People who are new to this technology or who are not so tech-savvy are often at the risk of facing such problems. These people might be new to the entire online transaction ecosystem and could endanger their entire life earnings. This piece will try to cover the most common financial frauds committed by fraudsters, their modus operandi, and suggest preventive measures too. 1. Phishing Links Modus Operandi Third-party websites are created by the fraudster which is very similar to the existing genuine websites, these could be a search engine or an e-commerce website. They are designed so well that it is very difficult for a targeted user to distinguish them from the original website. The next step involves luring the targets into using visiting the fake platform. This is done by circulating the links through emails/ text messages and even social media. Gullible consumers might not check the entire URL in detail and just open the link sent across by glancing at it. These links are deceptive and look very similar to the original link but then the targets are redirected to the phishing website. To make it look more authentic the fake website might even use the real name and logos with minor tweaks. The targets end up entering sensitive information and credentials on the website and they are then copied/ sent to the fraudster who uses this data later. Precaution: The user must be very careful while entering credentials especially of financial nature into any website. The URL must be thoroughly seen and verified to avoid entering sensitive information in the wrong places. Another great tip is to delete any unknown or suspicious links that are received via e-mails/ text messages so they are not accessed later on. 2. Vishing Calls Modus Operandi Calls are made by fraudsters who pose as company executives/ government officials/ insurance agents or even bankers. The imposter tries to collect as much information as he/ she can regarding the financial credentials of the targets. They even try to make the call sound authentic by confirming the name of the person or date of birth or any other credential, this helps in gaining the confidence of the targeted user. Sometimes, it may so occur that the user is tricked or even pressurised into sharing the required credentials by faking an emergency like stopping or block a suspicious transaction or urgent transfer required to stop the penalty or lure them by citing discounts or fancy services. Once the credentials are received, they are then misused. Precaution: As per the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, and genuine entities including financial intuitions and bank officials never ask to share any sensitive financial information like the Card details/ Card Verification Value (CVV)/ One Time Password (OTP)/ Username/ Password. 3. Frauds/ Scams using Online Selling platforms Modus Operandi This is a very sneaky method of stealing money from a seller. The imposter or the fraudster in this type of attack might pose to be an online buyer on the online selling platform who is interested in your product. This type of fraud may use the new and popular Unified Payments Interface (UPI) platform. The buyer will “request money” instead of sending it to the seller and insist on approving that request, which will eventually pull money from the target’s bank account. Precaution: As per the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, it warns the users to always remember that there is no need to enter your password/ Personal Identification Number (PIN) anywhere when the user has to receive money. And UPI or any applications for that matter ask the user to enter the PIN to complete transactions which means that the user will spend money and not receive it. Hence, one should be very careful while purchasing/ selling online. 4. Fraud using Unverified/ Unknown Mobile Applications Modus Operandi Fake and malicious Applications can gain access to the information stored on the mobile phone device. This method is similar to phishing where application links are widely circulated through Instant Messaging/ social media/ text messages, etc. The names used to lure customers look very authentic and similar to popular existing services but in reality, the targets are just redirected into downloading a fake application. After the mobile phone device is infected with the fake application, the fraudster gains access to data on the device and exploits it. Precaution: The booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that applications from unknown/ unverified sources should never be downloaded. 5. ATM card skimming Modus Operandi This type of fraud involves the fraudster installing skimming devices in Automated Teller Machines (ATM) which end up stealing data from the user’s card. Pinhole cameras and dummy keypads may be installed at the ATM which capture the Personal Identification Number (PIN) without the knowledge of the user. In some cases, it might also happen that the fraudsters are pretending to be customers and stand real close to the target and have their eyes buried at the keypad to know the PIN. After the required information is collected, the fraudsters might create fake cards or duplicate cards and use them to withdraw money from the targeted customer’s bank account. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that while visiting an ATM, always cover the keypad with your hand while entering the PIN. Other suggestions include, never sharing your PIN with anybody or entering it in the presence of other people. And, lastly, whenever visiting an ATM, check the machine properly for any external devices attached near the keypad or card insertion slot. In this piece, we tried to cover five out of the many fraud techniques deployed by fraudsters to steal financial credentials using fraudulent transactions in Banks. Other tricks might include Online Job Fraud, Impersonation through Social Media, and frauds by compromising credentials on results through search engines among others. However, there are also fraudulent transactions that happen in the Non-Banking Financial Companies (NBFCs) which include, Money circulation/ Ponzi/ Multi-Level Marketing (MLM) Schemes fraud/ fake advertisements for extending loan by Fraudster Company or even an OTP based fraud among others. In the subsequent articles more can be learned about the above-mentioned frauds in detail along with general precautions that can be taken for financial transactions.

In the last blog post, we saw how financial fraudsters can work in a dynamic environment and steal data. They have improved their hacking and sabotaging skills and are mastering them like professionals. As we have already learned about phishing links, frauds using online selling platforms, vishing calls, ATM card skimming, and frauds due to download of unknown/ unverified mobile apps, we will now discover other ways financial fraud can be committed using fraudulent transactions in a bank environment. To understand how they work and how we can prevent ourselves from these let’s look at the following: 1. Frauds using Remote Access/ Screen Sharing App Modus Operandi This type of attack is somewhat similar to an embedded download attack or the infamous spyware in the news, Pegasus. The scammer tricks the targeted consumer/ user to download screen sharing applications, which can later be accessed and controlled to use and watch the activities on the targeted device (laptop and/or phone), this helps in gaining access to the financial credentials of the prey. Once these financial credentials have been obtained, they can be used for making online payments or accessing internet banking. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that users of digital banking should not download and activate/use any unknown apps or share screens with unknown people. 2. SIM Cloning/ SIM Swap Modus Operandi Subscriber Identity Module or Subscriber Identification Module is commonly known as SIM is used in account details and authentication is connected to the SIM or the registered mobile number. The scammer in this case obtains access to the SIM card or creates a duplicate SIM card for carrying out fraudulent activities by using the OTP received on such fake SIM cards. Scammers usually pretend to be mobile network/personal phone to call customers and ask for details to provide a free SIM card upgrade from 3G to 4G or to provide additional discounts on SIM cards. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must never share his/her credentials about the SIM card. Also, any suspicious activity must be looked out for, there is no service or network on the phone for a long time even in regular circumstances, and the operator must be contacted and made sure that another SIM is not being used or issued. 3. Frauds by compromising credentials on results through Search Engines Modus Operandi It has been observed that customers use search engines to obtain the detailed contact information of their banks, insurance companies, Aadhar Update Center, etc., and may eventually contact unknown/unverified contact numbers that appear in the engine search. These contact numbers might look authentic but are just scammers waiting to loot data. These search engine contact details are often disguised by scammers to attract victims and lure them into using the said numbers. Once the customer calls them, the imposter will ask the customer to provide their card details/ credentials for verification to make the call seem authentic but they are just scamming. Assuming this contact is real, people will destroy your security data and will fall victim to fraud. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must refrain and avoid looking for customer service contact information in search engines. They are usually disguised as scammers. Individuals should always search the official website of the bank/ company for contact information. 4. Scam through QR scan Modus Operandi A scam done under the pretext of a sake QR code. Scammers often use various excuses to contact customers/ targeted users to persuade them to scan the QR code using a payment application. This allows scammers to withdraw funds from the accounts of customers. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must be careful when using paid apps to scan any QR code. Account details are embedded in the QR code, which is used to transfer the amount to a specific account. 5. Impersonating through Social Media Modus Operandi Scammers created fake accounts on popular social media platforms such as Facebook, Snapchat, Twitter, and Instagram among others. They send a request to your friend asking for emergency medical purposes, payment, etc. Scammers will also gain trust for some time and use private information for extortion in the future Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must not make unknown online payments or transact with people whose identity seems suspicious. The best way can be by not sharing confidential and personal information online via Social Media Applications/ platforms. Another thing to keep in mind is that one must always verify the genuineness of the fund request with the friend/ relative or confirm by a phone call / physical meeting to be sure that the profile is not fake or impersonated. 6. Juice Jacking Modus Operandi It is known that the charging port of a mobile phone can be used for more than just changing one’s device, it can also be used for the transfer of data/ files. Juice jacking is a type of network theft where once a targeted user’s phone is connected to unknown/ unverified charging ports, unknown applications/ malware will be installed. Scammers can control/ steal confidential data/ access, emails, SMS, and save passwords and other important data. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must at all costs avoid using public charging stations/ cables and ports. They are a breeding hazard to data on one’s phone. 7. Lottery Fraud Modus Operandi The scammer sends an email or phone to say that the targeted user/ prey just won a huge lottery ticket. However, to receive the money, the target needs to verify the identity via the bank account/ credit card verification on their fake website, and then eventually get the details from the target. It is a very common method of scamming people. In some cases, scammers require advance payment of taxes or payment of fees, such as shipping and handling fees, to receive lottery tickets/ products. This might make the target believe that the scammer is not a fake scheme maker but this can also act as a warning signal for the users/ targets. Since the requested money is only a small part of the lottery/ bonus, victims can fall for the scammers' trap and pay. And then the scammer is nowhere in sight. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must not pay for lottery calls/emails or share security credentials. When one encounters such an amazing lottery or discount, always hesitate and decline because chances are, the target is going to be looted. 8. Online Job Fraud Modus Operandi Fake job search portals have been created by fraudsters. When victims share bank account/ credit/ debit card security credentials to register on these sites, account information will be stolen and used for notorious purposes. In some cases, the scammers disguised themselves as officials from well-known companies and confirmed their choices after conducting fake interviews. The victim was induced to pay the mandatory training program and other expenses. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must always keep in mind that an authentic company will never ask for any money during the recruitment process. A user must also refrain from making any online transactions to any unknown/ unverified job portals or agencies. With having discussed so many more forms of financial frauds committed by fraudsters in the bank environment, and how to protect ourselves, we shall now be better prepared against them. In the next part which will be a continuation of this piece, we shall look and delve deeper into financial fraudsters committing fraud in the Non- Banking Financial Company environment.

If you manage an enterprise online, you have an accountability to make sure that your certain records and applications in the cloud are protected all the time. With the continuously evolving risk landscape, this can be a complicated task. However, there are compliance frameworks precise to distinctive industries that can furnish the methodology for enterprises to discover workable incidents and outline methods to forestall such incidents. Top 10 Cloud Security Standards & Control Framework: 1. CIS AWS Foundations v1.2 By following the CIS AWS Foundations Benchmark, any employers that make use of Amazon Web Service cloud sources can assist to defend IT structures and data. The CIS (Center for Internet Security) Benchmarks are a set of objective, consensus-driven configuration requirements which are produced to assist companies in optimising their data security. In addition, CIS protocols are for strengthening AWS accounts to create a strong base for executing jobs on AWS. 2. Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) is the United States charter that helps safety choices to defend scientific data and keep files privacy. This regulation obtained into the frame when many health-associated documents have been hacked and ransomware assaults have been viewed by means of providers. 3. General Data Protection Regulation (GDPR) The GDPR situation is enforced on each member of the European Union(EU). Its goal is to construct undeviating safety of client records all throughout European union members. Conditions of GDPR in data safety are: Whenever a statistics breach takes place in the system, it needs to be notified in a particular period. Cautiously coping with facts on every occasion there is an alternate via borders. It is vital to think that any market or organisation taking part with the EU is concerned with its rule. This cause makes the EU to have an effect all over the world in phrases of statistics protection. 4. ISO-27018 ISO-27018 is used to guard personally identifiable information (PII) in the communal cloud as PII processors. ISO-27018 additionally can be carried out to any form and dimension of organisation: public or private, government organisation, or not-for-profit organisations. 5. ISO-27017 ISO/IEC-27017 provides pointers for Cloud Security that may want to help organisations approach Cloud Security more systematically and dependably. Further, ISO-27017 is a safety fashionable set up for cloud providers and customers with the reason of reducing the risk of a protection incident in the cloud. In addition, it is additionally prevalent for cloud-based businesses that assist with control recommendations and implementation. This is true for corporations that keep facts in the cloud and corporations that provide cloud-based choices to exceptional businesses which could have confidential data. 6. ISO-27001 / ISO-27002 Someone ought to have encountered ISO-27001 in phrases of information safety needs. ISO-27001 holds the identification for Information Security Management System (ISMS). This is really helpful whilst the challenge is in its commencing phase or if you can’t commit to full implementation of the project. Furthermore, ISO-27002 defines the managed assertion with IS0-27001. By adhering to the ISO-27002, it reveals that the commercial enterprise organisation follows records safety extensively and is eligible to do high-quality practices to invulnerable data. 7. Payment Card Industry Data Security Standard (PCI DSS) Payment Card Industry Data Security Standard is a security of records that fine applies to the corporations that cope with sizeable card schemes. It is a set of requirements to certify that all groups with access to an approach that acquires and transmit savings card records ought to preserve an impervious and regular environment. 8. ACSC Essential Eight A foundation of eight key strategies for preventing and minimising the scope of cyber security problems. 9. CIS Controls Top 20 The Top 20 Controls (previously referred to as the SANS Top 20 Critical Security Controls) is a prioritised checklist of the organised sketch through the Center for Internet Security (CIS) to combat today’s most ubiquitous and severe threats. It was once created by pinnacle safety specialists from all round the world and is up to date and established annually. Using the CIS pinnacle 20 key safety protocols is a notable approach to defend your enterprise corporation in opposition to the most frequent threats. 10. System and Organisation Controls (SOC) Reporting SOC (System and Organisation Controls) reporting gives inclusive assurance (SOC 1, SOC 2, SOC 2+ and SOC 3) to customers about transparency issues in risk management. Developing SOC ensures that they exercise the proper insurance policies and controls and solely share vital facts with stakeholders. Furthermore, SOC reviews provide tips to improvise on a few precise areas and turn out to be conscious of gaps that can be lagging with potential.

Advertising industry is totally plagued with cyber criminals today, the bot traffic endorsers have not just gone create millions in the past decade but have been constantly in search to game the system now and then to keep the revenues up to the mark. While the marketers have been keeping up with their acquisitions numbers in business presentations, the engagement from these numbers have been significantly low majorly in form of purchases or exit events. We would definitely recommend investors to go back to basics and look into the end revenue sheet rather than relying on Acquisition's/MAU's/DAU's numbers as it has become a trend among app based businesses to fake them while collaborating with 3rd party marketing agencies in India and Aboard for keeping the investment rolling. Today we are highlighting two of such bots locations, going quite hot right now. Look into your attribution data, if you are getting odd number of installs/events from Ghansoli or Paltan Bazaar, you campaign is likely being run by the bot. These bots tend to be very intelligent, they give you a non suspectable TTI (Time to Install), and following up, will give you vast types of events following in the right event order, which makes them out of detection zone of major ad fraud detection players today. We have been able to dimensionally reduce the attribution data ( I guess we are the first one to do it) and have been seeing astonishing results for some time. Though we know we would have to still keep on making more algorithms to make our system is robust and non-mimic-able for cyber criminals out there. Look below the amazing piece of work we have done to dimensionally reduce to see how bot traffic significantly looks different to healthy vectors placed next to them, the best part of this detection is, there ain't any attributes anomaly which fraudsters can understand and reverse engineer it. Also, say hello to our fraud coefficients : Alpha & Beta. Understanding the Ghansoli, Mumbai based Bot Infrastructure This type of bots are dummy application based traffic that drop APK packets onto mobile devices and open and close it immediately and then do an aggressive click spam to take the attribution price of last click model. These devices can be either be real or can be part of a device farm. The right question to ask is? How do this dummy mobile apps gain this inventory of users? Do they also leverage the same ad network to do app based acquisitions? Understanding the Paltan Bazaar, Assam based Bot Infrastructure This type of bots are different, they don't drop APK packets on the mobile devices but they constantly monitor a device for any new installs, generally organic hijack or real publisher inventory hijack. Once the install happens and just before it is opened, it aggressively does a click injection to claim the price of last click model. Again these devices are a mix of real or can be part of device farm. The right question to ask is? Who developed such trackers within application SDK that tracks your device for any app install? We are committed to make use of our technology to uncover more such unethical practices in Ad-Tech and help our community of marketers. Make sure you go back and run your attribution for search of Ghansoli and Paltan Bazaar bots for last 90 days and give us an heads up if you find them too. For learning about our technology, read here : https://www.comolho.com/adfraudreport Perhaps that suspicion of fraud enhances the flavour.

With the growing cyberspace, the abundance of internal and external threats can make it difficult to stay ahead of fraudsters. The risk involved with advertising fraud continues to grow in both size and complexity as the ability through cloud to move, share and expose corporate assets becomes easier. If the organization is not keeping up with the evolving threats in digital advertising industry, they would be vulnerable to loses both in terms of reputation and revenue. 1. Investing in a Fraud Detection Vendor : It should be priority to invest into a vendor that can help you analyze your large amount attribution data for fraud. Today, ad fraud has become a complex problem. Traffic providers themselves house an ad fraud detection team which provides them with the feedback loop for optimizing fraud attributes into non fraud types. In this difficult scenario, it becomes difficult for advertisers to weed out fraud in their campaigns. Advertisers should look for vendors that leverage machine learning and advance statistical technologies to detect ad fraud. 2. Communicating with Employees around Fraud : Educating your marketing & advertising employees on what is and is not appropriate regarding the rising ad fraud. Establish policies that define the expectation of privacy and your company's right to monitor network activity. Hold internal and external workshops on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity. 3. Updating definition of Ad Fraud : The only constant about ad fraud is change. Processes, Procedures and Practices, which are based on static definition of fraud are largely ineffective in fraud risk assessment and contribute to increasing losses and decreasing your ROI. 4. Cumulatively understand Transactions across Media Channels : While digital marketing campaigns today have an estimated fraud of 40% in them, depending on how hard are your KPI's are and what quality of fraud detection do you use at the back end. In order to show potential ROI driven marketing or CPCU performance index, fraudsters often do a mix of things as below A. Supply huge amount of Bot traffic : This is just to meet the high scale key matrices and mix the traffic with bots so as to make sure any form of fraud detection can be evaded. B. Organic Hijacking using Cookies, Coupons, Geo-Targeted Bidding : While your team has been extensively running walled garden ad's, a separate agency is doing that too, but making it re-attribute as non-organic traffic. This not only impact's your keyword bid but effectively also decreases your organic conversions as they are being attributed as non-organic. C. Buying out Highly Discounted Products : In order to keep the high value purchase order rolling every month, an exact equal amount of your advertising purchase order is being used to buy products and resell them in the black market. This keeps marketers think, that ROI is being driven at least equivalent to an amount they have invested, keeping their interest going on. It becomes very important to study the product's being bought on CPCU channels as a whole, study for % of discounted products sold, variability and diverseness of the products sold, entropy of payment types and as well of entropy of longitude and latitude of addresses where products are being delivered and study these matrices over your organic spends. If you find major differences, you are being duped. 5. Over the Top Fine for each percentage of Fraud Detection : In order to deincentivize fraud play in your traffic supply chain, deduction shouldn't be equivalent to the the fraud percentage detected in the campaign, but almost about 150-200% of the fraud percentage detected. This would deincentivize the entire supply chain. With a sub-publisher giving 50% of fraud conversions/organic theft/back shop marketing, a deduction of 75-100% would actually derail any such plans for further growth of such malicious players in the market.

A majority of internet traffic comes from mobile devices. In fact, with 6.4 billion smartphone users worldwide, internet-based media is consumed by more people than television. As a result, internet advertising on mobile devices is becoming increasingly important to digital marketers. However, at the same time, Mobile ad fraud is on the rise and this threat hangs over advertisers and enterprises. Cybercriminals are focused on devising new ways to defraud and profit from mobile users. And recently, they have ramped up their illegal activities with SDK Spoofing, a new but incredibly dangerous form of mobile ad fraud. Let's take a look at what it is and how to combat it. What is SDK Spoofing? Software Development Kit (SDK) spoofing is a relatively new, advanced, and sophisticated kind of mobile ad fraud. It employs a legitimate device ID that figures out how different app SDKs convey install and attribution data. It then uses that information to indicate that an app has been successfully installed on a device when it has not. This resultantly costs advertisers by generating valid-looking installs that are extremely difficult to detect. SDK is often used to develop an app, a desktop program, or a plug-in. However, because certain SDKs are open source, they can be injected with malicious code to infiltrate a user’s device. Because SDKs are the most common means to create apps, most developers are ignorant of any malware. SDK spoofing is frequently done without the knowledge of the app developers or owner. Mobile devices are used by fraudsters to install a fake app or infiltrate an existing app without the user's knowledge. Then, they collect data in apps with malicious intent. It is very difficult to tell if an installation is genuine or not, and fraudsters take advantage of this fact. The source is authentic, and the device data generated is authentic, but the installation never took place. Unfortunately, advertisers are wasting money on fake engagements. Even consumers are unaware that their phone has been enslaved and has become an unsuspecting accomplice in fraud. Identifying SDK spoofing Let's take a step-by-step look at how SDK spoofing works. Fraudsters bypass the secure sockets layer (SSL) encryption between the communication of a tracking SDK and its backed servers by performing a man-in-the-middle attack (MITM attack). The fraudsters create a series of 'test downloads' for the app they want to hijack or infiltrate. They then figure out which URL calls correspond to which app operations. Cybercriminals investigate which sections of URLs are static and which are dynamic. They then put their setup through its paces and experiment with the dynamic elements. Finally, once a single install has been successfully tracked, fraudsters know they've found out how to produce installs using a URL setup. They then go through the process again and again, forever. SDK Spoofing's Impact Mobile advertising accounts for more than 70% of all internet marketing and fraudsters have plenty of room to be inventive. The malware elements on some apps can simply see adverts on a hidden web page or within the app thanks to SDK spoofing. Resultantly, these type of mobile ad frauds has a clear financial impact. For Advertisers and Marketers Under this mobile ad fraud, marketers are simply paying for fake clicks or installs. It appears that an installation occurred as a result of their marketing campaigns, but in reality, that isn't the case. Moreover, SDK spoofing also affects analytics and ad performance. Marketers believe that their ad budget is well spent, paying to advertise on a mobile app ecosystem and seeing a lot of clicks and conversions. Resultantly, they make poor decisions because of inaccurate results. Advertisers who use retargeting tactics worsen the problem of ad fraud. Re-marketing ads are then targeted at these fraudulent click sources, resulting in advertisers paying out many times for bad clicks. Mobile device users The mobile phone user may not suffer monetary losses, but they are affected by this mobile ad fraud. A malicious app is secretly running on their mobile devices, posing a risk to their confidential data. In addition, device users are also at a loss due to data and battery usage. How to detect (and prevent) such mobile ad fraud Marketing leaders must learn to spot ad fraud and reduce its impact on the effectiveness of their ad campaigns. There are signs that could help indicate traffic isn't coming from real people when it comes to click and ad fraud. SDK spoofing frequently amplifies the effects of actual user clicks or creates views without the users' knowledge. One of the most prevalent indicators of fake traffic is a large number of clicks, sometimes known as traffic surges. When this is combined with significant bounce rates, it's likely that bot fraud or fraudulent traffic is taking place. Another telltale sign of mobile ad fraud, particularly fake installs, is the time it takes to install (CTIT). The majority of organic app downloads happen within one hour of the initial click, ideally within ten minutes. In reality, just around a quarter of all installs occur within an hour of the first click. This should be a significant warning signal if your installation time is looking exceptionally long. Detecting IP address duplications or suspicious activity from specific IP addresses is also important for detecting fraudulent traffic. Although manually detecting and blocking traffic is possible, it is inefficient and time-consuming. As a result, for dynamic fraud protection, businesses are increasingly turning to automated software solutions. SDK Spoofing and Mobile Ad Fraud Examples When we say SDK spoofing is a new form of mobile ad fraud, it is because businesses have very lately recognised the existence of such illicit activities. DrainerBot is one of the most well-known examples of SDK spoofing. This malware was embedded in an SDK and was used to generate views on video adverts without the users' knowledge. DrainerBot sucked up a lot of data and power by playing videos in the background, occasionally sucking up 10GB of data in a few weeks. SourMint is another well-known SDK intrusion and mobile ad fraud scenario. SourMint is reported to have been one of the largest SDK spoofing operations on iOS devices, using an SDK dubbed Mintegral. SourMint apps are claimed to have been downloaded billions of times throughout the years, thanks to the three and a half thousand apps produced utilising Mintegral. Final Thoughts There are numerous SDKs accessible, and a developer might produce multiple apps for clients using open source SDKs. This puts the developed app at a higher risk of mobile ad fraud. Using an SDK that has a malware component, might result in the release of thousands of malicious apps on the devices without their knowledge. It's critical to realise that ad fraud affects everyone, whether you're an advertiser, marketer, or publisher. SDK spoofing is difficult to detect, but you can tackle the problem and keep your ad budget safe from scammers through awareness, and prevention. Preventative measures and a strong defence are sometimes enough to deter scammers, who may reroute their search for more vulnerable businesses.

In just 25 years, brand safety has advanced from the pre-digital age to the leading edge of advertising technology. Brand Safety is setting those definitions by advertisers to make sure their ads are not placed next to inappropriate content i.e hate speech, misinformation and plagiarised and pirated content. Investing in Brand Safety not only allows your brand to showcase your ads to humans, but also protects your brand equity. In just 25 years, brand safety has advanced from the pre-digital age to the leading edge of advertising technology. Here's a look back: The Pre-Digital Marketing Era: Brand safety before the rise of the digital age was primarily concerned with issues like poor product placement, trademark infringement and bad press. It was also a lot harder to target, scale and measure campaigns, and a lot of creative energy and effort was wasted on activities that computers today can carry for us. Brand safety in 2004 - 2014: Facebook made its debut, followed in close succession by YouTube (2005) and Twitter (2006). Three years later, Facebook became the first of the platforms to launch advertising. Facebook Ads represented a completely new way of advertising online but no one predicted the brand safety implications of venturing into these uncharted waters. In 2011 , the programmatic revolution began, accounting for around 25% of all digital display ad spendings. While it's difficult to underestimate the significance of programmatic in opening the digital landscape to marketers, within a relatively short period of time, it also became the source of the brand safety challenges and concerns of the modern era. Three years later (in 2014), programmatic advertising claimed for almost 50% of all the digital display ad spending, yet many marketers remain unaware-or uncertain of how to avoid-the looming brand safety crisis. Brand safety in 2015 - 2019: In the first significant brand safety incident, YouTube was found to be publishing ISIS recruitment videos alongside advertisements for Toyota, Procter & Gamble, and other well-known brands. The proximity of hate speech, extremist content, and child exploitation caused major brands like Nike, Disney, Nestle, and Amazon to stop advertising on the site once more in 2017, 2018 and 2019. YouTube's failed attempts to eliminate these kinds of content depicts the limitations of traditional brand safety tools we had in dealing with user-generated content. Brands advertising on social platforms run the risk of flying too near to the sun if they don't have access to real-time, page-level monitoring of what users are actually viewing. As they pursue the reach and value these platforms provide, they eventually run the risk of getting burned. Brand safety 2020 - Present: COVID has generated new hurdles for brand safety. Digital use increased tremendously and as a result more and more users and targeted audiences are now consuming information via digital platforms. Keyword blacklisting and URL blocking, which are the most widely used brand safety methods, do not assist in every condition. It is vital today to go beyond brand safety. A good brand suitability strategy is needed to ensure that your brand is aligned with positive settings while avoiding damaging content. Marketers are finally starting to get a handle on the most pressing brand safety issues of modern times. The focus for forward-thinkers has shifted to finding a more inclusive approach to brand safety - one that not only embraces content left at the margins of traditional brand safety measures, but ultimately moves brands closer to their most relatable content. Why is Brand Safety important? Brand safety is in the eye of the beholder—it all depends on what is or is not appropriate for the brand." The last thing you want for your brand to be associated with something negative or inappropriate, as almost half (48%) of consumers stated they will boycott or reconsider buying from a brand if it appears next to inappropriate content or content that concerns them. While it's impossible to avoid it from happening 100% of the time, you can take the necessary steps to prevent it from happening in the first place. Brand safety is one of the biggest issues of advertisers that keep them awake at night. If kept uncontrolled, brand can indirectly help bad players monetise which leads to: 1. Poor Ad Placement 2. Fuel Fake News and Misinformation 3. Provide support to conspiracy theories 4. Promote Extremism. 5. Promote Inappropriate content i.e pornography, illegal activities, drugs, military conflicts etc. Com Olho’s Solution for Brand Safety The Internet is home to several different types of content — educational, inspiring, entertaining to name a few. However, not every web page should deliver your message. Brand safety is one of the biggest issues of advertisers that keep them awake at night, hence it’s more important than ever to ensure your advertising appears alongside content that is right for your brand. The last thing you wish is for your brand to be associated with something negative or offensive. While it's impossible to avoid it from happening 100% of the time, you can take the actions to prevent it from happening in the first place. Com Olho’s Brand Safety APIs prevent your advertising from being displayed on irrelevant and hazardous websites and mobile applications in real-time. It not only allows your company to show adverts to humans, but it also protects your brand equity. Because digital ads are likely to be seen by more humans, every proactive effort taken to limit the impact of ads being shown in irrelevant and non-human ad slots will multiply your ROAS. The patented technology helps in the assessment of campaigns’ several points, which include ownership, content kind, reviews, engagement, and other factors. After retrieving the data, the platform automatically divides it into categories, ranging from the worst to the best publishers. Conclusion Brand safety requires more than just a ‘blanket’ approach across all digital campaigns. There are content that are unique to different channels and those need to be taken into consideration when devising your brand safety thresholds to protect your brand from appearing against unsavoury content. While brand safety is an hygiene activity and increasingly becoming table stakes, marketers are focused on relevancy and suitability of the content that brands are appearing alongside as a proxy for attention.

The National e-Governance Plan (NeGP) is a popular initiative launched by the Government of India to make all the government services available for all the citizens of the country while making use of electronic media. NeGP was developed by the Department of Electronics and Information Technology (DeitY) and also the Department of Administrative Reforms and Public Grievances (DARPG). The government has given their permission for the National e-Governance Plan, and includes 26 mission mode projects (MMPs) and some 8 components, as of 18 May 2006. This is an enabler of the Digital India initiative, and UMANG (Unified Mobile Application for New-age Governance)is also an enabler of NeGP. What in general is meant by e-governance? Electronic governance or e-governance, that today has been adopted by innumerable countries across the world and is widely prominent. In this quickly exaggerating and demanding economy such as India, e-governance is becoming quite a necessity. With this rapid growth of digitalization, there have been many governments across the globe for the introduction and incorporation of technology into governmental procedures. Electronic governance or e-governance is best described in terms of the usability of Information and Communication Technology (ICT) as per the government for offering and facilitating the services of government, exchange of information, interaction transactions, and the amalgamation of several stand-alone systems and services. If we say in some other words, it implies the use of technology for performing government activities and for achieving the goals of governance. With the help of this policy, the government services are now easily available to all the citizens and several ventures in a very smooth, productive, and transparent way. Some of the major instances are e-governance comprises the Digital India initiative, National Portal of India, Prime Minister of India portal, Aadhar, filing and payment of taxes online, digital land management systems, Common Entrance Test, and so forth. E-governance can generally take place in some of the four major steps and types of interactions: Government to Government (G2G) Government to Citizen (G2C) Government to the Businesses (G2B) Government to the Employees (G2E) As the 11th report of the Second Administrative Reforms Commission, that is titled "Promoting e-Governance - The Smart Way Forward", has established the position of the government that an expansion in the e-government was a necessary step. The ARC report got into the hands of the government on 20th December 2008. The report has also cited some prior initiatives just like sources of inspiration, comprise the references of the Singapore ONE program. For pursuing this goal, the National e-Governance Plan was made and formulated by the Department of Information Technology (DIT) and the Department of Administrative Reforms & Public Grievances (DAR&PG). The program needs the development of an innovative application for empowering citizens to access government services by the Common Service Centers and it is also aimed at both the reduction in government costs and improvement in access to services. Criticism the e-governance policy had to face Some of the criticisms and the limitations associated with this policy were the lack of needs analysis, business process reengineering, interoperability across MMPs, and coping with new technology trends including mobile interfaces, cloud computing, and digital signatures. What are the major objectives that E-Governance policy is focusing on? Some of the major objectives of e-governance are as follows: For supporting and simplification of government for the citizens of government, citizens, and businesses. For making the government administration much more transparent and answerable while addressing the needs of the society and the expectations with the help of efficient public services and productive interaction between people, businesses, and the government. For reducing corruption in the government. For making sure about the speedy administration of services and the information. For lowering any kind of complexities for ventures, offering immediate information and will enable digital communication by ex-business. What are the problems associated with E-Governance? Just as we know that the e-governance policy is having innumerable advantages like convenience, similarly it also has some kind of hurdles associated with itself. Some of them are as follows: No management of computer literacy: India is yet known as a developing country and an enormous majority of the citizens are lacking computer literacy that is a barrier to the effectiveness of e-governance. No kind of accessibility over the internet or even over the computers in some parts of the country is a major disadvantage of e-governance. E-governance can also quite often result in a complete loss of human communication. And as the systems are turning more and more mechanized, there are fewer interactions that are taking place among people. It has also given rise to the risk associated with personal data theft or any kind of leakage. E-governance can also lead to a tax administration and the service providers can very easily make some excuses of not offering the service on technical grounds just like the way “server is down” or “the internet is not working” and a lot more! Describing the E-Governance as per the Indian Context E-governance in India is very exclusive, new and one of the recent developments! The launch of this National Satellite-Based Computer Network (NICENET) was done in 1987 and with this, the subsequent launch of the District Information System of the National Informatics Centre (DISNIC) program was set up for computerizing every district offices all around the country for which free hardware and software was given to the State Governments which were also provided with the requisite impetus for e-governance. E-governance after all of this saw a great development along with the shoot up in technology. Today, there is a great number of e-Governance initiatives that are successful both at the Union and State levels. In the year 2006, the National e-Governance Plan (NeGP) got into formulation by the Department of Electronics and Information Technology and also Department of Administrative Reforms and Public Grievances that had the major objective of making all government services reachable to every common man, that will ensure efficiency, transparency and the trustability of all these services at an affordable cost for realizing the most basic requirements of the layman. The NeGP has been successfully able to enable some of the e-commerce initiatives such as: Digital India UMANG Digital locker PayGov Computerization of records of land

28th June 2021 : Com Olho filed digital governance technology patent for rolling back affiliate fraud, homograph attacks, fake news and pirated content. Internet based fraudsters use all kinds of tools to gain into customer data, monetise over affiliate marketing and spread fake news and pirated content over the internet. Understanding Fraudsters Mindset : Register a fake domain to side-run fake news, pirated content and misinformation. To drive revenue from this, enable google, facebook and programmatic ads. Register a fake domain and enable email servers. Use smtp to programmatically send brand impersonated emails to large email databases, getting fake impressions and click to boost advertising matrices. Create fake apps and incentivise users to download it, once downloaded scrap all the contact data and start surveillance marketing over the devices for delivering CPCU conversions. How does Com Olho Digital Governance Technology work? Step 1 : The technology helps digital assets owner create encrypted codes through regulatory body. This happens real time, when the user enters Aadhar Number ( For individual developers and content creators) CIN Number ( For enterprises that own digital asset) FIN Number ( For foreign enterprises) Step 2 : The encrypted codes are then uploaded on the DNS TXT records by the owner of the digital asset. Step 3 : The Telecom Regulatory on a user request to access the digital asset, verifies the encrypted keys in the DNS records to real time validate against true ownership and blocking all the fraudulent digital assets. Benefits : No need to maintain blacklist by telecom or ISP's. The owner ship of the digital asset is bind to either individual, incorporated legal entity or verified by FIN. In case of digital wrongdoing, the technology would help backtrack fraudsters organised crime. Prevent advertisers from monetising fake websites, apps and ad networks. Prevent consumers from data theft, account takeover and financial theft. We at Com Olho are developers of data-led exponential technology and have been recognized by the Department for Promotion of Industry and Internal Trade, Government of India as in the category of ML based cyber security. We pride ourselves with our success over the last 2+ years, and continuously strive to reach greater heights. We are incubated at NASSCOM 10000 Startups at the Gurugram Warehouse and also a recipient of a cash grant from Facebook. The company hold’s 3 proprietary patents for system and method for customer behaviour, anomaly detection and digital data governance.

As more and more advertisers are increasing their spending on mobile apps, mobile advertising fraud has also increased over the years. Ad fraud has been a feature of the digital advertising industry since its inception and with more and more mobile users, mobile ad fraud has emerged as one of the top marketing issues in various surveys. Invalid Traffic (IVT) is one of the most serious concerns directly related to ad fraud. Even though invalid traffic is very common in the digital ad space, it is still a concerning issue for advertisers for marketers, and publishers. Having identified IVT in your marketing strategies might cause a lot of challenges. Today we will discuss IVT in greater depth, concentrating on the most crucial information a marketer should be aware of. What is Invalid Traffic (IVT)? IVT refers to any type of online traffic originating from a non-human source. This traffic does not fulfil any ad serving quality in terms of ad clicks and impressions. In most cases, clicks and impressions not made with genuine interest are considered invalid traffic. However, invalid traffic is not necessarily always associated with mobile ad fraud. For instance, traffic from sources such as search engine crawlers and bots does not originate with a legitimate interest but is necessary. But of course, in the world of mobile advertising, IVT disguised as human behaviour is a huge issue. There are two broad categories of IVT namely GIVT (General IVT) and SIVT (Sophisticated IVT). GIVT is the one we explained earlier, the good kind does not engage in ad fraud. However, SIVT is infamous for its evil intent. SIVT is made to appear human-like and is not completely safe. General Invalid Traffic (GIVT) General Invalid Traffic, often referred to as "good" IVT is created with the intent to run over search engines. This includes bots, crawlers, spiders, and any other non-human traffic that originates from a data center IP address. In general, it is all automated traffic that does not attempt to imitate human user behaviour. As a result, they do not engage in mobile ad fraud. However, GIVT is not completely safe either. The majority of GIVT is fake traffic. And any traffic from invalid sources tends to skew audience measurement statistics by causing traffic surges that aren't produced by real users. Even if GIVT is not the result of ad fraud, it should not be paid for because it is not traffic that will convert. GIVT is usually simple to diagnose and exclude from results. Sophisticated Invalid Traffic (SIVT) So, if GIVT is relatively easier to detect, SIVT is equally difficult to detect. SIVT, which stands for Sophisticated Invalid Traffic, is a much more advanced internet bot that sends traffic to several publishers’ websites by impersonating a real human being. SIVT is traffic that is created to click on or watch ads in order to boost ad revenue. Not only that. Fraudsters use SIVT to spoof domains and manipulate location data, among other things. SIVT encompasses all types of sophisticated traffic that are more difficult to identify. The detection of this type of traffic usually necessitates the use of more complex tools, as the methods and approaches for employing SIVT for ad fraud are continually changing in order to evade detection. Why is IVT a growing concern for the mobile platform? It is undeniably true that invalid traffic has resulted in all sorts of malicious practices, including mobile ad fraud. IVT affects publisher revenue in addition to lowering the value of real impressions. Sophisticated nonhuman bots, which are actively involved in ad fraud, are responsible for roughly 18% of all internet traffic in the marketing business. It might be difficult to detect and eliminate sophisticated invalid traffic on your web properties. However, this is exactly what publishers should do in order to avoid bans, account suspensions, and other ad fraud penalties imposed by ad networks and exchanges. How to combat IVT? Mobile ad fraud is a moving target, and SIVT's bots are continually upgrading their operations to drain the marketing budgets of big brands. But here are some suggestions for how marketers may counter invalid traffic. Monitor your advertising inventory It is easier to discover Invalid Traffic by maintaining a good quality ad inventory. Classifying inventory with respect to their media types will assist marketers in identifying and eliminating bot traffic. Identify the IVT starting site using analytical tools. It is critical to be able to identify the source of the traffic in order to halt it. However, this would generally necessitate some investigation into analytical reports. Furthermore, It is strongly advised to use specialist tools for detecting and blocking invalid traffic. Com Olho’s solution can assist businesses in preventing various types of mobile ad fraud. You can discover sources of invalid traffic through cluster classification supported by patented technology. Schedule a free demo to learn more about how Com Olho may help secure your advertising initiatives.

When you’re playing games or using an application on your mobile phone device, it doesn’t just run smoothly but also show you products or services you might be interested in, these are called mobile ads (advertisements). Now-a-days, this is so common that application developers are getting more creative about accommodating them, because they have proven to be a huge industry in themselves. According to Zenith Media, Media Company, out of the global ad market, one third the size accounts for the mobile ad market, which is a multi-billion dollar industry, estimated at about 187 billion USD. But like every other industry, it has threats which tend to steal and leak money out of it, this is called Mobile Ad-fraud. It impacts and undermines the entire ecosystem of App markets and victimises not only the users but also the publishers of the apps. This mobile ad fraud leads to loss of revenue to the marketers. According to the Google Ads website, mobile ad fraud can lead to a loss of revenue in tune of 9-20% of the annual market budget for global mobile advertising. In the proceedings of the ACM conference on Computer and Communications security, it was revealed that the world’s largest botnet which is operated by ZeroAccess makes a hundred thousand US Dollars every day via ad fraud. To prevent this apps with abusive behaviours resulting in mobile ad fraud are actively identified by Google Android Security to protect users. Additionally, to protect its users from ad fraud, a developer policy denouncing abusive ad libraries for their excessive monetisation regarding mobile ads has been published by Google Play Store By now, it is pretty evident how big the mobile ad industry is and with it another multi-billion ad fraud industry is also emerging. To understand the concept of mobile ad-fraud let us first understand the mobile ad ecosystem and then delve deeper into mobile ad-fraud. Mobile Ad-ecosystem One of the most popular way of monetising mobile applications is by serving ads. A hosting app displays ads which are embedded in a library which in turn is integrated by the app developer in the mobile app. AdMob, an ad library managed by Google, is used by an estimated 56% of Android applications in Google Play Store. Hence, it is safe to say that usage of mobile ad libraries is quite common. Let’s now look at the major parties who make up this ecosystem, they include: an ad service provider, an advertiser and a publisher. An ad service provider bridges the gap between the publishers’ need to offer ads and the advertisers’ need to showcase their ads to a bigger audience, which provides great exposure to the advertisers. The services of an ad service provider also offers an ad library for publishers to include. After a library is embedded by the service provider, it goes and fetches ads from the service provider which are eventually displayed at the user’s screen. An impression constitutes each ad rendered, which usually means each video or an image displayed/rendered one time. The advertiser or agency designs the ad which is to be displayed for the target audience. They request the ad service provider for launching their ad campaigns. A publisher is the app developer who integrates an ad library, which is managed by an ad service provider, for monetising their app. Ad service providers charges advertisers on various ways, the three representative ways of billing are (1) Cost-Per-Mile (CPM) which is charged for ad-impression (2) Cost-Per-Click (CPC), for user clicks (3) Cost-Per-Install (CPI), for app installs. Mobile Ad Fraud Mobile ad fraud refers to generation of fraudulent revenues by operations that generate unwanted ad traffic by the means of clicks, conversions and ad impressions. This article will now talk about how mobile ad fraud can hurt advertisers and app publishers. Types of ad fraud that typically affect advertisers and ad publishers are as follows: 1. Invalid traffic : This is the most common form of fraud. In this type of fraud, scammers tend to mimic genuine traffic to earn money illegitimately instead of ads reaching the data-rich traffic of high quality. Several tactics are used at once to make the traffic appear as genuine as possible. 2. Ad Stacking : A user might only see one ad but the predator stacks multiple ads one below the other. But, regardless of the position of the ad in the stack, all of them are paid for by the advertisers. 3. Bots : Some bots are malicious that range from simple to sophisticated and some aren’t necessarily fraud, which act as general invalid traffic. But these can be used for creating fake installs, traffic or clicks. 4. App Spoofing: In this type of fraud, the ad might end up appearing on apps which might not be deemed brand safe i.e. the ad appears on a different app than what the advertisers paid for. This is done when a fraudster app sends a fake bundled ID to display itself as a premium app to the advertiser. 5. Click fraud : Fraudulent operations generating illegitimate clicks which consume the marketing budget of an advertiser are called click fraud, the advertiser is exploited. The main objective of the publisher and service provider for doing such a fraud is that it helps in manipulating and inflating their cost-per-click (CPC) prices by promoting a misleading cost per click. The adversary could be an ad service provider, or a competitor of a targeted advertiser, or an abusive publisher. This adversary depleted the ad budget by recruiting a botnet network to click ad impressions of a targeted advertiser. The success of a click fraud is dependent on generating click URL requests, which should target an ad service provider which accepts and counts the clicks towards the billing of a target advertiser. 6. Impression fraud : Before understanding this type of fraud it should be known to the reader that the key requirement of mobile ads for charging advertisers is to render ad impressions. The advertisers are charged usually by the number of impressions rendered. This fraud is said to have been committed when a predator creates invisible ads by making them tiny or hides ads under visible elements on the screen. These are very sneaky ads placed on the screen which send ad impression requests, that lead to advertisers being charged and no ad impressions are exposed to users. This method is kind of similar to ad stacking. Thus, it can be concluded that there are many ways of implementing ad fraud: (a) when there is no understanding but necessary deception, a large number of users are lured into clicking and interacting with unwanted ad impressions, this is usually done when the predator dupes users into genuinely clicking ad impressions, thus generating admissible click URL requests from users’ devices (b) when there is an understanding of how the ad service provider generates an admissible click URL request, the attacker sends a vast volume of click URL requests that a target ad service provider accepts by leveraging his own botnet networks.