Man
Professional
- Messages
- 3,070
- Reaction score
- 605
- Points
- 113
Until 2015, smartphones competed with TVs and desktop computers as tools for delivering information to consumers. But then came a turning point. Users began choosing mobile devices more for searching and consuming online content. The share of budgets for mobile advertising exceeded desktop advertising. Google switched to Mobile First Indexing, which meant that priority was given to indexing and ranking the mobile version of sites.
This is a lot of money that scammers are not willing to miss out on. That is why mobile advertising fraud is rapidly developing and improving.
In this article, we will talk about the most common types of click fraud used by cybercriminals against advertisers' budgets.
Contents
1. Click spam: how scammers “catch” organic traffic
1.1. The harm of click spam
1.2. How to detect click spam in mobile advertising
2. Click injection and damage to the advertising campaign
3. Pseudo-installations (SDK Spoofing)
3.1. Operating principle
3.2. How to deal with it
4. Ad Stacking
4.1 How to detect layering and prevent click fraud
You can encounter this type of fraud in mobile advertising when a user opens a website page or application on their phone that is owned by a fraudster. Then everything can happen according to one of the following schemes:
All these schemes are united by one common principle: the user does not know what is happening in the application while it is running on his phone. Neither during personal interaction with it, nor during inactivity.
But budget loss is not the only thing that can await a marketer in this situation. It is also followed by the formation of incorrect statistics on organic installations and analysis of the effectiveness of the sites where advertising is placed.
This type of click fraud is also characterized by the fact that money from the advertising campaign may be spent unevenly. Bot clicks and pseudo-installations from fraudulent applications are massive, that is, the advertising budget will be mainly directed to these channels, while sources of real traffic and real installations will sag.
With organic traffic from bona fide channels, clicks follow a characteristic pattern: first there is a jump in installations, and then a steady decline.
Click spam shows a different picture - they are characterized by uniformity of installation and click. There is no jump or decline.
The gist of it is this: when a user installs an app, the malware sitting on the device initiates a click on it in order to attribute the attribution to its advertising account. Even if it was an organic transition - supposedly the user came from its website/app via an advertisement and installed it.
In addition to the advertiser losing money on this pseudo-attribution, incorrect data gets into the statistics, which interferes with further analysis and selection of a reliable traffic source.
If you are running a CPI (cost-per-install) advertising campaign on different advertising platforms, and especially in high-stakes topics, be prepared to be scammed. Where the stakes are high, the risk of click fraud is high.
And here it is not possible without malicious code, which is embedded into the application developed by the fraudster. This is done at the SDK file (Software development kit) level. This way, the attackers easily gain access to the user's device.
Fraudsters collect real device data using their own malicious apps or inject code into completely harmless and popular tools, such as “Battery Saving Mode” or “Flashlight”.
Here is a recommendation directly for developers. Instead of constantly making edits to your applications, it is advisable to create a hash signature for exchanging packages between the SDK and the server in advance during its development. It is also advisable to create complex dynamic URL parameters that cannot be selected and reused.
Ad stacking is an advertising fraud technique where one ad is placed on top of another. That is, instead of allocating a separate block on a website or in an application for each ad, fraudsters simply place one on top of the other, and the user sees only the top one.
Advertisers pay the platform for displaying ads that the potential buyer does not actually see.
Here are some effective ways to identify click fraud with ad stacking:
Manual traffic quality checks require a lot of time. Complex click fraud protection systems help to do this automatically and use many algorithms to detect click fraud.
This is a lot of money that scammers are not willing to miss out on. That is why mobile advertising fraud is rapidly developing and improving.
In this article, we will talk about the most common types of click fraud used by cybercriminals against advertisers' budgets.
Contents
1. Click spam: how scammers “catch” organic traffic
1.1. The harm of click spam
1.2. How to detect click spam in mobile advertising
2. Click injection and damage to the advertising campaign
3. Pseudo-installations (SDK Spoofing)
3.1. Operating principle
3.2. How to deal with it
4. Ad Stacking
4.1 How to detect layering and prevent click fraud
Click Spam: How Fraudsters “Catch” Organic Traffic
When it comes to mobile ad fraud techniques, the most popular method is organic click spam. This technique involves a criminal clicking on ads instead of a user who did not do so.You can encounter this type of fraud in mobile advertising when a user opens a website page or application on their phone that is owned by a fraudster. Then everything can happen according to one of the following schemes:
- The page may be automatically click fraudulent in the background, even if there are no ads on the screen.
- A spammer can start clicking ads in the background while the user is interacting with the app. That is, the bot imitates the actions of the device owner.
- The malicious mobile app generates clicks at any time simply because it runs in the background 24/7 (not forcefully disabled).
- The fraudster may pass off ad impressions to the user as actual clicks.
- The spammer simulates clicks on ads from artificially generated ID addresses.
All these schemes are united by one common principle: the user does not know what is happening in the application while it is running on his phone. Neither during personal interaction with it, nor during inactivity.
The Harm of Click Spam
Spamming with artificial clicks in mobile advertising is dangerous and insidious, because if the click fraud security system does not work, the fraudster unlawfully attributes the attribution to himself. The advertiser, accordingly, pays for pseudo-clicks and installations.But budget loss is not the only thing that can await a marketer in this situation. It is also followed by the formation of incorrect statistics on organic installations and analysis of the effectiveness of the sites where advertising is placed.
- In the first case, the advertiser cannot be sure whether he paid for the installation of the application by a real user or a fraudster. Such interception spoils all the statistics of the advertising campaign and its subsequent marketing analysis.
- In the second case, it is difficult to determine the traffic (installation) provider. Which channel brings real users, and which only bots. It turns out to be a vicious circle: the advertiser pays for advertising in an application that provides him with invalid statistics, or for users who have already installed it and are actively using it.
This type of click fraud is also characterized by the fact that money from the advertising campaign may be spent unevenly. Bot clicks and pseudo-installations from fraudulent applications are massive, that is, the advertising budget will be mainly directed to these channels, while sources of real traffic and real installations will sag.
How to Spot Click Spam in Mobile Advertising
There are different click fraud detection techniques that are used to combat cybercriminals. For example, an advertiser can detect click spam based on the pattern of fraudulent behavior, since real ad clicks differ from clicks made by spammers.With organic traffic from bona fide channels, clicks follow a characteristic pattern: first there is a jump in installations, and then a steady decline.
Click spam shows a different picture - they are characterized by uniformity of installation and click. There is no jump or decline.
Click injection and damage to the advertising campaign
A more complex click spam technique is click injection. It occurs on malware-infected mobile devices running Android OS.The gist of it is this: when a user installs an app, the malware sitting on the device initiates a click on it in order to attribute the attribution to its advertising account. Even if it was an organic transition - supposedly the user came from its website/app via an advertisement and installed it.
In addition to the advertiser losing money on this pseudo-attribution, incorrect data gets into the statistics, which interferes with further analysis and selection of a reliable traffic source.
If you are running a CPI (cost-per-install) advertising campaign on different advertising platforms, and especially in high-stakes topics, be prepared to be scammed. Where the stakes are high, the risk of click fraud is high.
Pseudo-installations (SDK Spoofing)
Fake installs are a relatively new type of mobile ad fraud. They are somewhat similar to click injection, but instead of tracking the user installing the app and intercepting attribution, cybercriminals fake the installs themselves, artificially inflating them.And here it is not possible without malicious code, which is embedded into the application developed by the fraudster. This is done at the SDK file (Software development kit) level. This way, the attackers easily gain access to the user's device.
Operating principle
To commit this type of fraud, criminals hack the SSL connection used to exchange data between the SDK and the server. Then, the scammers generate a series of test installations within the application they want to attack. With this, they learn which parts of the URL are responsible for what in the application, which are dynamic and which are static. And once the criminals know which address is responsible for verifying the installation, they start generating them out of thin air. And they can do this ad infinitum.How to deal with it
This type of mobile advertising fraud is very difficult to detect, unlike pseudo-installations performed using device emulators or special farms. Since in this case it is almost impossible to separate the real installation from the fake one.Fraudsters collect real device data using their own malicious apps or inject code into completely harmless and popular tools, such as “Battery Saving Mode” or “Flashlight”.
Here is a recommendation directly for developers. Instead of constantly making edits to your applications, it is advisable to create a hash signature for exchanging packages between the SDK and the server in advance during its development. It is also advisable to create complex dynamic URL parameters that cannot be selected and reused.
Ad Stacking
This type of mobile fraud is most common in pay-per-click or pay-per-impression advertising. Fortunately for advertisers, this technique is easy to spot.Ad stacking is an advertising fraud technique where one ad is placed on top of another. That is, instead of allocating a separate block on a website or in an application for each ad, fraudsters simply place one on top of the other, and the user sees only the top one.
Advertisers pay the platform for displaying ads that the potential buyer does not actually see.
How to Detect Layering and Prevent Click Fraud
Even though layering can be easily tracked, advertisers still continue to fall victim to this type of fraud and lose budget.Here are some effective ways to identify click fraud with ad stacking:
- Regularly check the statistics in Metrica or Analytics of your advertising campaign. If you are running more than one campaign, pay attention to the time stamps in the statistics. If several of your ads were clicked on from the same source and at the same time, there is a high probability that it was fraud.
- Track conversions. A large number of impressions with low conversions may ultimately indicate that you are being subjected to layering techniques.
- If possible, establish communication with the advertising platform or donor. If you are not sure about the quality of clicks or impressions, doubt their naturalness, contact the service support or the advertising partner directly. It is advisable to first analyze the campaign for its effectiveness and evaluate all metrics. Attach examples in your request.
Manual traffic quality checks require a lot of time. Complex click fraud protection systems help to do this automatically and use many algorithms to detect click fraud.
