Man
Professional
- Messages
- 2,968
- Reaction score
- 491
- Points
- 83
Given: An advertiser promotes his mobile application. To do this, he orders advertising placement on special platforms and directly from publishers/owners of mobile resources and gets a lot of clicks.
Question: What percentage of click spam does he get from all his traffic?
Click fraud malware is a pressing issue of considerable scale. This click fraud technology affects mobile app advertising and can cause huge losses to the advertiser. In principle, malicious activity can remain undetected for a long time even by advertising platforms.
Let's see what it is, what forms it takes and whether it is possible to protect oneself from it.
Contents
1. What is click spam
2. Types of click spam
3. Operating principle
4. Differences between click spam and botnets
5. Damage
6. How to detect click spam
7. How to protect your ads from click spam
When it comes to mobile apps, such malware can run in the background without the device owner's knowledge, and also exploit the behavior of a real user to profit from natural installations and purchases.
In addition to illegal requests for payment, fraudsters also significantly spoil the statistics of marketers on the effectiveness of advertising campaigns. Advertisers may perceive clicks and referrals as real and complete, although in fact they may be completely fraudulent "dummy".
Also considered click spam is the substitution of installation metrics (install spoofing).
How it all works:
In addition to receiving illegal compensation for the attacker, click spam also distorts statistics on traffic and goal achievement. The advertiser thinks that the platform on which he places the ad is effective, since it has such indicators at the output.
However, high traffic, a large number of installations, downloads, clicks - this is not an indicator of success, if all this is not followed by an increase in sales. The indicators can grow for as long as you like, but the business will remain stagnant.
If we talk about the third party - the user on whose device the parasitic application is installed, then he also suffers from the actions of fraudsters. Working in the background, it constantly drains the phone's battery. The user can share his smartphone with such a neighbor for a long time without suspecting anything. As, for example, it was the case with the DrainerBot malware.
In the case of click spam, the source is the application itself with malicious code, which autonomously uses the activity of the device owner to generate clicks.
A software development kit, or SDK, is the foundation of most apps distributed through their respective platforms. Over the past few years, there have been numerous cases of products with SDKs containing malicious elements that were intended to defraud advertisers' ads.
And we're not just talking about some unverified sites - malicious apps have been found in the Google Play store more than once. However, the App Store is not immune to malware either: in recent years, more than one fraudulent campaign has been discovered targeting Apple devices, affecting thousands of apps, such as SourMint.
However, click spam isn't limited to apps: mobile site landing pages can also generate fake clicks and impressions on behalf of visitors.
However, click flooding is harder to detect because the attacks are carried out from a device with a genuine ID, meaning it looks like the action is being carried out by the owner himself. However, some signals can be traced.
What can be done to combat click spam:
Remember the golden rule: click spam generates a lot of traffic, but almost never results in conversion (or only a small one).
Botfaqtor uses proprietary algorithms to analyze and identify fraudulent activity with clients' advertising campaigns and helps to understand what is actually happening with ads and conversions.
A pool of >100 technical and behavioral parameters is used to analyze traffic. The service adds bots to the stop list even before the advertiser connects to the system - the black list is the same for everyone and is updated every minute: more than 19 million bots and clickers are denied access to advertising campaigns in Yandex Direct, and more than 7 million in Google Ads. After connecting to the service, they will not be able to click your ads + new fraudulent attacks will be blocked.
Question: What percentage of click spam does he get from all his traffic?
Click fraud malware is a pressing issue of considerable scale. This click fraud technology affects mobile app advertising and can cause huge losses to the advertiser. In principle, malicious activity can remain undetected for a long time even by advertising platforms.
Let's see what it is, what forms it takes and whether it is possible to protect oneself from it.
Contents
1. What is click spam
2. Types of click spam
3. Operating principle
4. Differences between click spam and botnets
5. Damage
6. How to detect click spam
7. How to protect your ads from click spam
What is click spam
Click spam is the generation of mass non-targeted clicks on advertising. It is one of the click fraud methods that is actively used by fraudsters. Malicious software is introduced into websites and applications to click on advertisements or load pages with automatic generation of clicks or views.When it comes to mobile apps, such malware can run in the background without the device owner's knowledge, and also exploit the behavior of a real user to profit from natural installations and purchases.
Types of Click Spam
There are the following forms of click spam:- Mass generation of clicks on advertising. Also called click flood.
- Abuse of app install and download data is when advertisers compensate fraudsters for a click, install or download, even if this action would have taken place without the involvement of the fraudulent resource (the fraudster as an intermediary).
This happens, for example, when fraudsters embed third-party digital traces with affiliate markers on the user's device or browser, which allow fraudsters to request payment from the advertiser for the installation or the lead. - Generating invalid impressions and views is when a mobile application on a user’s device loads pages of fraudulent sites with advertising in the background, and also opens advertisements in hidden windows.
In addition to illegal requests for payment, fraudsters also significantly spoil the statistics of marketers on the effectiveness of advertising campaigns. Advertisers may perceive clicks and referrals as real and complete, although in fact they may be completely fraudulent "dummy".
Operating principle
For example, a user downloads an application, say, a calculator or a flashlight. Attackers embed functionality into it that launches it in the background on the user's device to perform specified fraudulent actions: clicking ads, watching video ads, etc.Also considered click spam is the substitution of installation metrics (install spoofing).
How it all works:
- The user downloads a malicious application onto their device.
- It has embedded code that can generate clicks on ads. It can also allow an external device to perform clicks within the app.
- All clicks on the ad are attributed to the developer or spammer - even if the fraudster has nothing to do with installing the advertised app, making a purchase, or clicking on the ad, he still receives payment.
In addition to receiving illegal compensation for the attacker, click spam also distorts statistics on traffic and goal achievement. The advertiser thinks that the platform on which he places the ad is effective, since it has such indicators at the output.
However, high traffic, a large number of installations, downloads, clicks - this is not an indicator of success, if all this is not followed by an increase in sales. The indicators can grow for as long as you like, but the business will remain stagnant.
If we talk about the third party - the user on whose device the parasitic application is installed, then he also suffers from the actions of fraudsters. Working in the background, it constantly drains the phone's battery. The user can share his smartphone with such a neighbor for a long time without suspecting anything. As, for example, it was the case with the DrainerBot malware.
The difference between click spam and botnets
Click spam works differently from botnets - the application itself generates a large number of spam clicks/views. In comparison, botnets need to be part of a network of many infected devices to carry out attacks and generate fake traffic or clicks. Botnets are not autonomous - they are controlled by an operator.In the case of click spam, the source is the application itself with malicious code, which autonomously uses the activity of the device owner to generate clicks.
A software development kit, or SDK, is the foundation of most apps distributed through their respective platforms. Over the past few years, there have been numerous cases of products with SDKs containing malicious elements that were intended to defraud advertisers' ads.
And we're not just talking about some unverified sites - malicious apps have been found in the Google Play store more than once. However, the App Store is not immune to malware either: in recent years, more than one fraudulent campaign has been discovered targeting Apple devices, affecting thousands of apps, such as SourMint.
However, click spam isn't limited to apps: mobile site landing pages can also generate fake clicks and impressions on behalf of visitors.
Damage
- The most significant type of damage from click spam is fraud on organic app installs, when an advertiser pays a fraudster for an install that will happen/would have happened anyway. In addition to the loss of budget, this will also lead to incorrect interpretation of statistics and deceived expectations.
- Since organic users tend to have higher engagement with an app than users who clicked on an ad and installed it, click spam causes advertisers to spend more money because they are convinced that it is a traffic source that is, in fact, fraudulent.
- Fraudsters steal not only the advertiser's money, but also time, and also spoil all marketing statistics.
- Last but not least, reputational damage is felt by everyone – advertising platforms, mobile site owners, partners involved in the sales chain and lead generation. For an advertiser, misuse of the advertising budget can lead to a waste of time and money, and problems with user acquisition.
How to spot click spam
Advice for advertisers: The clearest evidence that you have been a victim of click spam will always be the highest traffic with the lowest number of conversions. This applies to almost all forms of click fraud or ad fraud.However, click flooding is harder to detect because the attacks are carried out from a device with a genuine ID, meaning it looks like the action is being carried out by the owner himself. However, some signals can be traced.
What can be done to combat click spam:
- Check the time between clicks and conversions in analytics/metrics. After a click, some time must pass for the user to perform a conversion action.
- Make sure that the apps are checked by advertising platforms for viruses and malicious "filling". This is often a good indicator that the selected resources are genuine. However, keep in mind that in the Google Play store, developers are not required to check their own products. Also, the check may take some time, during which it will be available to users. Developers can hide the code of their application, so even if it is not checked, this does not mean that they are scammers.
- You can also check the traffic from the publisher using the counter. For example, if you see that his resource has a small real audience reach, but high traffic comes from it.
Remember the golden rule: click spam generates a lot of traffic, but almost never results in conversion (or only a small one).
How to protect your ads from click spam
Click spam is a form of advertising fraud. It can be stopped by using special anti-click fraud services. Botfaqtor is one of them.Botfaqtor uses proprietary algorithms to analyze and identify fraudulent activity with clients' advertising campaigns and helps to understand what is actually happening with ads and conversions.
A pool of >100 technical and behavioral parameters is used to analyze traffic. The service adds bots to the stop list even before the advertiser connects to the system - the black list is the same for everyone and is updated every minute: more than 19 million bots and clickers are denied access to advertising campaigns in Yandex Direct, and more than 7 million in Google Ads. After connecting to the service, they will not be able to click your ads + new fraudulent attacks will be blocked.
