What is mobile ad fraud? And how does it stop marketers from reaching their goals? This article will show you everything you need to know about the subject.
Today, many fraudsters make money from online advertising scams, taking advantage of the proliferation of online cash and transactions. In 2022, the total cost of ad fraud was estimated to have reached $81 billion and is expected to rise to almost $100 billion by the end of 2023. The region worst affected by this fraud, however, is Asia-Pacific (APAC), where, in 2022, it cost internet users $75 billion.
What is mobile ad fraud?
So what is mobile ad fraud, and why should marketers understand it? If you want to run an online business of any stripe these days, you need to know how fraudsters operate.
In a nutshell, fraud means cheating or deceiving someone to get money illegally.
With regard to mobile ad fraud, fraudsters aim to take advantage of online advertising through different means. Today, online ads usually have different payment schemes linked to the system used to measure them, such as cost-per-acquisition (CPA), cost-per-install (CPI), etc. In simple terms, mobile ad fraud refers to the attempts that fraudsters make to cheat publishers, advertisers, or the supply chain.
The aim of criminals engaged in this activity is to exploit mobile advertising technology to reach this goal, their primary objective being to steal money from advertising budgets that companies set apart for marketing.
Ironically, although publishers are often the victims of ad fraud, they can also perpetrate it too. Unlike individuals or groups of fraudsters – who are usually absolutely faceless – fraudulent publishers commit mobile ad fraud under the seemingly respectable guise of seemingly registered companies.
As such, mobile ad fraud is best understood as a subgroup of online ad fraud. Fraudsters usually carry out these scams on mobile devices such as tablets or smartphones. The channels they use can be either one of the following:
- Mobile app: Mobile application environments
- Mobile web: Web browsers that are on mobile devices.
Mobile ad fraud not only drains resources and causes loss of budget and polluted data but also affects other aspects of a business’s marketing efforts. Its ill effects are felt by advertisers and other entities in the advertising or marketing ecosystem alike.
Fraud and the advertising industry
When online advertising began, mobile ad fraud wasn’t far behind. Today, ad fraud can impact even a basic cost—per—click (CPC) campaign. Until the early 2000s, most ad frauds were a variation of search engine manipulation or some form of desktop-based click spamming.
After the internet became accessible on mobile devices (mainly due to the introduction of the Apple app store in 2008), a spike in online advertising followed in 2010 due to the boom in mobile web use and the introduction of various app environments. Until then, both fraudsters and advertisers depended on desktop activity.
As companies started to invest in mobile advertising, however, fraudsters also concentrated on mobile ad fraud. Initially, they applied some of the methods they’d used successfully in desktop fraud to this new arena. From this, app install fraud began to flourish and is still today one of the most common forms of mobile ad fraud.
Subsequently, since companies began focusing on app store rankings, fraudsters responded by promising to deliver huge install quantities quickly. By concentrating on low-quality and incentivized channels, these criminals began to spam advertisers with fake users.
Setting up online media sources or publisher accounts is relatively easy, so fraudsters often use masking techniques and shell companies to disguise themselves as legitimate entities on various platforms. Moreover, the complexities of online advertising are also helping mobile ad fraud to flourish.
Types of mobile ad fraud
Unsurprisingly, then, there are different types of mobile ad fraud. Here are some of the most common forms:
Click spamming is also known as organics poaching. In this type of mobile ad fraud, a fraudster or bot will execute clicks for a user when the user is engaging with an app for another reason. As a result, these clicks will look genuine, making it seem as if the user has interacted with an advertisement when in reality, they have not.
In this process, a large number of clicks get sent to a mobile measurement platform (MMP). By sending such huge volumes of clicks, fraudsters attempt to get fraudulently generate cash by boosting the chances of misattribution.
Click injection is one of the most advanced forms of click-spamming. In this type of mobile ad, fraudsters have access to an android app that listens to to app install broadcasts. When there is an app download on the device, this app triggers a click before the app gets downloaded. In doing so, fraudsters are sometimes able to trick advertisers into giving them credit for installations.
Moreover, online criminals also use junk apps on a user’s device to achieve this task. This app remains dormant until an app gets installed on the device. An installation broadcast then activates it, hijacking the user’s device to generate the click and to get the credit.
SDK spoofing is also known as ‘replay attacks’ or ‘traffic spoofing.’ It is one of those techniques in which fraudsters create illegitimate installs using real devices. A form of bot-based fraud, it functions via malware hidden in a different app on a user’s device that generates simulated installs, user engagement, and ad clicks.
These devices then send signals to the advertiser’s attribution provider on behalf of another app. By tricking advertisers, fraudsters can generate illegal income from the hundreds – sometimes thousands – of installations that never happened in the first place.
What does Swaarm do to prevent mobile ad fraud?
Swaarm can help detect and prevent fraud. Here are some of the features that make this possible.
The optimization tool monitors all incoming traffic in the system and checks its authenticity. Using the optimization tool, all traffic in the system (i.e., clicks forwarded to the advertiser and postbacks received in the system) can be controlled.
Using this feature, you can set up rules that will run on all the incoming traffic, as well as discard traffic that does not meet these rules.
Here are some examples of optimization rules that advertisers and marketers use to prevent fraudulent traffic.
This rule discards all duplicate traffic coming into the system. If this rule is active, all duplicate clicks and/or impressions will be discarded and will not redirect to the offer URL. For example, if you set up the recency TTL for 60 seconds, the system will discard the duplicate if there is a duplicate click within 30 seconds after the first.
If this rule is active, any incoming clicks/impressions with crucial information missing (i.e., offer IDs and publisher IDs) will be discarded and will not be redirected to the offer URL.
Anonymous Proxy IP
If this rule is active, any clicks/impressions incoming that are masking their IP (aka VPN traffic) will be discarded, and the system will not redirect it to the offer URL.
Click to Install Time
If visitors spend less than a couple of seconds between clicking on an ad and installing the app, this could be a sign of fake traffic. This optimization rule allows you to set a threshold of X seconds (i.e., click-to-install time). If the software finds traffic where the time between clicks and conversion falls over the threshold, it marks the conversion as ’failed’ and does not attribute it to the publisher.
Click Signing Report
Click signing is an anti-fraud feature that allows you to sign every click sent to AppsFlyer. Signing helps ad networks to be aware of the possibility of sending fraudulent traffic to advertisers, therefore preventing it.
Click Signing Reports involve secret keys generated within a specific time frame that is assigned to clicks and sent with an advertiser’s tracking link. If the key is invalid or expired, AppsFlyer defines the click as fraudulent traffic and will block it.
AppsFlyer’s click signing is integrated with Swaarm, which means you can enable it on traffic sent to the AppsFlyer and generate the click signing report in Swaarm. It allows you to validate your traffic and prevent fraudulent traffic.
You can control what clicks get forwarded to the advertiser based on the rules set in Swaarm. These are some of the critical features in Swaarm that help eradicate fraud. To learn more about Swaarm and other unique features that it has, book a free demo.
What is mobile ad fraud? This article answers everything that you need to know about it. Today, there are many different types of mobile ad fraud, and unless they have proper fraud prevention tools, it’s easy for fraudsters to scam advertisers and ad networks.