Ad Fraud Online – The Nefarious Ways of Fraudsters

Fraud

“Ad Fraud is occuring right now as you read this”


The online advertising industry has been showing steady growth for over a decade. And that growth isn’t expected to stop any time soon.

To illustrate the enormity of this industry, let’s take a quick look at the United States alone.

In 2018 US digital ad revenue reached 100 billion dollars. And in the US it’s now bigger than all forms of traditional advertisement combined.

Online advertising is only expected to build on that lead, becoming an increasingly large majority of American ad spend.

But there is a dark side to this spectacular growth.

Fraud is also reaching epic proportions. Statista estimates that US internet advertising fraud cost over 11 billion dollars is 2018.

It should come as little surprise that a 100 billion dollar industry would attract some bad actors. But fraud in the ad industry often occurs in proportions that can be shocking for those coming from other sectors.

This large amount of fraud is due primarily to the industry being so complicated and fragmented. It involves a tremendous number of players and organizations that aren’t related to one another.

It also develops at a breakneck pace. This fast growth means that new exploits are found and new fraud schemes developed so rapidly that they can be hard to discover quickly.

On occasion, the schemes have reached epic proportions.

The different kinds of fraud

The goal of this article is to give you a short introduction to the most common online ad fraud schemes.

The idea behind this isn’t to scare you away from online advertising.

Indeed, just about every large business the world over has judged that the benefits far outweigh the risks of nominal loss due to fraud.

Were this not the case, the industry wouldn’t be reporting such impressive numbers year-over-year in terms of growth!

So without further ado, let’s look at how bad actors try to scam advertisers out of their money.

1. Clickspam

Clickspam is one of the most common types of online advertising fraud.

Generally, this kind of fraud occurs on mobile. An app creator will build into his app a certain functionality that reports high volumes of ad clicks.

He does this in the hopes that, eventually, a user of this malicious app will install another one organically.

Whereupon the publisher would be able to claim that his ad led to the conversion by using the fake click as proof of ad interaction.

If the advertiser doesn’t realize that this is clickspam, he will pay the conversion bounty to the fraudster.

This kind of fraud can often be identified by looking at subID conversion rates and Click to Install Time (CTIT). If the CTIT is rather long and the conversion rate extremely low, then this could be a source of Clickspam fraud.

2. Click Injection/Hijacking

Click Injection or Click Hijacking is a more advanced, targeted way of claiming an installation that you didn’t earn. In many ways, Click Injection is the opposite of Clickspam.

Clickspam is based on spamming clicks and hoping that, eventually, a device user will organically install an app that the fraudster can then claim as a conversion.

Click Injection, rather than spamming clicks, waits for a user to install an app. Then, in the interval between the beginning of installation and initial open, it claims to have received a click and won a conversion.

SubIDs using this style of fraud can be identified by their extremely low Click to Install Times and very high conversion rates.

Often these are taken to near impossible extremes, which makes Click Injection relatively straightforward to find – if one is on the lookout for it.

This style of fraud used to be particularly widespread on Android devices due to the way that the system registered installation time.

Google has since addressed the principal exploits, and Click Injection is much less rampant than it used to be.

3. Click Farms

Click farms are one of the oldest forms of online advertising fraud.

The idea was simple: what if you could pay someone to click on an ad for less than you make for receiving the click?

Naturally, this wasn’t possible in the developed world, but click farms grew and spread throughout the most impoverished parts of the developing world.

Anywhere salaries were extraordinarily low (and where there were a lot of people on hand) were perfect for the foundation of a click farm.

A weak and corrupt police force only made this easier.

Imagine scores of poorly paid workers clicking their shift away and interacting with ads all day long. That’s a click farm.

To a large extent, click farms have been replaced by advanced bots and by more productive fraud schemes.

4. Device Farms

Device farms are just that: large farms of mobile devices. In many ways they’re a lot like click farms, but for mobile.

A fraudster will gather a large number of devices and direct them to a subID that he controls. He will then have accomplices or employees perform a large number of app installs.

He is then, in turn, paid for each of the installs that were made through his subID.

Traditional device farming involved gathering devices and using them to make the installs by hand.

However, this doesn’t scale well, and fraudsters are particularly greedy people.

To lower their costs and increase the scalability of the fraud, they began using emulators rather than literal devices.

By running emulators on servers, they can quickly increase the number of apparent devices, and change device makes and models.

All of which make their fraudulent activities harder to spot and isolate.

5. Bot traffic

Bots are computer programs that are designed to perform actions repeatedly (robotically, hence the name). Advanced bots can click, make mouse movements, scroll, and perform a whole manner of operations.

These actions can appear human when one only has clicks, page view time, mouse tracking, and similar metrics to determine whether or not a user is human.

And pretending to be human is the whole idea.

Fraudsters use these kinds of programs to mimic human interaction with ads and thereby claim whatever reward the advertiser is offering.

The interaction could be merely clicking through, or it might be some more complex engagement with the advertisement.

6. Ad stacking

Ad stacking involves the placement of several advertisements in the same positions on a website.

In doing so, the publishers attempt to claim the same click or view with multiple advertisers at the same time, thereby increasing potential revenue by an order of magnitude.

Several ads are just “hidden” behind one visible ad.

For one real impression, the publisher reports back several. Fraudsters can claim clicks, impressions, or views many times over using this method.

There are, however, ways to deal with ad stacking.

The thing about ad stacking is that all the events reported for the various advertisements will occur at precisely the same time.

This near-impossible situation will occur over and over and over again with an ad stacker.

This means that anti-fraud tools can relatively easily pick up on it by merely comparing the timestamps of the various clicks, impressions, and views.

If a subID has a significant number of overlapping timestamps, it’s likely engaging in ad stacking and can be summarily blacklisted.

7. SDK spoofing

SDK spoofing is a relatively new style of fraud that can become quite expensive for targeted advertisers.

Typically what happens here is that the fraudsters crack an app’s tracking SDK and experiment with it until they have figured out what all the various parameters are.

Once they have figured out these tracking URL parameters, fraudsters can generate fake installs and report them back to the advertiser.

In doing so, they claim conversions that simply don’t exist.

To accomplish this, fraudsters have to create a malicious app that they use to figure out your app’s SDK. Once that’s done, they use data from real devices to generate seemingly real installs and consume your advertising budget.

One way to detect this is to look at your SDK version numbers and to see if a single, older version is responsible for an inordinate amount of your installs.

If so, it’s worth looking deeper to see if you’re the victim of SDK spoofing.

Click Complications

Click fraud and ad fraud, in general, are linked to a publisher or subID. This is because that publisher or subID is the party that receives the money from the advertiser in return for actions, views, clicks, installs, etc.

So when you detect fraud on a subID, it can usually be presumed that that subID is orchestrating the scam.

One can assume this because these publishers are the ones that would presumably be getting paid for it.

While fraud on a subID typically means that subID is trying to rip off advertisers, it isn’t always the case.

In some cases, competitors of a particular advertiser will orchestrate fraud and target their competitor’s ads.

They do this to get the targeted advertiser to waste money on useless clicks or installs.

A publisher’s competitors might also direct obvious fraudulent traffic there to get that subID banned.

Since it is common practice to ban subIDs entirely when fraudulent traffic is detected, a competitor might send fraudulent traffic to a site to get it blacklisted.

And this blacklisting could be seriously detrimental to a competitor’s bottom line.

This kind of targeted fraud is challenging to combat because the subID is punished for something over which it has very little control. It is, nevertheless, something for which one ought to be on the lookout.

Limiting fraud is one of the highest objectives for advertisers. This is because fraudulent traffic is still, well, fraudulent traffic whether or not the subID was involved in it.

This distinction can be important if, for example, a competitor of a good subID tries to poison the relationship by sending them fraudulent traffic.

Protecting yourself

For every online fraud schemed developed, an antidote is discovered.

As the industry has grown, so has fraud. As fraud has grown, so too has the anti-fraud industry.

While sophisticated criminals may consistently target the online advertising industry, it has developed extraordinarily advanced anti-fraud protections in response.

As you have seen in reviewing some of the common forms of online fraud, there are usually metrics that allow for their identification.

By keeping an eye on such metrics and using advanced anti-fraud services (such as those built into our DSP!), advertisers can confront fraud head-on.

The benefits far outweigh the risks

Online advertising has recently surpassed all forms of traditional media combined in terms of ad spend.

Advertisers have clearly decided that online advertising is more than worth the risk of fraud. Even if that risk is relatively high compared to other forms of advertising.

What makes online advertising so attractive to advertisers is also what makes it so susceptible to fraud.

The ability to reach millions of people instantly and interact with them, the ability to track and to target and retarget, the ability to deploy on hundreds of sites at once without having a direct relationship with any of them.

These incredible opportunities that are only possible via online advertising have allowed hundreds of thousands of businesses to find new customers and expand into new markets.

Fraud is undoubtedly an issue with online advertising.

But it is one that can be significantly mitigated by working with trustworthy partners and maintaining a high degree of vigilance.

In this way, you can maximize the upside and minimize the downsides as much as possible.


Mobinner is a high-performance Demand-Side Platform that uses that latest in anti-fraud technology to protect you from bad actors. We have a history of growing brands, acquiring users, and driving conversions. See what Mobinner can do for your business.



Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap