Click spam: A common source of mobile UA fraud

James Haslam

Posted Jul 5, 2017

In this second in our series of posts contained in our recent ebook, An Expert’s Guide to Mobile Ad Fraud, we take you through Organics Poaching, also known as Click Spam, and expose the malpractice, and how it can be stopped. Read the first in our series here. If you want more fraud content, download the mobile fraud guide in full, here.

Organic users are incredibly valuable for app businesses. They’re the users which download an app without having interacted with an ad, and have likely done so on their own volition, or through a recommendation by word-of-mouth. They tend to try apps for longer, and can have a higher lifetime value than their paid counterparts.

As such, identifying when an organic user enters an app and then segmenting them when they do, is an important way of identifying the overall health of an app business. So it’s a challenge for app developers when fraudsters attempt to claim organic users as their own.

Operating on the edge of what is considered acceptable practice, unscrupulous publishers can use shady techniques to take credit for organic users, which means that an app business can be tricked into overweighting the importance of a fraudulent traffic source, and also pay for users which came organically.

Click Spam: How Fraudsters Poach Organic Users

There’s one particular technique by which fraudster poach organic users. Known as click spam, this type of fraud happens when a fraudster attributes clicks to users who haven’t made them.

It starts when a user lands on a mobile web page or in an app which a fraudster is operating. From there, any one of several kinds of fraud could take place:

  • The mobile web page could be executing clicks in the background without visible ads, or ads which can be interacted with.
  • The spammer could begin clicking in the background while the user engages with their app, making it look as though they have interacted with an advert
  • The fraudster app can generate clicks at any time if they run an app that is running in the background 24/7 (e.g. launchers, memory cleaners, battery savers etc.)
  • The fraudster could send impressions-as-clicks to make it look as if a view has converted into an engagement.
  • The spammer could blatantly send clicks from made up device IDs to tracking vendors.

What unites these approaches is that a user is not aware that they’ve been registered as interacting with an advert. That’s because in actual fact, they never even saw anything.

As a result, the user may install an app organically but a fraudster will claim they’ve seen an advert – meaning the conversions will be attributed to a source that had nothing to do with the install.

The Impact of Click Spam

Click spamming is insidious because it essentially captures organic traffic, brands it without its knowledge and then claims the credit for the user later.

This has a few important and profound effects on an advertiser, the most obvious of which is that they pay up for a user who was actually an organic without knowing that they were.

Not only does this cost advertisers their spend, but there are a few more effects to this type of fraud. First, and related to the previous point, the fact that the advertiser does not know that they’ve paid for an organic skews a number of interrelated metrics.

It undercooks the number of organic users that the app is generating, which affects both internal cohort analysis and potentially underplays the impact of marketing that could generate organics such as ASO, branding and press outreach which have potentially been cannibalized through the click spamming.

Organics poaching also threatens the certainty of acquisition decisions too. If an advertising network is claiming organic users and these users perform well within an app, the advertiser will obviously decide to invest in that channel to acquire more of the same type of users. This creates a circular problem, where the advertiser continues to pay someone else for the users they’ve already acquired completely naturally (or through other marketing channels) until they realize the mistake.

Click spam has the potential to affect targeting decisions across the whole business. While those organic users will undoubtedly be good quality, their presence in the paid acquisition cohorts will tempt a marketer to pay for advertising in other channels that target these groups. This is despite the fact that these groups might well download the app in question without the prompt of an advert at all - meaning that the advertiser wastes time and money chasing users who could be reached in other ways.

These investments will be made at the expense of other channels. Campaigns that are largely unblemished by fraudulent conversions will appear less performant in relation to the poached organics. The missing ROI on relatively fraud-free channels pose an opportunity cost to the advertiser: when they could have invested sums chasing truly promising user cohorts, their budget is tied up with fraudulent channels instead.

Click spamming might seem like a relatively small thing to deal with. But if it isn’t spotted early, it can seriously pollute an entire app’s attribution efforts - leading advertisers astray and causing them to waste a significant amount of time chasing after users they’ve already acquired.

Fighting Click Spam

It’s impossible for advertisers to combat click spamming on the front line, as it’s down to publishers to stop engaging in the practice.

However, advertisers can catch click spamming when it happens by looking for a simple pattern. During our investigations into the problem, we discovered that there was a clear difference in the way that genuine advertising clicks are distributed over time versus click spammers.

For a genuine traffic source, clicks are attributed with a normal distribution. The precise shape and size of the distribution will vary from traffic source, but the pattern from a trustworthy source is essentially a hefty number of installs on hour one before a rapid tapering of performance.

Click spamming sources behave differently. Installs from a fraudulent source are distributed flatly, because the spammer can trigger the click but not the install. Therefore installs (and click to install times) will follow a random distribution pattern.

This means that it is possible to weed out click spammers after the event. But by refusing to attribute installs to traffic sources that claim traffic with a flat distribution, advertisers can fight back against spammers.

Removing Spammers From the Data Set

Finally, once an advertiser can identify spammers they can begin to remove their influence from their data sets.

It’s hard to totally remove the influence of spammers from a mobile marketing campaign. Despite the fact that networks try their best to remove spammers from their offerings, the scope and scale of the mobile app ecosystem means there is always the potential for a spammer to find their way through.

So instead of trying to eradicate the problem entirely at the source, businesses advertising on mobile simply need to push back against spammers with the help of attribution. The simplest step (on paper) is to refuse to pay any spammer claiming traffic that matches a click spamming pattern.

That’s all on organics poaching for now. For more, head on over to our Expert’s Guide to Mobile Ad Fraud, and download the full ebook to learn more about different kinds of app fraud. Keep an eye out for the third in our series, on fake installs, which you can get straight to your inbox through our signup below.

Want more fraud content from the only solution to actively prevent it?