Blog Unmasking the many faces of mobile ad fr...

Unmasking the many faces of mobile ad fraud

In mobile marketing, every penny counts. Marketers are already juggling tight budgets–trying to spread them across various channels and strategies to their targets and beat the competition. The last thing you need is for that strategic ad spend to end up in the hands of tricky fraudsters.

Dealing with mobile ad fraud is a curveball nobody asked for, yet it's a challenge we have to tackle head-on. This means getting smart about sniffing out and sidestepping fraud, so you can keep your focus on connecting with your audience and making your brand shine.

What is ad fraud?

Ad fraud is a deceptive practice where cybercriminals manipulate advertisements for financial gain by falsifying impressions, clicks, and conversions, among other events. Essentially, ad fraud represents a concerted effort to exploit digital advertising ecosystems for the purpose of financial gain, undermining the integrity of online marketing efforts and causing significant losses to advertisers.

For mobile marketers, this means spending money on ads that aren't really being seen or interacted with by actual people. In a nutshell, fraudsters trick advertisers into paying more money than they should. It's like thinking you've sold out a concert, but half the seats are filled with mannequins instead of real fans.

How does ad fraud work?

Scammers employ various tactics to simulate real user activity on advertising platforms. By creating the illusion of genuine engagement, these fraudsters deceive advertising networks into rewarding them financially for what appears to be legitimate traffic and interaction. This can be done manually, by humans, or by bots.

Human ad fraud involves individual people, often at install farms, creating fake ad engagements. These fraudsters will click on ads and install apps to generate the activity for which they will be paid. This process can be repeated–and the device IP address changed–to make it appear as though many different users are installing a particular app.

Install farms are real locations where real devices are used to manually generate installs.

Bot ad fraud, on the other hand, uses automated software programs or "bots" to mimic human behavior online. These bots can generate large volumes of fraudulent engagements without any actual human engagement. This means fraudsters can operate on a massive scale, affecting vast numbers of ads and significantly skewing performance data.

Core types of ad fraud scammers use to make money

Just as legitimate businesses diversify their strategies to reach different markets and achieve various goals, fraudsters use a multitude of approaches to exploit the online advertising ecosystem. As mobile marketing technologies and strategies evolve, so do the tactics of these digital deceivers. For example, as connected TV (CTV) has become a more prevalent advertising platform, so, too, has CTV ad fraud become more widespread.

Here are two of the core tactics fraudsters use to make money, along with their subsets.

Approach #1: Fake engagements (clicks)

There are two primary types of click fraud: Click spam and click injection fraud.

What is spam clicking?
Click spam, also known as click flooding, is a form of digital ad fraud where fraudsters execute fake clicks on ads on behalf of a user's device without the user's knowledge, consent, or intent.

But how does this work? A user sees an ad, clicks on it, and lands on a web page or app operated by a fraudster, who can then execute ad clicks in the background that are not visible to the user. In some cases where the app is constantly active–such as memory cleaners and battery savers–clicks can be generated at any time.

This not only gives revenue to fraudsters but also makes datasets unreliable. This unreliable data may create a negative loop, whereby you invest more in campaigns that were nowhere near as successful as you have been led to believe.

There are two primary subsets of click spam: Cookie stuffing and ad stacking.

What is cookie stuffing?

Cookie stuffing, or affiliate cookie stuffing, is when fraudsters exploit the process of cookie tracking by adding code to a user’s browser that indicates that a user has visited a particular website, falsely attributing the click to an affiliated partner.

What is ad stacking?

Ad stacking is a form of mobile ad fraud where multiple ads are layered on top of one another within a single ad slot. While only the top ad is visible to the user, a click is generated for each ad in the stack, charging advertisers all of these clicks.

What is click injection?

Click injection is a type of mobile ad fraud specific to Android devices, where fraudsters trigger a false engagement just before an app install completes in order to claim credit for the install.

This form of fraud exploits Android's broadcast system. When a new app is installed on an Android device, a signal is sent to other apps. This system exists to create a better connection between apps on the user’s device to, for example, make use of deep linking or streamline the login process.

Approach #2: Fake installs

SDK spoofing is when fraudsters create fake installs that appear to be legitimate by using real device data. This is known as a ‘man-in-the-middle attack’. A fraudster breaks open the SSL encryption between the communication of a tracking software development kit (SDK) and its backend servers to generate a series of test installs for the targeted app.

Once the fraudster has learned which URL calls represent certain in-app actions (events), they can test the dynamic parts of the URL to generate fake installs. Once the fraudsters have this information they can repeat the process indefinitely.

How to prevent ad fraud with Adjust

Having a clear understanding of campaign performance and pinpointing high-value users is crucial. However, the pervasive issue of fraud can leave marketers in the dark, uncertain about which strategies are paying off and which users deserve the majority of their attention.

Addressing these challenges is essential to allocate resources more efficiently. This can be done one of two ways:

  1. Reactive: Ad fraud detection identifies what has already happened so that you can accurately assess campaign performance.
  2. Proactive: Ad fraud protection prevents fraud from happening in the first place.

Both of these can be done with Adjust’s Fraud Prevention solutions. Adjust proactively rejects fraudulent installs in real-time before you pay for them, allowing you to confidently analyze your campaign data knowing it is reliable and free from distorted data.

We dive deeper into the intricacies of these approaches to ad fraud, and our proactive ad fraud solutions, in our ebook: The Adjust guide to mobile ad fraud.

If you’d like to learn more, you can also schedule a demo to see how Adjust can help take on the burden of fighting ad fraud so that you can focus your time and energy on making your campaigns shine.

Be the first to know. Subscribe for monthly app insights.