Types of mobile click fraud: Understanding click spam and click injection

Andreas Naumann

Sep 27, 2019

We often get the question: isn't fraud prevention a bit of a cat-and-mouse game?

And, in reality, the answer is yes. Even in our regular, day-to-day fraud prevention work, this is obvious. As you turn on any of the filters in our Fraud Prevention Suite for the first time, our filters will immediately identify and reject fraudulent activities from attributions.

But as the days and weeks pass, the volume rapidly drops. This is a mouse caught in the open when the light goes on. The fraudster will notice they’re no longer given credit for installs, causing their CPIs to plummet. Once this happens, they will redirect their attention to other unprotected campaigns and apps, so it’s important to stay educated about the various fraud methods.

In this article, we’ll take a look at two common types of mobile click fraud — click spam and click injection — and how we filter them.

Click spam: How fraudsters poach organic users

There’s one particular technique by which fraudster poach organic users. Known as click spam, this type of fraud happens when a fraudster executes clicks for users who haven’t made them and claim credit for random installs the user made. It starts when a user lands on a mobile web page or in an app which a fraudster is operating. From there, any one of several kinds of click fraud could take place:

  • The mobile web page could be executing mobile click fraud in the background without visible ads, or ads which can be interacted with.
  • The spammer could begin clicking in the background while the user engages with their app, making it look as though they have interacted with an advert.
  • The fraudster app can generate clicks at any time if they use an app that is running in the background 24/7 (e.g. launchers, memory cleaners, battery savers, etc.).
  • The fraudster could send impressions-as-clicks to make it look as if a view has converted into an engagement.
  • The spammer could blatantly send clicks from made up device IDs to tracking vendors

What unites these approaches to mobile click fraud is that a user is not aware that they’ve been registered as interacting with an advert. That’s because in actual fact, they never even saw anything. The impact of click spam is that the user may install an app organically but a fraudster will claim they’ve seen an ad — meaning the conversions will be attributed to a source that had nothing to do with the install.

The impact of click spam

Click spamming is insidious because it essentially captures organic traffic, which, when not checked by a preventative system, will be falsely attributed to the tracker of a paid channel and thus allows the fraudster to claim the credit for these installs.

This has a few important and profound effects on an advertiser, the most obvious of which is that they unknowingly pay up for an organic install.

Not only does this cost advertisers their ad spend, but there are a few more serious consequences to click spam, too:

Miscalculating organic installs:

The fact that the advertiser does not know that they’ve paid for an organic install skews a number of interrelated metrics.

Organics poaching causes miscalculation of the number of organic users that the app is generating, which affects internal cohort analysis. It can also underplay the impact of marketing channels that could generate organics — such as ASO, branding and press outreach — which have potentially been cannibalized through the click spamming.

Misinformed UA strategies:

Organics poaching also threatens the certainty of acquisition decisions. If an advertising network is claiming organic users who perform well within an app, the advertiser will obviously decide to invest in that channel to acquire more of the same type of users. This creates a circular problem, where the advertiser continues to pay someone else for the users they would have already acquired naturally (or through other marketing channels) until they realize the mistake.

Click spam has the potential to affect targeting decisions across the whole business. While the falsely attributed organic users will undoubtedly be good quality, their presence in the paid acquisition cohorts will tempt a marketer to pay for advertising in other channels that target these groups. This is despite the fact that these groups might well download the app in question without the prompt of an advert at all — meaning that the advertiser wastes time and money chasing users who could be reached in other ways.

More reliable channels will lose out

These investments will be made at the expense of other channels. When click spam goes undetected, campaigns that are largely unblemished by fraudulent conversions will appear less performant compared to the campaigns with poached organics. The missing ROI on relatively fraud-free channels can pose an opportunity cost to the advertiser: they could have invested in chasing truly promising user cohorts, but their budget is tied up with fraudulent channels instead.

Click spamming might seem like a relatively small thing to deal with. However, if it isn’t spotted early, the impact of click spam can seriously pollute an entire app’s attribution efforts — leading advertisers astray and causing them to waste a significant amount of time chasing after users they’ve already acquired organically.

How can click spam be detected?

Advertisers can catch click spamming when it happens by looking for a simple pattern. During our investigations into the problem, we discovered that there was a clear difference in the way that genuine advertising clicks are distributed over time versus the clicks of the click spammers.

For a genuine traffic source, clicks are attributed with a normal distribution. The precise shape and size of the distribution will vary from traffic source, but the pattern from a trustworthy source is essentially a hefty number of installs on hour one before a rapid tapering of performance.

Click spamming sources behave differently. Installs from a fraudulent source are distributed flatly, because the spammer can trigger the click but not the install. Therefore installs (and click to install times) will follow a random distribution pattern.

This means that it is possible to weed out click spammers before the attribution by refusing to attribute installs to traffic sources that claim traffic with a flat distribution, advertisers can fight back against spammers.

Click Injection: How fraudsters use install broadcasts to their advantage

Click injection is a sophisticated form of click-spamming. By publishing a high-effort Android app that uses one of two distinct exploits to detect when other apps are downloaded on a device and trigger clicks after the user already made the decision to download and use an app. The fraudster will receive the credit for installs as a consequence, allowing them to not only poach organics but also installs that were driving by genuine advertising through a legit source.

Essentially, click injection fraudsters use an app to inject a click at just the right time to get CPI payouts.

Fake ad engagements not only siphon off advertising budget that could have reached more people. Worse, conversions such as these result in marketers inaccurately believing certain paid campaigns resonate better with users than they actually do.

The data becomes dirty: numbers-driven conclusions that marketers reach are then based on data that contains systematic inaccuracies. This can mean that advertisers continue to invest in advertising that is relatively ineffective, potentially diverting money from better-placed and better-designed campaigns.

If you’re running a lot of CPI campaigns on multiple different ad networks, especially in higher-CPI markets like the U.S., you have a higher risk of exposure. Here, fraudsters typically abuse a number of different ad networks.

How is Adjust preventing click injection fraud?

We announced our click injections filter at the end of 2017, showcasing our new method of fighting fraud. The capability is only available as part of our fraud prevention suite. If you'd like to upgrade and begin to filter click injection fraud from your campaigns, get in contact with our sales team.

Remember, we're the only attribution solution on the market to actively filter this (and many other kinds of) fraudulent activity — and if you're concerned about its effects, you should talk to us about how we can help you.

In the meantime, our mobile fraud guide has more on click injections and the other most common types of fraud in the industry. We also have reading material related to ad fraud in China, various other mobile fraud examples and whether fraud gives your competitors an advantage. Or check out our common sense approach to mobile ad fraud to get started.

Want to get the latest from Adjust?