20% of ad clicks on average are frauds

Don't pay for clicks generated by bots, competitors
or uninterested clickers

AdFrauds in m-commerce

TrafficWatchdog team

10.11.2021 r.

ad frauds, m-commerce

AdFrauds in m-commerce

source: own elaboration

E-commerce, i.e., online trade, is a branch of the economy that has been steadily gaining importance in the last dozen or so years. This was especially noticeable in the last 2 years, and thus the coronavirus pandemic. But saying that sales have moved online is definitely not enough. More and more often we shop online not on computers but on smartphones and tablets. This led to the need to separate the m-commerce subcategory from e-commerce. It applies to purchases made via mobile devices and requires the use of other tools (such as more and more often dedicated applications) and marketing efforts. Unfortunately, this doesn’t mean that it is less exposed to AdFrauds than traditional online trading.

What is m-commerce?

Quoting the definition of M. Macutkiewicz, m-commerce is ‘access to commercial services offered within e-commerce through a mobile phone and other mobile devices’. This department was naturally separated from e-commerce due to the increasing number of purchase transactions concluded via mobile devices. Effective e-marketing conducted in the Mobile channel requires entrepreneurs to use other strategies and tools, but thanks to it their offer may be available to consumers regardless of where they are located.

What is Mobile AdFraud?

Mobile AdFrauds are scams related to advertisements displayed on mobile devices. The tools used by fraudsters include emulators that allow you to create virtual devices, VPN proxy tools (they make the Internet connection go through a selected private VPN server, not through an Internet Service Provider (ISP), so that the data sent comes from the VPN network, not from devices), malware (such as BOTs and applications), or device farms.

Of course, there are many types of AdFrauds in the Mobile channel and in order to clearly discuss them, we must adopt certain division criteria. Such a criterion could be the place where the fraud occurs - on its basis, a division into frauds carried out in web browsers placed on mobile devices (Mobile web) or those taking place in applications (Mobile app) can be introduced. However, the most common method of division is based on the criterion of how fraudsters operate - using it we can distinguish 2 main categories of AdFrauds in the Mobile channel: attribution hijacking and fake installations.

Attribution Hijacking

Hijacking scams are based on real users and allow fraudsters to wrongly attribute to themselves activity generated by another traffic provider or simply organic traffic, i.e., users who wanted to become an advertiser’s customer on their own. Fraud in this group can be divided into those using click flooding (or click spamming) and those that take over installations (Install hijacking).

Click flooding, otherwise known as click spamming, is fraudulent activity involving the use of fake clicks to manipulate attribution conversion flows. Fraudsters use malware installed on the device to inject clicks at various points in the user’s path. Such mass clicks are sent from an infected device or by impersonating such a device to a given attribution company. They can be sent randomly or relate to strictly selected advertisers, and in more advanced forms even generate clicks related to the interests of device users (and thus increase the chances of conversion). Fraudsters hope that some part of the clicks will turn out to be hit and that attributions generated by another publisher will be assigned to the fraudster thanks to the fake click.

However, taking over the installation (Install hijacking), also known as Click Injection, is a bit more complicated. Fraudsters place malware on the device and then use installation broadcasts to find out when certain apps are being installed. When such an installation is detected, fraudster injects its fake click right after the download but before the first launch of the application, thanks to which it appears as the last one in the attribution path and let fraudster take credit for the user downloading the application.

Fake installations

While in the case of attribution hijacking scams at least the user and installations are real, the fraudulent installs fake the entire conversion path. Impressions, clicks, installations, in-app events and even users are therefore fake and of no value to the advertiser. These types of scams can be divided into those using device farms and BOTs.

Device farms are locations full of real mobile devices where real ads are clicked or real apps downloaded. The problem is that thanks to IP spoofing and fresh device identifiers, such activity is repeatedly performed on the same device. Of course, an unaware advertiser pays for each false attribution. The latest trends don’t even require a device farm to have a location - they work remotely.

On the other hand, we have BOTs - malicious, automated programs that run a specific program or action such as sending clicks, performing installations and events in the application pretending to be a user, sometimes even without using a physical device. More technologically advanced BOTs perfectly imitate human behavior and can modify them to pretend different users and fake their activity in applications. Thanks to this, BOTs are often used in scams concerning campaigns settled in the CPA (cost per action) model. Recently, you can also notice the FAAS (Fraud As A Service) trend - fraudsters offer their BOTs to other users for a fee - they can play for the player, collect resources in the game, pass levels, etc.

One of the newest and most technologically advanced forms of using BOTs in scams is SDK Spoofing, also known as SDK Hacking. Fraudsters first add their code in the applications of the advertiser or attribution company with which they cooperate and „overhear” on the communication that takes place between them (what data is transferred, how, how often, in what form etc.). They then replicate and mimic them by pretending to be the attribution process, thus simulating actual installations and events in the application. The job of such BOTs is to convince the advertiser and/or the attribution company that attributions that didn’t actually take place have occurred.

The above-described examples of frauds in advertising for mobile devices are just a drop in the ocean - fraudsters are constantly working on new ways to trick advertisers. The effects of such unfair practices are not only wasted advertising budgets and distorted statistics, user data and brand images are also exposed, so if you advertise your products or services using the Mobile channel, be sure to take care of security.

Contact us

in order to present me a product offer and for marketing purposes. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer information, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

within the meaning of art. 10 paragraph 2 of the Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204) to the provided e-mail address and telephone number. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer informations, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

in relation to the phone number and email address I have provided for direct marketing purposes by Spark DigitUP Sp. z o.o., owner of the TrafficWatchdog.pl