Geolocation Ad Frauds
source: own elaboration
Geolocation, i.e., the process of determining the geographic location of objects or people, most often using GPS or the device’s IP address, is a very useful tool in marketing. For some companies, especially local businesses, it is factor of great importance in creating marketing campaigns. Unfortunately, the correct determination of the location of the recipients of marketing communication isn’t easy at all - the barrier here are both technological solutions (which are often underdeveloped or inaccurate) as well as the consumers themselves, who don’t want to share data about where they are - and this isn’t the only problem of marketers using geolocation ... The associated advertising frauds are unfortunately very common, and their impact on the success of a given campaign can be huge. As a result, according to Location Sciences, as much as 65% of all views generated in geotargeted campaigns misses the target, and 30% to 80% of the funds allocated to them are wasted on inaccurate, low-quality or false location data.
How is geolocation done?
There are many ways to determine the location of a user or device, the most common methods for this purpose are:
- IP geolocation – determining the location by the IP address of the device. It is worth mentioning, however, that the IP address itself doesn’t provide any information about the physical location of the device to which it is assigned - the geographic location is determined thanks to databases, including address databases, and the process itself consists in comparing the geographic coordinates of a given IP address with information contained therein and determining the location of the device. Such a comparison of information often allows you to assign a device to a given country, state, city or neighborhood, but it won’t let you know its current location. So, it isn’t a very accurate solution. In addition, the IP address of the device can be easily spoofed or hidden - some devices don’t use their real IP address - for example those using the VPN service (then only the IP address of the VPN server will be visible, which can be located in a completely different place).
- Geolocation based on GPS receivers (and related satellite systems) – allows you to determine the geographic location thanks to the GPS receiver in the device and the position of the satellites (sometimes it is also supported by the knowledge of the position of other objects). However, this form can only be used for devices with a GPS receiver or other similar solutions.
- Geotracking – allows you to determine the user’s location at a given moment by using his smartphone or other device with GPS. From time to time, the application asks the device for its current location or retrieves location data itself, for example when a given person launches the application or navigation on their device.
- Geofencing – works on the basis of GPS, GSM, Wi-Fi or RFID data, which is obtained by a special transmitter that sends information when a given user or device enters or leaves one of the designated areas (POI). The application also receives information on the accuracy of the location determined - thanks to this, suppliers using geofencing have full control over the quality of data. However, the very implementation of this solution is difficult and costly - therefore only few advertisers use this technology.
Use of public WiFi networks – location data can also be estimated based on the proximity of known public WiFi hotspots, this is especially important if the user hasn’t consented to the use of location data or if the GPS signal is too low quality.
How do fraudsters fake the geographic location of recipients and devices?
False publishers tempted by better bids for recipients in a particular location may falsify data about their actual location. According to Location Sciences, such a situation occurs in as many as 29% of cases. How do they do it?
- Use of BOTs - scammers can not only pretend that the user is in a different location - they can also just pretend to be the user. BOTs, and therefore special programs pretending to be humans, can be configured to look like people from any geolocation. They can do this, for example, by providing false geographic information or by using the IP addresses of the proxy server rather than the device. In this way, advertisers will be forced to pay for the displayed ads not only to people located in a location other than the desired one, but also to recipients who don’t exist at all. And that’s not all - more technologically advanced BOTs can simulate not only views or clicks, but also various other manifestations of audience engagement - such as actions in the application, behavior on the website, filling out forms or even placing orders.
- Fake mobile devices (mobile emulators) - in this case, fraudsters don’t transmit the advertising message to many devices and thus users - instead they download and run applications on one or more devices simulating other devices. Applications that check the position of such emulators cannot determine whether the data is accurate or true - they must accept the information provided to them by the „device” as fact. So, they can pretend to be in any geolocation by simply providing false data. Let us add that the scale of the fraud here is huge - such emulsifiers can collect millions of views in a few minutes.
- Click / impression / device farms - usually located in Third World countries, clicks, impressions, likes or device farms are a common form of fraud, which by definition generates huge amounts of fraudulent traffic. Data from such farms will almost always provide false information about the recipient’s and / or device location.
- Falsification of location data about the real recipients of the ad - the frauds mentioned above were based on the assumption that not only the geolocation of the recipient of the message is false, but also the recipient, and even the device itself. However, we can also deal with another form of fraud - when the ad is displayed to real users, but located in a different location than the one declared by the fraudster. Such a scam assumes that although the fraudulent publisher has agreed to display the ad only to people located in a given location, in fact he sends a message to all users to whom he has access, thus inflating his statistics. Of course, he manipulates the data so that the traffic he obtains appears to come from a specific location agreed with the advertiser. This type of action will be especially popular in the case of applications for mobile devices, because they can provide any location in the inquiry - everything is declared, and the possibilities of verifying the information are very limited.