It is legitimate to ask the question: is not fraud prevention a simple game of cat and mouse?

In reality, the answer is yes. This has even become evident in daily fraud prevention work. If you activate one of the filters in the Adjust fraud prevention suite for the first time, it is likely that you will immediately capture a certain volume of suspicious attributions.

Over the next few minutes and hours, the volume of suspicious assignments drops rapidly. The explanation is quite simple, the fraudster noticed that he no longer gets credit for these application installations, automatically increasing his CPI (Cost per installation). Once this happens, the financial interest in the fraudster diminishes, so he naturally decides to redirect his attention to other campaigns and other applications.

This example shows how crucial it is to stay abreast of the latest mobile fraud techniques.

Through this article, we want to examine two common types of click fraud on mobile phones – “click spamming” as well as click injection.

‘Click Spamming’: How fraudsters get organic users

There is a special technique allowing the fraudster to take advantage of organic users. This type of fraud, called “click spamming”, occurs when a fraudster attributes clicks to users who did not create them. It starts when a user lands on a mobile web page or in an application operated by a fraudster. From there, any type of click fraud can take place:

  • The mobile web page may run background click fraud without visible advertising or with which you can interact.
  • The spammer can start clicking in the background while the user signs into their application, giving the impression that they have interacted with an advertisement.
  • The fraudulent application can generate clicks at any time if it uses an application that runs in the background 24/7 (for example, launchers, memory cleaners, battery savers, etc. ).
  • The fraudster can send impressions by clicks to give the impression that a view has been converted into an engagement.
  • Spammers can send clicks of identifiers from invented devices to tracking providers.

What unites these approaches to mobile click fraud is that a user does not realize that they have been registered to interact with an ad. This is because in reality, they have never seen anything. As a result, the user can install an application organically, but a fraudster claims to have seen an ad, which means that the conversions will be attributed to a source unrelated to the installation.

The impact of ‘Click Spamming’

‘Click spamming’ is insidious because it essentially captures organic traffic, unknowingly marks it, and then claims credit for the user. This has serious consequences for an advertiser, the most obvious of which is paying for an organic installation.

Not only is this expensive for advertisers, but this type of mobile click fraud also has other effects:

Incorrect calculation of organic installations:

First, and in relation to the previous point, the fact that the advertiser does not know that he paid for an organic installation distorts a number of related statistics.

It therefore risks underestimating the number of organic users generated by the application, which affects both the internal analysis of the cohorts and potentially the impact of marketing activities that can generate organic installations, such as ASO (app store optimization), brand strategy, and press relations, potentially cannibalized through spam.

Strategies for acquiring uninformed users:

Poaching of organic facilities also threatens the certainty of strategic acquisition decisions. If an advertising network claims organic users and these users perform well within an application, the advertiser will obviously decide to invest in this channel to acquire more users of the same type. This creates a vicious circle in which the advertiser continues to pay for ad networks for organically acquired users until they realize the error.

‘Click spamming’ can affect decisions across the business. While these organic users are undoubtedly of good quality, their presence in the paid acquisition cohorts will prompt a marketer to pay for advertising in other channels that target these groups. This is despite the fact that these groups could well download the application in question without the need for an advertisement, which means that the advertiser wastes time and money in searching for users who can be targeted by another way.

The most reliable channels suffer from this situation:

Advertisers’ investments will be made at the expense of other channels. Campaigns without fraudulent conversions will appear to perform less well than stolen organic users. The missing return on investment on relatively low fraud channels represents a cost for the advertiser: while it could have invested in chasing cohorts of promising users, its budget is monopolized by fraudulent channels.

‘Click spamming’ may seem like a minor issue, but if it’s not caught early it can seriously poll your application’s attribution efforts.

How can “click spamming” be detected?

It’s impossible for advertisers to fight ‘click spamming’ directly, as it’s up to publishers to stop engaging in this practice.

However, advertisers can detect “click spamming” by looking for a specific model. During our investigation of the problem, we discovered that there is a clear difference between the distribution of genuine ad clicks over time and that of spammers.

For an authentic traffic source, clicks are attributed with normal distribution. The precise shape and size of the distribution will vary from one traffic source to another, but the model of a reliable source is essentially made up of a considerable number of installations in the first hour before a rapid decrease in performance .

The sources of “click spamming” behave differently. Installations from a fraudulent source are distributed flat, because the spammer can trigger the click but not the installation. Therefore, installs (and the times between clicks and installs) will follow a random distribution model.

This means that it is possible to eliminate spammers after the event. By refusing to assign facilities to traffic generating traffic with a flat distribution, advertisers can fight spammers. That said, we find that fraudsters are venturing into other techniques as fraud prevention becomes more common.

Click injection: How fraudsters use installation broadcasts to their advantage

Click injection is a sophisticated form of “click spamming”. By releasing a low-effort Android app that uses so-called “installation broadcasts”, scammers can detect downloads of other apps on a device and trigger clicks just before the end of the installation. In this case, the fraudster will receive credit for (usually organic) installations accordingly.

To put it simply, fraudsters using click injection tools use an unwanted application to hijack the user’s device at the right time – and with the right information – to create a legitimate, seemingly legitimate “advertising click”, and thereby obtaining cost of installation payments.

False advertising interactions do not only divert the advertising budget that could have reached more prospects. Worse, such conversions make marketers mistakenly believe that some paid campaigns are more successful with users than they actually are.

Marketing data becomes polluted: the conclusions drawn by the figures that marketers use are based on data containing systematic inaccuracies. This can mean that advertisers continue to invest in relatively ineffective ads, using potentially better placed and better designed campaign funds.

If you run a lot of cost-per-installation campaigns on several different ad networks, especially in high CPI markets like the United States, you have a higher risk of exposure.

How can Adjust help you?

In February 2019, we announced a new standard in the fight against mobile advertising fraud: it is called “Validation of clicks by proof of impression”. This click validation standard encourages ad networks to send impression data with a single identifier that matches user clicks. Since the beginning of the year, it has been an essential requirement for members of the Coalition Against Ad Fraud (CAAF) network, a sectoral alliance founded by Adjust to fight against mobile advertising fraud.

Other industry players are being asked to do the same, creating more transparency and uniting their efforts to prevent fraud within the ecosystem.

By sending a print request before the click, it will finally be possible to check whether a matching commitment has been made by the same device: enough to provide a more precise attribution and a reduction in the waste of the budget going to advertising fraud.

To learn more about how to fight mobile fraud, download our latest ebook.