The Unique Battleground of Mobile Fraud

Source: Pexels

The following is a guest contributed post from David Sendroff, CEO, Forensiq by Impact

Ad fraud is an issue known to almost every digital advertiser and agency, thanks in large part to industry-wide efforts to educate the buy side and combat the issue. In fact, bad actors stole more than $6.5 billion from advertisers in 2017, according to the Association of National Advertisers. Now a new study conducted by Forrester for AppsFlyer found that mobile app marketers were exposed to between $700 million to $800 million in ad fraud in Q1 2018, an increase of 30% compared to the same period a year ago. The data points to the share of fraudulent app installs increasing by 15%.

Surely, as more ad spending is poured into mobile formats, we see the nature of ad fraud is changing dramatically. However, while many marketers have come to understand the issue from a desktop perspective over the last few years, the mobile platform presents bad actors with a completely different way of defrauding advertisers, app makers, and consumers alike.

An industry-wide lack of understanding of this unique landscape has created an environment ripe for fraudsters. Bad actors gravitate towards less-understood channels and take advantage of their complexities and the industry’s knowledge gap to defraud advertisers. Accordingly, mobile is the new battleground.

Bad actors perpetrate fraud in the mobile world with far more sophistication, which makes it crucial that everyone involved in the ecosystem make themselves aware of what fraud looks like and how it works. Here is a look at two categories of fraud in which we are seeing new variations of mobile in-app fraud emerge:

Impression Fraud

Fraud happens on mobile devices for many of the same reasons it happens on desktop. Programmatic technology, or the automated process of moving an ad from purchase to delivery, certainly plays a role in making mobile environments vulnerable to fraud.

Impression fraud occurs when fraudsters inflate the number of apparent users their apps attract, the number of ads they deliver to a given user, and the price they can demand per ad. And while the fraud techniques that are pervasive on the desktop web are also pervasive on the mobile web, in-app environments pose different threat levels. Since an app (unlike a web-page) is a discrete piece of software capable of altering a user’s device (e.g., by preventing it from sleeping) and reporting personal data (e.g., the user’s geographic coordinates), in-app environments are quite distinct from either desktop or mobile web. Therefore, the new types of fraud that are popping up are unique to the in-app environment.

Bad actors can run armies of fake devices, known as device farms, to make it seem like they have far more real users than they do. They can also program apps to request ads at much higher rates than normal, hijacking legitimate devices to transform them into impression-generating machines that hide the majority of impressions from view. Finally, to increase CPMs, fraudsters will use fake metadata, such as falsified location information, to deceive programmatic buyers into thinking that their app is desirable or that their app visitors (whether they are real or fake) are high-value users.

In order to evade detection, fraudsters use a number of spoofing tactics, in particular spoofing the device and app information. This allows the fraudster to fake or misrepresent the device information sent through a bid request, or make it appear that the fraud is coming from another app.

Install attribution Fraud

The impression fraud described above bears similarities to desktop fraud. But mobile is different in that marketers are often trying to get new users to install an advertisers’ app directly onto a device, and the install market grew to $7.6 billion in 2017, according to eMarketer. Attributing this success is a huge part of the performance marketing landscape, and it creates an opportunity for fraudsters to capture some of this growing market.

In a typical customer conversion path, the consumer is exposed to a number of touchpoints before making an install. Attribution models decide how much credit to allocate to each touchpoint for driving the app install. Install attribution fraud is when unscrupulous partners or affiliates receive credit – and the associated revenue – even though they played no part in driving the app install.

They’re able to do this because many advertisers still focus on the simplest of models: last-click attribution. The fraudsters inject a fake click event into the user’s conversion path, ideally right before the install, so that they receive credit and steal revenue. Bad actors are even able to take credit for organic installs – those that happen without the user being exposed to a branded message – something the advertiser others would not have had to pay for.  

Advertisers can do a few things to protect their brands against mobile ad fraud. First, they can educate themselves, and demand clarity and transparency from their ad tech providers and fraud vendors, in particular. That means asking the right questions such as: Do they have a track record in handling mobile fraud? Do they examine the entire marketing funnel for fraud? Are there viewability measurements based on valid human traffic vs. invalid or automated traffic? And are they looking at all types of spoofing such as device ID, location, and hardware spoofing, for starters. Those are just a few of the questions advertisers should be asking.   In addition, advertisers need to monitor incoming traffic and ad data to ensure humans not bots are viewing ads. Establishing a cross-device strategy is also important because most of us use three or more different devices.