Mobile ad fraud is a real and growing problem

CEO of Mobupps, Yaron Tomchin: “We have been working with mobile fraud more than 3 years. In this case we would like to present the results of our test of 3rd party services and data of our partners. And of course, our main approach – fighting fraud!” 
Mobile ad fraud occurs where mobile ad impressions or click-throughs or conversion are triggered by a robot.This might be a piece of malicious code that is operating on a legitimate user device, maybe downloaded with a dodgy native app. Each time the ad is served/clicked or the conversion is happened the fraudulent ad network or fraudulent publisher makes money, even though no human has seen the ad. There are already several well-known varieties of mobile fraud, including device emulation, mobile user-agent and location spoofing, and fraudulent user-acquisition methods

Mobile ad fraud occurs where mobile ad impressions or click-throughs or conversion are triggered by a robot.

This might be a piece of malicious code that is operating on a legitimate user device, maybe downloaded with a dodgy native app. Each time the ad is served/clicked or the conversion is happened the fraudulent ad network or fraudulent publisher makes money, even though no human has seen the ad. There are already several well-known varieties of mobile fraud, including device emulation, mobile user-agent and location spoofing, and fraudulent user-acquisition methods

Fraud has one goal – to sell poor traffic as a real high quality one

According to a new report from IAB, as much as $1,3B of that advertising money is being lost to fraud. Mobile app install and engagement fraud carries a cost of $350m for advertisers globally. Moreover as statistics show the last 6 months the tendency of mobile fraud has increased by 10%

App install and transaction fraud Worldwide.Which countries already at risk?

According the Appsflyer research the most targeted region by fraudsters, the countries with the highest rates of app install and engagement ad fraud, when factoring for mobile population, are: Australia ,Germany, Canada, China, and the U.K., followed by the U.S., Russia and France.

jjjj

The research shows that the Countries with the highest CPA and CPI payouts have a higher fraud rate, while regions with low payouts – have a lower fraud rate (Indonesia, India, Brazil, Vietnam and Thailand). In addition to the potential payout, market size, inventory control and level of sophistication can also play a role in a fraudsters decision whether to target a market or not.

iOS vs Android

Android devices are more prone (up to 50%) to advertising fraud than iOS devices, according to AppsFlyer. The exception is China, where iOS devices exhibit higher advertising fraud due to having greater ad payout rates. Even more The market of Android in China does not exist.

Although its harder to perpetrate fraud on IOS, Apples OS is not fraud-free, Higher CPI and CPA payouts on IOS provide fraudsters with added incentive to defraud the system.

Newer iOS versions have lower fraud than an older operating system. The data also shows that recently-released IOS 10 has a very low fraud rate.

Average fraud level

One-third of the total number of mobile fraud is occupied CPI campaign’s — 33%. CPI campaigns are the de-facto standard in mobile advertising. Mobile users spend 80% of they time in apps and download billions apps per year. This is very developing market thus fraudsters target such campaigns and find ways to hack the tracking systems.

Second place was shared almost between Mobile CPA(22%) and Leadgen email submit (27%). CPA simply involve having a robot program doing all the actions needed to qualify. Also, like CPA, there are ways in which providers can commit fraud by manufacturing leads or blending one source of lead with another (example: search-driven leads with co-registration leads) to generate higher profits.

Comparing desktop ecommerce and Mobile ecommerce more fraud prevention is Mobile ecommerce.

lllllllllllllll

Type of fraud

1)VPN Usage (Proxy: VPN / Proxy / Server Hosting)

 

Conversions originating from a proxy, a VPN or from known Cloud infrastructure providers such as Amazon, Azure or Digital Ocean when the ratio of these conversions passes a dynamically adjusted threshold. Proxies are used to fake a new user identity and are generally suspicious. We allow a certain amount of proxies but in the case of rejected conversions this ratio has been higher than allowed.

 

The research of 24 Metrics shows that at the q3 2016 in Norway – 11% of all fraudulent conversions which were made on the 24 metrics platform were VPN.

Thats mean that advertisers are buying Norway traffic, and as a result is obtained low-quality traffic due from fake users identity (maybe the users from Vietnam.

The second place belongs to United States – 7% and third is China – 6%

kkkkkkkkkkkkkkkk

 

  1. Click Spam

Basic signs of click fraud:

Rapid increase in CTR and decrease in CR.

Clicking of ads by audiences which already visited the resource earlier.

Click spamming sources behave differently. Clicks from a fraudulent source are distributed flatly, because the spammer randomly claims installs throughout a campaign’s attribution period, making it appear as if the same number of installs are being generated each day.

This means that it is possible for advertisers to weed out click spammers after the event. By refusing to attribute installs to traffic sources that claim traffic with a flat distribution, advertisers can fight back against spammers in the long run

Click spam fraud is growing rapidly. According the data from 24 Metrics the Click spam fraud has tripled in Q4 2016 comparing to Q3 2015.

iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii

 

 

3) Abused IP/Duplicate IP/ IP pattern

IP Pattern 

IP patterns coming from the same Host Sub Network or DSL Point. This type of IP patterns are used by Server Farms or by users resetting their DSL Modems to generate a new IP address to pretend that they have a new identity. This is unwanted traffic.

Duplicate IP 

Occurs when multiple conversions from the same IP-Address have been made. A unique IP represents a household or a unique computer connected to the INTERNET at a given time. The filtration works across partners / affiliate sources detecting partner hopping.

4) Bot installs and emulators of in app activity

This type of fraud is the most common fraud version where people or bots fake actual installs.

There are many kinds of install fraud

Postback Install FraudThis is the first type of install fraud. It means ‘stealing’ a particular postback of an advertising offer and later false creation of an install on a CPI platform and sending it to an advertising.

Bot Install Fraud-Install fraud is the biggest issue with modern performance advertising. This is what people usually mean when talking about fraud in mobile. This is a kind of traffic which emulates activity and tries to mimic live users as closely as possible.

  1. Incentivized traffic: Significant part of installs come through incentivized traffic; i.e. the end users get incentives to complete install offers. These incentives come mostly as virtual currencies which the users can later use inside the originating app or can redeem for tangible rewards. Advertiser pay for non incent traffic but get blended or pure incent traffic instead.

  1. Impressions fraud– is a common issue for all advertising networks which acquire direct inventory on CPM model and in particular on fixed CPM. This also concerns all media buyers which purchase traffic under the same model through various DSPs and networks. The main fraud case here is driving up the number of ad impressionsThis means that both in dashboard and in bills the advertisers sees non-existent impressions of the ad while real users never really seen it. It is possible to fight this kind of fraud by monitoring the СTR/СR and the level of eCPM and also to track post-install actions of attracted users.

  1. session time – – Conversions with abnormally short conversion times are users with little or no interest in the product such as in the case if incentivized traffic. These can also be bot generated.

8)User Agent Pattern  -The ratio of data is non organic and made by a script or by manual hand entries using the same or similar machines. Identifies patterns relevant to the User Agent (including spoofing, bots etc).

Best practice to fight fraud

1) Monitor CR/CTR and Track post installs events – You should monitor users behaviour and track any deviations.If you observe strange coincidences like older app versions, low conversion rates or high uninstall rates then prepare yourself to fight against ad fraud.

3) Use Black list fraudsters sources. Look for high standards in the relation with partners. You need to create a list with reliable collaborators ( white list) because this will reduce the risk and list with bad partners (black list)

3)Use fraud 3 rd party fraud detection technologies

4) use 3 rd party trackers reports like appsflyer fraud report and adjust fraud report that are available on dashboard for clients for free.

5) Use white list of IP’s and security tokens

6) Try to avoid or Untarget low OS

  1. Compare to itunes/google play in real time – you can check real revenue or user engagement here and compare it with your tracker or ad network to make sure you are not getting fool.

Yaron Tomchin, Deputy CEO of Mobupps “For many fraud risk is important reason to turn away from certain adv activity. However, its possible to fight fraud now
effectively. Companies need apply the above techniques for prevention, detection and elimination mobile ad fraud by using 3rd party services, checking analytics and basic security measures. I hope that using all this aspects will allow advertisers to decrease mobile fraud and will make the mobile market more honest, civilized and transparent. Lets fight together and clean the market!”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>