How fraudsters milk your programmatic advertising budget and what to do about it

Author: Steffen Meyer, Mobile Marketing Content Specialist

It’s so easy: Just upload your ad and the artificial intelligence will do the rest. This is the promise of programmatic advertising which has gotten very popular in the marketing world. While programmatic advertising is quick and probably even more accurate than doing everything manually, it opens up the doors for fraudsters who steal from advertising budgets.

These fraudsters use all kinds of tricks to falsely claim they are the reason for your app getting downloaded – and cash in on it. This way, they not only steal chunks of marketing budgets but as well skew statistics, making some campaigns appear more successful than others and thus luring marketers into a trap, feeding the ad fraud even more.

There are various estimates on how much is lost to digital ad fraud each year: The numbers range from 7 to 87 billion dollars per year, and some studies say 4% of every campaign budget is lost to fraud, some claim it’s up to 20%, when the budget is above 1 million dollars. Even though the numbers differ, they show: ad fraud is a problem.

Common fraud practices and how to defend your budget

So how do tricksters steal from your marketing budget and what can you do about it? There are some known common practices and ways to identify them, but since fraudsters change tactics and react to countermeasures, we advise you to get professional help to effectively defend your marketing budget against attacks. 

However, to get a grasp on the topic, it is good to understand the basic principles. So here are four common fraud practices and how to look out for them.

1. Click spam

What’s that?

When downloading an app, the last click on an ad counts for the download statistic and thus for payment. Fraudsters use this to their advantage and simulate lots of clicks, for example by running a fraudulent app in the background. 

This way, chances are high that the last click and thus the app download and the marketing money will be attributed to the fraudster. Additionally, users who downloaded an app without interacting with an ad before, will not be counted as organic, messing up valuable marketing data.

What to do?

This click spamming or „organic poaching” as it is sometimes called, leaves traces of dubious clicking patterns. If a tracking tool records an almost constant barrage of clicks, you can be very sure that there is fraud involved. So look out for these unusual stats.

2. Click Injections

What’s that?

This is a more refined version of click spam. By accessing Android’s „broadcast intents“, the fraudsters don’t need to spam clicks anymore but inject exactly one click before the install completes, receiving credit for the download and thus stealing from the marketing budget. Again, organic users won’t be counted as such.

What to do?

You can look out for clicks that happen just seconds before the download ends, since it’s rather unlikely that apps of 100 Megabyte will be downloaded that quickly. However, there are circumstances that make such a quick process legally possible. To filter out these errors, you need sophisticated methods provided by Mobile Measurement Partners (MMP) like Adjust, AppsFlyer, Branch or Kochava.

3. Fake Installs

What’s that?

Instead of stealing clicks as explained above, fraudsters here just claim app downloads that didn’t happen at all. They do so by using software that emulates devices and users which seemingly click on ads as well as download and open apps.

What to do?

For this type of trick, fraudsters use data centers or identity-masking servers, leaving so-called „anonymous IPs“. By filtering these IPs, you can prevent your data from getting polluted.

4. SDK Spoofing

What’s that?

Fraudsters perform a „man-in-the-middle-attack“ on the communication between the tracking software inside an app, the SDK, and its backend servers. By trial and error they test which communications signals correspond to what actions, like first opens or installs. Then they send out these signals to claim downloads and ad money.

What to do?

Since the perpetrators don’t emulate devices but use real device data, it is very difficult to stop this fraud. The MMP Adjust for example implemented a signature hash that should prevent fraudsters from copying communication signals.

Not the end of it

There are a lot more tricks, as listed here, and most probably criminals out there are inventing new ones already. To protect your budget and your data, it is best to have professionals on your side: drop us a line and get in contact with our experts.

So look for spam, don’t let them inject you, identify fakes and prevent spoofs. Read you soon.

💡 Knowledge sharing is at the core of what we do. Learn more about the app industry and discover useful resources by signing up for our newsletter or becoming part of our community on LinkedIn

Like this post? Don't forget to share it!

You may also like...