Mobile advertising has never been more popular than it is today. Global mobile ad spending will hit $230 billion this year with a growth rate of more than 20%.1 But as brands continue to shift their spending to mobile, fraudsters are trying to take advantage of this ecosystem. At Smaato, our top priority is to protect both mobile users and mobile investments, but we also want to help educate the market on the various types of fraud and how to fight it.
Mobile ad fraud is a scam committed by criminals that affects the entire supply chain: publishers, advertisers, and everyone in between. The methods used by fraudsters are increasingly sophisticated, as mobile ad fraud is conducted with the goal of evading detection to steal as much money as possible. The cost of ad fraud across all types of digital advertising totaled an estimated $19 billion in 2018.2
There are many different types of fraud, and often several tactics are used in conjunction to make detection more challenging. This blog post will look at the different types of mobile ad fraud out there that impacts publishers and advertisers directly. For a more in-depth look into this issue and how to combat fraud, download our new whitepaper: Understanding In-App Advertising Fraud.
Types of Ad Fraud That Hurt Advertisers
The most common forms of fraud involve invalid traffic (IVT). High-quality, data-rich traffic is what advertisers are paying for to make their campaigns a success. Fraudsters hope to mimic genuine traffic to earn money illegitimately. To make the traffic appear as authentic as possible, fraudsters often deploy several different tactics at once.
Ad Stacking: A fraudster’s app “stacks” multiple ads on top of each other, but only the top ad being visible. However, all ads, regardless of where they are placed in the stack, are paid for by the advertisers.
App Spoofing: A fraudster’s app sends a fake bundled ID to advertisers to misrepresent itself as a premium app. The ads end up appearing on a different app than what the advertiser paid for. In some cases, the app might not be brand-safe.
Bots: Automated bots come in all different forms. Some aren’t necessarily fraud, as general invalid traffic (GIVT) includes known data centers and search engine crawlers. Malicious bots can range from simple to sophisticated. They can be used for generating fake traffic, clicks, or installs.
Click Fraud: Malicious bots or human-operated “click farms” generate money from advertisers who pay more for ad spaces with high click-through rates or pay on a per-click basis. They mimic this behavior to collect payment. Another form of click fraud is click injection, in which over-permissioned Android apps trigger a click before the installation of a new app is complete. The fraudster then receives credit for the install with any relevant campaigns.
Retargeting Fraud: Bots imitate the behavior of interested customers to attract higher retargeting eCPMs across apps participating in the fraud. Malicious code generates traffic when a smartphone is not even being used. This inactive application “shows” ads that will not be seen by users.
Types of Ad Fraud That Hurt App Publishers
Not all types of fraud involve apps trying to cheat advertisers. On the other side of the spectrum are threats that affect legitimate app publishers. These threats often damage the user experience. Some of these tactics used include the following:
Auto-Downloads: A user is served a misleading ad that causes an automatic download to happen without the user’s intent. Typically, the download program is harmful.
Auto-Redirects: Here, a user is redirected to a page that resembles a known, reputable site. This deceptive page is used to install malware or steal sensitive data.
Crypto Miners: Even with cryptocurrency prices far lower than their peak, fraudsters serve up ads containing JavaScript code to mine for cryptocurrency. The users’ smartphones have their CPU and battery power drained.
Inappropriate Ads: Most reputable mobile advertising platforms don’t allow offensive ads (nudity, bad language, drugs, etc.), but some advertisers intentionally obfuscate these ads to avoid detection. This can have a damaging effect on the user experience.
Malware: An ad causes a user to download a harmful program. Malware can be used to steal sensitive data (e.g. phishing), hijack phone functions, or hold the device ransom. In other cases, malware might simply generate fraudulent traffic.
VAST Arbitrage: A disreputable DSP can earn more money by fraudulently reselling a won video impression in a display banner ad space. If they can resell that space for more than they paid, they make money. If they cannot resell the space, the ad will register an error and the DSP doesn’t pay anything.
How to Fight Mobile Ad Fraud
Fortunately, most in-app traffic is legitimate. However, fraud of any form and any scale is damaging to the mobile advertising system. As the incentives to commit fraud grow, fraud prevention methods have also improved. The best way to create a protected mobile marketplace is to take a three-pronged approach. A combination of in-house technology, expert staff, and trusted third-party vendors is needed.
Fraud of any type is a serious subject. While everyone is aware of the issue, not everyone wants to talk about it. However, we believe that open discussions about mobile ad fraud help the mobile advertising industry move forward and address this problem. When the industry works together to develop scalable solutions, such as the ads.txt solution for apps, real positive changes can be made.
11eMarketer, Sept. 2018 2Juniper Research, Sept. 2017