Unfortunately, mobile ad fraud is a rising concern. As ad spending within mobile apps grows, so too does digital ad fraud.
According to Adjust, mobile advertising fraud close to doubled between 2017 and 2018. For some businesses, fraud gobbled up around 80 percent of marketing budgets. It’s not surprising to see fraud appear as among the top marketer concerns in multiple surveys over the past six to 12 months.
But, not every form of fraud is the same. As Sun Tzu famously said, “Know thy enemy.” To be successful in fraud detection and prevention, it helps to know what’s out there.
Here are six of the most common types of mobile ad fraud today:
Short for invalid traffic, IVT is any traffic not coming from real users. Bots, spiders and crawlers are all IVT, but not necessarily malicious. Of course, in the realm of mobile advertising, IVT designed to look like human activity is a major problem.
Within the general umbrella of IVT are two general categories: GIVT (general IVT) and SIVT (sophisticated IVT). GIVT is highly transparent about its non-human origin; Google’s spiders that crawl the web to determine organic search rankings is a good example. SIVT is designed to appear human-like, often for nefarious purposes.
Also sometimes called click sniping, click injection is particularly prevalent in campaigns measured through last-click attribution. In fact, the mobile measurement experts at Adjust found it to be the second most common type of app install fraud. For brands running app install campaigns for user acquisition, fraudulent app installs coming from click injection is a major problem.
So how does it work? Essentially, when a user takes a final action that an advertiser is ultimately paying for, a fraudster swoops in to inject themselves between point A (the final clicked ad) and point B (the final desired action, like an app download). Since advertisers only pay the ad networks or exchanges responsible for a final action, fraudsters use click injection to take credit (and the rewards) of the final click they did nothing to actually drive legitimately.
With click spamming, fraudsters send a whole bunch of fake reports in the hopes that one of them is accepted as legitimate. Like a denial-of-service attack, the goal with click spamming is to simply overwhelm the anti-fraud systems in place. It’s also sometimes known as click flooding, and it accounted for 16 percent of all app install fraud observed by Adjust between 2017 and 2018.
In this type of fraud scheme, multiple ads are displayed all at once, one on top of the other. This allows an unscrupulous publisher or other involved partner to say that they technically served an ad and should receive payment for serving said ad, even though the ad was never technically visible. This is why this is also sometimes known as ad hiding. This kind of fraud can be especially problematic for brand awareness campaigns.
There are other fraud schemes that operate under a similar principle too. For instance, a fraudster could attempt to take credit for an ad appearing in full even if only part of it was visible. This can occur with video advertising as well, with a fraudster saying that a video ad was watched in full when it wasn’t in reality.
With app spoofing (otherwise known as domain spoofing in the browser world), a fraudster sends in ad requests claiming to be a legitimate publisher, enabling them to illegitimately get demand from advertisers. For example, Bob’s Spam Factory would falsely claim to be a reputable publisher like The Guardian in order to get ad dollars from all of the brands looking to advertise with the newspaper.
The Ads.txt initiative from the IAB Tech Lab was designed largely to combat this problem. In March 2019, they released app-ads.txt for mobile apps, which is a file hosted on the developer websites connected to the app profiles within the major app stores. To learn more about app-ads.txt, check out this blog post.
This describes scenarios in which ads are served completely out of view of legitimate end users. For example, instead of showing a video ad to a real person, the ad is played purely in the background and not seen by anyone. This way, the fraudster can still charge per view, even though no one actually saw the ad.
This is also sometimes known as in-banner video ads, as often fraudsters will display a banner ad to an app user while having a video ad play in the background. This is still unfortunately common, as a March 2019 BuzzFeed report highlighted.
But, luckily, many major players are taking significant steps to curtail this kind of fraud. In particular, InMobi has been working with DoubleVerify to more effectively police the mobile ecosystem both before and after ads are shown.
While fraud may be almost as old as time immemorial, it’s become an especially pressing and acute issue within mobile in-app advertising. But, by understanding the common types of mobile ad fraud, everyone in the programmatic ecosystem can better fight against and help prevent these instances of fraud.