With: Dhiraj Gupta, CTO mFilterIt

Most performance marketers casually brush off ad fraud, thinking and saying that it doesn't affect them because they only pay when they get the sale, or the install. But, in actuality, they literally don't know what they don't know; they are still getting ripped off by various forms of fraud - whether it is on web (visits, leads, sales etc) or app (installs, registrations, sales etc)

App Install and Re-Install Fraud

Performance marketers pay on a cost-per-install (CPI) basis. Every time one of their apps is installed, they pay the CPI -- e.g. $1 - $2, sometimes even higher. Bad guys are using mobile emulators like Genymotion to create millions of fake mobile devices in cloud data centers. Then they download and install the targeted apps - like the Amazon Shopping app - and get paid the cost per install. But is that the end of it? No, bad guys have more money to make. They change the deviceID of the fake device and download the app again and get paid the CPI again. And again. And again. Fraud detection SDKs installed in the app itself cannot tell this is fraud because it appears to be brand new device that hasn't been seen before. Performance marketers, you paid on a CPI basis. Do you think fraud is impacting you now?

Attribution Fraud and Organic Stealing

Performance marketers pay the parties who helped them drive the app install (CPI - cost per install) or the sale (CPA - cost per acquisition). Attribution platforms keep track of who helped to drive that specific action, so they know who to pay and how much. What if one party wanted to "steal credit" for driving the performance action when they actually didn't? How do they do that? By click spamming. They identify the click attribution URL that is used to track the install and repeatedly load that URL. As long as they are the last URL to be loaded, they will get the credit for driving that install and therefore get paid the CPI for it.

Did you know that there is an obscure permission in Android where apps can be notified when other apps are installed on the device? This permission is being exploited by rogue apps to perform attribution fraud and re-engagement fraud. When an installed app receives notification that a new app is installed it jumps into action and performs click spamming on the attribution URL to claim credit for the install of the other app, even though it was "organic" and did not involve any ads or any affiliate help.

We've seen "warring apps" stealing credit from each other for CPI campaigns. We've also seen what is called "organic stealing" -- this means the app install occurred because the human wanted to install the app, not because he saw an ad for it; think Uber app or Amazon app. By repeatedly spamming the click attribution URL, the fraudsters can get paid the CPI bounty even for an "organic install" that happened independently of any ads or clicks.

By the way, all of this has been happening for years. You may know it as affiliate fraud, where affiliate sites claim credit for having driven a sale for a retailer by stuffing cookies to make it appear that they did. See: (2013) eBay’s top affiliate marketers busted for $35 million scam. Ben Edelman also maintains an entire list of Affiliate Fraud Litigations.

Similarly, did you know that 40 - 60% of online coupons on coupon sites are fake? They are designed to trick consumers into clicking to see the offer or coupon code. When they arrive they see a coupon code that doesn't work; but the click through already planted the affiliate cookie, which means that particular affiliate will get the revenue share for sales completed thereafter. But as a brand, the customer experience would be impacted.

Along similar lines is brand bidding on SEM (search engine marketing - i.e. paid search). Your affiliates may be stealing your “almost” organic users by creating look-alike ads and bidding on your own brand keywords. But when the user clicks on these look-alike ads, they reach your website but with affiliate links attached. You pay the affiliate for performance and also pay the Search Engine higher since your bid rates will increase due to your competition with your own affiliate.

In Summary, just because you are paying on sales, doesn't mean there is no fraud.

App Re-engagement Fraud and Other fraud

One area which advertisers are not looking is app re-engagement programs where users are encouraged to re-engage with apps they haven't used for a while. By sending in fake clicks, marketing partners can claim credit for the re-engagement, even if the user saw no ad and just started using the app again, naturally. These may appear to have great engagement, but users were just opening the app by themselves.

For more details see: https://www.linkedin.com/pulse/re-engagement-fraud-converting-organic-inorganic-dhiraj-gupta/

Finally, mobile apps, just like browsers, can alter any webpage, inject any ad impression anywhere on the content, block or allow any scripts, including fraud detection scripts and engage in any number of other nefarious techniques to generate more ad revenue and better cover their tracks, so there appears to be no fraud, when all of it is actually fraudulent.

Now, performance marketers, do you still think you are immune to fraud; or is it more accurate to say that the fraud was simply not visible before, but actually there?





About the Author: “I advise advertisers and publishers on the technical aspects of fighting digital ad fraud and improving the effectiveness and transparency of digital advertising. I help audit their campaigns and show them detailed data so they can verify for themselves what is fraud and what is not fraud.”

Follow me here on LinkedIn (click) and on Twitter @acfou (click)

Further reading: http://www.slideshare.net/augustinefou/presentations











