March 14, 2019
Submitted by CHEQ
4 Tips to avoid the growing menace of mobile fraud
Big brands pay a lot of money to advertise online and in apps. From vacation offers to sports goods, or hot mobile games such as Fortnite and PUBG, more cash is being spent on advertising.
Specifically, mobile will account for 62 percent of global digital ad spend in 2019, representing $155 billion in revenues. In addition, 60 percent more apps will monetize through ads in 2019.
However, with this gold rush comes the rising problem of ad fraud targeting mobile traffic and in-app ads, as underlined by new research.
18% of US ad traffic is fraud
Here at CHEQ, we carried out an analysis of 4.1 billion ad requests made in the United States between October 2018 and February 2019 revealing that 18% of this is fraudulent traffic
While U.S. desktop-based fraud makes up 55% of US online fraud levels, mobile-based ad fraud accounts for 46% of the problem. This shows that more must be done to understand the unique nature of mobile ad fraud.
Mobile fraud: now highly sophisticated
In an extremely worrying finding from our study, we found not only high levels of ad fraud. Of the fraudulent traffic in the US, 77% is "sophisticated invalid traffic" (SIVT), which utilizes far more advanced malicious methodologies to defraud the advertising ecosystem than the more basic forms of ad fraud or "general invalid traffic" (GIVT).
While GIVT can be detected by simplistic methods such as IP and user-agent blacklists, SIVT fraud requires far more sophisticated capabilities to detect, such as OS and device fingerprinting, dynamic honeypots (bot traps) and network behavior analysis. Scammers are getting smarter in targeting ad dollars through a sophisticated network of fraud.
With this problem costing $50billion a year to advertisers, here are four key tips to protect yourself from mobile and app ad fraud.
1. Employ Ad Verification Tools
Having an ad verification solution is the essential “table stake” for dealing with ad fraud, according to a recent eMarketer report. It is also important to probe vendors of services, asking questions such as: how many parameters they have to uncover bots? Do they rely on simplistic fake IP lists? What techniques do they use to investigate the evolving threat? Do they merely report on fraud and can they block ad fraud in real-time?
2. Create a unique identification for your mobile traffic sources
It is worthwhile to ascribe a unique identification to your traffic sources to monitor the amount of traffic and its sources, then look for anomalies. For example, a programmatic buyer can monitor the amount of money spent on each site. If for example, you suddenly find you are buying a very large amount of impressions on a particular site, this suggests fake bot traffic. Another flag to look for is if a small site is suddenly getting you lots of impressions in your campaign. This could be a sign of manipulation.
3. Be suspicious of cheap inventory
If you ever find yourself able to buy premium inventory for cheap, say, CNN inventory is costing you 20 cents CPM, that might be someone spoofing the domain. For instance, premium publisher Financial Times found display ads against inventory masquerading as FT.com on 10 separate ad exchanges and video ads on 15 exchanges.
4. Do due diligence for in-app advertising
When it comes to in-app advertising, if things look too good to be true, they probably are. More than one-quarter of app installs are fraudulent. There are always new attacks on the app ecosystem. Installed apps commonly run impressions and render ads without us knowing. Google has previously removed apps, including flashlight apps that would contact a common attacker-controller server, to download an ad-fraud module unnoticeable by the user. It would proceed to repeatedly click on ads, juicing the network’s numbers and bringing in fraudulently acquired revenue.
We suggest looking closely at apps seeing their user rating in the app store and how many downloads they get. Check if this makes sense with the impressions you are getting. Be suspicious of ads that open late at night. Look at the quality of applications that are getting ad traffic. If it is a flashlight or a clock (a low-quality app) you would not expect good quality traffic. But for something like Candy Crush you would expect to see high-quality traffic.
The scope of the challenge
We must remain alert to the ad fraud threat as online and app ad serving continues to scale and mature. Returning to our US analysis, we managed to find and block 743 million instances of combined GIVT and SIVT ad requests before they were ever served, showing the scope of this problem.
Left unchecked these frauds infect marketing strategies with fake data, cause huge losses, cause grave consumer damage including malware. Longer-term the growing sophistication of ad fraud endangers the free internet, as advertising dollars divert to fraudsters. In fact, the World Federation of Advertisers estimates that within the next decade, fake Internet traffic schemes will become the second-largest market for criminal organizations behind cocaine and opiate trafficking.
There is an exciting future for mobile advertising, but it is vital that future growth is based on sustainability and greater transparency.