How Mobile Fraud Is Stealing a Large Portion of Your Ad Spend

Many marketers likely don't even realize this is happening

Mobile fraudsters are impressively stealing your ad budget, and you likely don’t even know it.

These grifters have evolved their trade faster than prevention capabilities can keep up and have turned ad tech into their unwitting accomplices. Ad buyers are losing this arms race, and the bigger your budget, the bigger a target you are. The potential heist, according to Forrester’s projections: $20 billion of budgets this year alone.

These nefarious groups know the soft spots to exploit in the revenue chains, invent new methods to cloak their activities at scale and understand how to use your individual campaign requirements against you. The 2019 mobile fraudsters are now well-organized companies that flood your data feeds with garbage that looks great, which in turn keeps even advanced buyers incorrectly yearning for more. That’s some remarkable trickery.

Let’s illuminate several critical types of mobile fraud and discuss actionable tactics to protect your budget, data and business. This will equip you with strategic understanding, in plain English, to address the theft and damage that is likely being perpetrated on your advertising programs—right this minute. Pulling back this fraud curtain may reveal some scary realities. However, this article will arm you to begin your battle, stop the theft of your budgets and restore the integrity of your core advertising and consumer data.

Understanding the fight

Your best mechanism to fight mobile fraud starts with knowing and using your own data. Although there are plenty of external, third-party tools built into the different tech platforms you use, their purpose is to broadly defend against ad fraud for every client. You need to solve fraud for your specific company, and that requires a unique strategy and approach altogether.

Further, those same ad-tech prevention tactics are known by the very companies you are fighting against. This keeps the fraudsters smarter and faster. They are essentially using your technology against you.

To clearly illustrate how these frauds are perpetrated and how to address them, Iet’s use a sample campaign designed to drive paid customers of our new app and funded out of the advertising budget on a cost-per-install (CPI) basis. (Comparable circumstances affect all types of mobile campaigns.) To become a new customer, each needs to complete three key stages: installation, registration and purchase.

On the other side of the battle are the well-organized fraudsters. These companies have legitimate apps which serve our ads and are used by real, potentially valuable users. However, they also generate activity with subsequent revenue for themselves via bots and warehouses of staff who click, install and act inside our app. Their sophisticated tactics enable them to target our campaign specifically and exploit ad exchanges to steal our ad budgets at scale—all in plain sight.

A chart

Addressing table stakes

Our starting point is to discover and acknowledge “empty installs” and “fake registered users.” Empty installs are when fraudsters click and install our app, but with no further activity, and gets the CPI revenue in the process. This is the easiest fraud to address.

The marketing team just needs to get granular with the mobile measurement platform (MMP) campaign tracking data. With a little know-how, the marketing team can identify the partners, apps and sites that have been delivering large and small amounts of wasted budget. We can then cut zero post-install activity sources. But these fraudsters remain impressively clever, which necessitates a deep examination of the data based on understanding their nefarious strategies.

The next level of fraud has fake registered users, who create false accounts which pollute the data. These need to set off alarms. This scenario indicates that the fraudsters know and are using our marketing expectations against us. To identify this, the team needs to scrutinize its data for:

Below-target expectations

Symptom: few post-install events to prevent zero-activity warnings from being tripped

Remedy: to run site-by-site summary registration analysis and proactively optimize away from these sources

Too good to be true

Symptom: very dangerous area where fraudsters deliver registrations distinctively above expectations or norms. Unaware ad buyers and programmatic systems are immensely susceptible here.

Remedy: to determine characteristics of violating apps and pause accordingly

Solid yet empty registrations

Symptom: registration rates in line with norms, but have zero to minimal purchases occurring

Remedy: to analyze coordinating multiple data sets. This will be time consuming the first time, but needs to be done, and set up for daily monitoring. The fraudsters are counting on this added labor slowing the recognition of their efforts.

Hands-on, daily monitoring of the campaigns will give the marketing team a feel for how the campaigns run. If something begins to just feel off, it likely is. Data and intuition are powerful allies here. I am amazed at how few companies have mastered this level of understanding and technique. Marketer rationalization is what fraudsters count on and is the beauty of the highly effective theft: The Big Spoof.

Fighting the big spoof

Bigger goals mean bigger budgets, which present bigger opportunities for fraudsters. Why steal small when you can steal at scale? The “spoof” is the technique for the heightened heist of our budget.

If the straightforward fraud uses our campaign strategy and expectations against us, The Big Spoof directly abuses our technology platforms as well. The first and crucial strike is on the MMP, as it is the data depository and revenue-confirmation engine. A spoof just skips key steps in a real user’s app engagement and writes properly formatted garbage data to the MMP databases. For the new app, the result is a large number of spoofed installs and potentially spoofed registrations, without ever creating a real user. The spoofed registration shows the fraudsters’ sophisticated understanding of the campaign and data requirements.

To do this, the burglar’s method is to disassemble just enough of the app to expose access to its APIs—which are the essential pipes for the app to deliver data to the MMP. The fraudsters then fill these pipes with their garbage data and start the revenue flow to themselves.

As with any battle, legitimate fear introduces itself right up front. Questions arise, like “What if our investigation shows we have been wasting money for months?” or “Are we going to have to stop the company’s paid growth?” Denial will only perpetuate and exacerbate the issue. Finding the problem is the path toward not only stopping the bleeding but providing the team with new weapons to make the overall campaign much more efficient going forward. The marketing team actively needs to hunt for the spoof.

Registrations are the first data point to build from. Assuming that the registration data is recorded with the MMP and internal databases, there are multiple opportunities to live-audit campaigns, identify the fraudsters’ fingerprints and determine how far the spend theft has spread.

The highest-level analysis starts with comparing registration counts against each other. If the tallies are close, it is likely off because of timing. However, when the counts are dramatically different, where the MMP’s registration count is well above the internal list, this is the first indicator that significant spoofing activity is occurring.

Now we need to dig down on a per-install basis. This will provide greater visibility to the tactics and characteristics of the fraudsters. As they are committing the theft at scale, the MMP’s databases will likely start showing similar attributes and data garbage across multiple ad partners. This is what can be used against the fraudsters (as well as justification to clawback budget from ad partners). Fortified with these new data insights, a marketing team can now repurpose the tracking technology, build a shield and take the fight to the fraudsters.

Re-empowering your ad tech

For many companies, this repair process can be overwhelming. To start, your first call needs to be to the MMP, laying out the full spoof. Shrewd MMPs will acknowledge the issue, as opposed to those who flat out deny it. Together, specific—and non-public—tech fixes can be implemented quickly. The most straightforward tactic is to ensure that only the app (or internal servers) can post data to MMP databases. This stops the flow of fraudulent data circumventing the real operational processes and breaks the chain of the theft of your ad budget following suit.

The next step is to post customer data to the MMP that is seen and known only to your teams. This will speed the identification of future fraud, as the enemy will inevitably get more advanced. Any user record missing this internal, properly formatted data will indicate new fraud and can be dealt with. These two mechanisms will put you on equal footing with the thieves, if not slightly ahead for the near future.

The quietest epidemic: next

Despite war stories and projections in the billions of dollars per year, mobile ad fraud remains the quietest digital epidemic. It is complex and will become only more so. Further, this fraud is a stone which will create ripple effects across many types of modern business decisions. Services and products developed based upon these fraudulent consumer digital data points will amplify the negative impacts for companies. Advertising will ultimately be just one of the pieces in the larger misdirection, as well as operational and financial issues. Once recognized altogether, we may all look back fondly on the days when we thought this was only a $20 billion problem.

However, understanding the strategy and tactics of the enemy is the first stride toward fighting it globally. There are many more flavors of mobile fraud in the advertising world, affecting virtually every type of campaign. Companies that use the techniques discussed here will inevitably unearth other irregularities in their data, media spends and consequential decisions. The smart ones will use that information to keep building up their defenses, fighting back and staying ahead. The others will continue wasting budget with their heads in the sand and enriching the fraudsters.