Global app install ad spend could hit $51 billion this year. Fraudsters want some of that money. Regrettably, they will succeed. Is there anything the industry can do to defend itself? In a MEF webinar, two experts from Oordeoo and Freenet Digital assess the scale of the problem and the best ways to counter attack…

In the early 2000s, fraudsters spotted an opportunity. For the first time in history, there was such a thing as mobile ‘content’. Eager consumers had started paying to buy text alerts and ringtones and other exciting new products.

Criminals realised they could trick people into signing up for subscriptions. They would pocket money for weeks before the unwitting consumers realised they had been targeted.

Although this kind of fraud has been mostly stamped out, the fraudsters haven’t gone away.

Watch the MEF Webinar in full

20 years later, they are running similar scams – but this time they are targeting consumers, brands and MNOs through the medium of in-app mobile advertising.

It’s an unfortunate consequence of the incredible success of the mobile ad business. In 2019, digital ad spending will hit $333.25 billion, says eMarketer. For the first time, digital will account for roughly half of the global ad market.

And it’s mobile that’s powering this surge. According to IAB research, mobile’s share of internet advertising revenue rose to 62.5 per cent in the first half of 2018 (up from 54.1 per cent in HY 2017).

Regrettably, the fraudsters know this. They are continually devising new ways to use ad-based scams to dupe consumers and de-fraud advertisers.

But their misdeeds don’t just hurt the immediate victims. They undermine everyone’s trust in the mobile ecosystem. In the end, we all lose.

Fraud has a huge impact. People reach out to our call centres. They claim that their money is disappearing because they have been subscribed to a service they were not aware of. This is not only bad for our brand, it damages the whole ecosystem and reduces everyone’s trust.”

MEF is, of course, leading the fight against the fraudsters via schemes such as the Trust in Enterprise Messaging (TEM) programme and industry VAS Code of Conduct.

In a webinar titled Mobile Ad Fraud – Whose inventory is it anyway?, MEF turned its attention to advertising-related malpractice with a discussion from stakeholders representing different areas of the value chain impacted by ad-fraud.

The speakers were:
Matthias Kirsch, Head of Product, Freenet Digital
Jose María Prieto Pablos – Director of New Business, Strategic Planning and Market research at Ooredoo Algeria

In the session, they addressed some of the most common types of fraud including:

Unviewable ads

Here the advertisement is loaded, but never displayed to the end user

Fraudulent traffic/impression laundering

Ads appear on a site, which is not the one the advertiser paid for

Click jacking

Malware hijacks the ad slot on a website and displays an ad, generating revenue for the attacker rather than the publisher

Click Flooding

When a fraudster claims credit for an organic app install

Click Injection

An app already on a phone knows when another app is being loaded and claims credit and payment for the download

SDK Spoofing/attribution fraud

A bot sits inside an app and generates ad clicks from inside it

Bot traffic

Bots rather than people click on ads and perform fake installs. Fraudsters make bots ‘behave’ like real users.

The above list reflects the many routes available to the fraudster. But how pervasive is ad fraud?

The answer is alarming. Both Kirsch and Prieto Pablos suggested scams can drive as many as 90 per cent of all app installs and traffic in some regions and niches.

Prieto Pablos said: “Fraud has a huge impact. People reach out to our call centres. They claim that their money is disappearing because they have been subscribed to a service they were not aware of. This is not only bad for our brand, it damages the whole ecosystem and reduces everyone’s trust.”

He added that, at its worst, this fraud was generating 15,000 calls a month.

So how are the fraudsters generating these fake installs? Kirsch explained that some scams are merely new twists on the oldest scams. “There’s click jacking. The fraudsters will offer up a video that doesn’t play the first time. So the user clicks a second time, and this acts as the double click opt-in – and the subscription is taken care of,” he said.

Another longstanding method is through the simple free app that asks for all manner of irrelevant permissions from the user. If he or she agrees (they normally do), the app can then activate nefarious activity in the background.

However, Kirsch also highlighted another insidious scam. Here, the criminals load malware onto handsets, which they sell on auction sites and other secondary outlets.

“The malware has fraudulent mechanics built in,” he said. “It can subscribe a user overnight and unsubscribe them again after the sale has been reported. The user will often have no clue about this, and the malware program can be very hard to get rid of.”

Prieto Pablos added that these malware products can also intercept the two factor SMS PIN flow that is designed to make the subscription sign up process more secure.

On the plus side, there is much that stakeholders can do to fight back against ad fraud – through software, metrics, machine learning and consumer education.

Tim Green

Features Editor, MEF Minute

  

Register Now for the next MEF Webinar – July 25th

RCS Payments: Realising the Potential

What if consumers could make a payment inside a mobile messaging conversation? RCS brings rich features to the default messaging app in the next generation of smartphones.

In this webinar, MEF members explore the potential of RCS & Payments and look at the benefits and key requirements for seamless payments in RCS Business Messaging.

Sign up Now

Member Login

Sign up for our email list

Sign up to our mailing list to get updates on our programmes, events & activities.

* indicates required
Email Format

You can customise the content and frequency of communications in our email preferences centre.

See our privacy policy for further details how we manage your personal data. We never share your data with third parties and you can opt out at any time.

Do NOT follow this link or you will be banned from the site!