Secure-D, an anti-fraud organisation that detects and blocks mobile ad fraud, has released a report on mobile ad fraud and its impacts on users. Part of the report explains how the 5 villains of mobile ad fraud work.
Click fraud uses malware-infected devices like smartphones to register fake visits and clicks on a website with ads.
Though advertisers have been trying to top fraudsters using this method this hasn’t worked out. Fraudsters ensure the bots mimic human-like tendencies such as random delays and fake finger movements.
How Clickbots work?
- Fraudsters pay to use a botnet, a huge collection of devices hijacked by malware.
- Fraudsters use the botnet to navigate to sites under their control and show ads from legitimate advertisers which are invisible to the user.
- Fraudsters use the botnet to create millions of fake clicks on ads without the device owners knowing.
- The ads are hosted on the fraudsters’ own pages, so they collect money from legitimate advertisers.
You know when you click on a link that says download but instead, an ad pops up? That’s how click-jackers work. Fraudsters use “carefully chosen wording and imagery” to deceive users into clicking that specific part of a page.
To take advantage of your clicking actions a number of things could occur;
- the user could be sent to a site filled with ads that claim revenue from advertisers;
- the user may be redirected to confusing web pages that entice or trick them into a digital subscription;
- fraudsters also use invisible links to trigger a malware download.
Fraudsters disguise or encrypt code with malware in apps which evades Google Play Store’s security protocols and ends up on phones. Sometimes they also let you install a safe app which then installs another malware-infected application on your device.
This is why sometimes random ads start popping up when people use their phone. This enables the fraudsters to then collect revenue from advertisers. These apps are usually extremely difficult to find because they hide their activities from users.
Cybercriminals use server farms or non-mobile devices for ad fraud so they can generate clicks whilst posing as a mobile device user. The true nature of the device is disguised and the clicks pose as a specific phone or tablet.
Smartphone emulation takes advantage of advertisers that pay a premium for mobile device users over those on computers. Secure-D’s states that the likely reasoning behind this is because of research that shows that “mobile users spend more online per month than desktop users and are twice as likely to make big purchases over $250.”
In this method, the IP address of a user is replaced with a different one to make it appear as if there are in a more lucrative market which will attract advertisers offering more money. The method is also used to avoid having fake clicks constantly reported from the same user.
Users are redirected multiple times to create a complex trail. Cybercriminals also use VPNs to create different IP addresses.
How IP-Spoofing works
- Click farms in Country A, for instance, India, target a website in Country B, say Brazil, by generating bogus non-human traffic. A user’s hijacked phone in Country B gets a high number of requests from the IP based in Country A.
- Fraudsters utilize users’ highjacked phones in Brazil as proxies, thereby making the traffic appear to be originating from Brazilian IP addresses.
- Fraudsters get paid for the fake events, including ad clicks and views.