How to prevent bots from clicking on the advertising budget or Where fraudulent traffic is hiding

fraudulent traffic

The topic of fraud in advertising campaigns is extremely painful for Internet business owners and digital marketers. Fraud scammers distort reporting, take away the advertising budget and give nothing in return. In this article, we will tell  you how to identify junk traffic in mobile advertising and minimize it.

Read Also: How to Create an Explosive Viral Marketing Campaign

Fraud in advertising now

Mobile advertising budgets are growing along with the popularity of mobile devices, and fraud schemes are developing along with them. According to Appsflyer data for 2021, 8% of traffic in Russia is fraudulent.

These are not the worst figures in the world: in South Korea and India, the percentage of fraud is four times higher (32% and 36%, respectively).
Where fraudulent traffic is hiding

Who’s guilty?

There are many initiators of the fraud. Among them:

  • organizations that want to undermine their competitors’ marketing campaigns;
  • advertising systems that wind up statistics for the sake of getting the advertiser’s budgets. It is only after the payment is made that the advertiser discovers that the attracted installs are not converted into purchases, and the effectiveness of the campaign is extremely low.
  • dishonest agencies. They, too, can get in the way of fraudulent intruders. For example, the agency does not cope with the KPI set by the client and tweaks the indicators for the sake of beautiful numbers in the report.

We categorically do not recommend engaging in fraudulent activity: your customer can responsibly approach the study of reporting and identify fraudulent fraud, which threatens to refuse further cooperation and damage the reputation in the market.

What’s with the pandemic?

Not without the impact of the pandemic. The lockdown forced retailers to move online and increase budgets to promote their own online stores and delivery services. The scammers took advantage of this.

Previously, the financial industry was the most affected by fraud, but now advertisers in the field of food and beverages are increasingly faced with fraud.
advertising budget

Is there no fraud on iOS?

Android is the most vulnerable operating system to cyberattacks and viruses, and there is more fraud on it. However, the audience on iOS is more solvent, which is why it attracts not only advertisers, but also cybercriminals more than Android.

The majority of fraudulent traffic comes from remarketing and in-app campaigns on Apple devices. These campaigns are paid using the CPA (Cost Per Action) model, which costs more than the CPI (Cost Per Install) and generates more profit for the scammers.

advertising budget

How to recognize fraud?

In mobile advertising, we rarely have to deal with fraud. We explain this by the fact that agency specialists usually buy traffic from channels they can trust.

These are Google, Facebook and Yandex. Large advertising systems monitor traffic quality and develop their own anti-fraud systems that recognize fraudulent traffic and do not charge advertisers for it. 

Of course, a small percentage of fraud gets into reports, but it is so low that it does not greatly affect the expenditure of advertising budgets and does not prevent advertising systems from learning well.

Our colleague in the market, Olga Gaskova, mobile promotion specialist, on the contrary, often faced unforeseen fraud attacks:

“One of the most massive attacks occurred at the end of 2020. Then in-app traffic from small advertising systems looked absolutely clean. He passed the anti-fraud protection system and the Power BI analytics system. It was only through comparison with real data in the CRM system that we realized that most of the traffic is fraudulent.”

It is difficult to recognize fraudulent traffic in the reports themselves. The real picture of actions in applications is shown by the CRM system. It will help you understand that the sharp increase in clicks and installs is not caused by a surge in user interest, but by fraudulent schemes of intruders.

Therefore, it is necessary to regularly monitor data in CRM and compare it with statistics in advertising systems. This will allow you to track suspicious traffic in time and disable dubious advertising channels.

Where is the most fraud?

Fraud schemes are getting smarter, and you have to deal with their consequences after massive attacks,” says Olga Gaskova. Smart fraud can go unnoticed by anti-fraud systems of mobile networks and analytics.

Fraud mostly comes from in-app ads. At the same time, Olga did not encounter fraud on social networks.

In our experience, fraudulent traffic is a problem for small ad networks. Large systems (Yandex, Google and some others) are aggregators of many advertising networks and publishers (sites or applications that display ads).

Among them, there may be a fraudulent network, but the smart algorithms of advertising giants have learned to recognize unscrupulous partners and immediately refuse to cooperate with them. Therefore, it is safest to use trusted systems such as Google Ads.

However, small networks have their own “advantages” that attract advertisers:

  • A less rigid moderation system, resulting in a higher chance of launching ads from prohibited topics: gambling, making money online, fake goods, etc.
  • Larger choice of payment models – CPM, CPC, CPI, CPA, etc. The advertiser can choose the most profitable model for him. For example CPA (Payment Per Purpose Action) to only pay if the user has made a purchase. It should be understood that there is also a danger of stumbling into fraud here. Often advertisers believe that fraudulent traffic is only possible with pay per click. For a long time, this was indeed the case, and CPA was considered a safe model until fraud got smarter. New fraud schemes have emerged in which clicking is not the only way to scam. Attackers intercept in-app purchases and other targeted activities just as easily as they would with the CPI model.
  • A lot of “fresh” traffic, which is not covered by advertising giants. Small advertising systems may have their own user bases and partner advertising platforms that do not cooperate with large players like Yandex or Google. Reaching out to smaller chains will help you find new customers when the main systems have run their course.

We recommend that you use unfamiliar ad systems carefully and, if possible, use large ad networks to minimize the threat of fraud attacks. When choosing intermediaries, you can focus on the top advertising networks from the Blue Book Top 20 CPA Networks rating .

What are the types of fraud?

There are many ways to intercept advertising traffic. Fraud scammers are constantly improving their skills to remain unnoticed by digital specialists, security systems and analytics. We list the most common fraud schemes:


Bots make up half of all fraudulent traffic. They are malicious code that imitates user actions based on data collected by malware on user devices. Often bots run on a server basis, not on real smartphones.

They quickly learn to bypass security checks by hiding behind the avatar of a real user, which is why they are the most popular tool in the hands of scammers.

Device farms

This is a whole warehouse of mobile devices under the control and monitoring of intruders. Devices click on ads, download apps using IP addresses and advertising IDs of real users non-stop.

All actions are performed by specially hired employees or emulators - tools to imitate a large number of mobile devices and create fake actions with advertisements.

Interception of installations

The attacker in the face of the advertising grid tracks clicks and installs of real users, including those on ads from other advertising systems. When a user installs an app, the scammer intercepts the installation.

As a result, it is attributed to the fraudulent grid. Such a network receives advertising budgets without spending a dime on promotion, and a conscientious network spends a budget and does not earn anything.

Click flooding

Click flooding accounts for 35% of all fraudulent traffic. In click flooding, the attacker sends a large number of clicks to get to the moment the application is installed by a real user. It looks like it was the attacker’s ad network that brought the conversion.

Read Also: How to return a user who left the site – “Come back, I will forgive everything!”

How to deal with fraud?

In our agency practice, we encountered fraud in 2018. Then we launched an advertising campaign for Lensmaster, adding a lead magnet to the ad – free vision diagnostics.

There were a lot of people who wanted to make an appointment, but fraudulent applications made the job more difficult – 70-80% of them came, which led to the disruption of the campaign.

Then we organized our own call-center and began to confirm applications by phone immediately after their registration. This allowed us to get a more reliable picture of what is happening and ensure an even workload of doctors.

In the fight against fraud, the most important thing is to track suspicious traffic in time. We offer you a small checklist that will help you understand that scammers interfered with the advertising campaign:

  • Too short or, conversely, too long CTIT (time from click to install). A CTIT of less than 10 seconds indicates the possibility of intercepting installs, a CTIT of 24 hours or more indicates the likelihood of click flooding.
  • The New Device Rate (NDR) is over 10-20%. This may signal the intervention of a device farm that manipulates the reset of the device ID.
  • High conversion rate. Do not rush to rejoice at the excellent results of the advertising campaign: first, compare the number of conversions in CRM and in the advertising system. High conversions can be made by attackers.

Follow Us on Instagram and Facebook

About Post Author

Leave a Reply

Your email address will not be published. Required fields are marked *