Common Mobile Advertising Fraud Methods and How to Identify, Prevent, and Fight Them

New Infographic

Fraud has always been a serious issue in digital advertising. The anonymity of digital traffic, the lure of easy money, and the hard-to-verify impression-based payment, often have a tendency to attract fraudsters. As a new report by White Ops digital security firm reveals, the price tag of digital advertising fraud is alarmingly high – with an estimated $6.3 billion lost to fraud in 2015. On the mobile side of the business, the numbers are somewhat lower – mainly due to the smaller size of the market and the lack of tracking cookies – with losses estimated at approximately $1.5 billion in 2015. But as more and more advertising budgets move to mobile, so does the threat for fraud increase.

So how can mobile advertisers fight fraud? Let’s start by getting to know the most common (and awful) fraud methods faced by advertisers:

  • Install farms: Mobile fraud sweatshops in developing countries in which low-wage workers manually install, uninstall and use apps in order to boost their App Store rating.Install Farm
  • Install Bots and emulators: Automated computer programs that mimic the behavior of actual users and generate fake impressions and clicks.
  • Incentivizing non-incent traffic: Promoting non-incentivized campaigns by offering users incentives for the download, thus generating low-quality traffic of non-engaged users while receiving premium non-incent rates.
  • Proxy and emulators: Allowing fraudsters to send traffic from outside the targeting demographic (e.g. from countries with cheaper traffic and web browsers emulating mobile devices), often coupled with the use of click and install bots.
  • Mobile device hijacking: Infected mobile apps which load and interact with hidden ads in the background without the user’s awareness or intention.
  • Hidden media placement: Intentional ineffective media placement which allow ads (display and video) to technically be shown to a human audience, even though there’s no chance anyone will see those ad units. For example, a stacking of banners on top of each other like playing cards, or a video ad running above the fold in a muted 1×1 iframe.
  • Accidental clicks: Intentional bad media placement next to other links and button in a way which causes users to accidentally click on the banners. Not surprisingly, these clicks rarely lead to engagement and have extremely low conversion rates.


Once we know what to expect, it’s time to discuss how to identify, prevent, and fight fraud:

  • Work CPI, not CPM/CPA: By working on a CPI model and ignoring banner and video impressions, you practically eliminate the risks of impression-based frauds.
  • Monitor your campaigns convertion rates: Look for daily and hourly peaks and deviations. As a general rule of thumb, a non-incentivized campaign should have a conversion rate (CR) of 0.5-5%. A non-effective CR of under 0.1% might signify a click fraud or accidental clicks, while a too-effective CR of over 7% might come from incentivized traffic.
  • Focus on engagement, and not on downloads or impressions: As many advertisers already know, distribution is only half the battle. What is really important is engagement and retention. Focus on post-install events, purchases, subscription, and retention. Not only will it help reduce the chances of fraud traffic, it will also allow you to identify and optimize the most effective traffic resources.
  • Install an ip Whitelist and enforce device and geo targeting: An IP whitelist allows you to limit your traffic to approved servers only and to deny fraud traffic on the server level. In addition, the geo and device targeting prevent fraudsters from sending installs and clicks outside of your target demographic.
  • Go big (data): Many of these proxy servers are quite good at hiding their traffic – that’s where big data comes in. Monitor and flag common proxy servers and IP addresses based on suspicious activity and block them from sending traffic to your campaigns.
  • Always demand source and sub-source parameters: Strict enforcement of these parameters will allow you to monitor your traffic not only at the level of your direct media sources, but also at the level of their sources (be it websites and apps or other networks).


Have other ideas of how to fight fraud? Let us know.