Fraudsters are using technology to scam businesses of their ad spend, commandeer an army of bots to inflate ad metrics. If your business does mobile advertising, chances are your metrics are exaggerated. You will need to take measures to limit the lost budget to ad fraud. 

Online advertising is a multi-billion-dollar industry where you pay platforms and websites to put your business in front of prospective customers. Of the seven types of online advertising, mobile marketing has outpaced desktop as the most effective platform to reach target customers because of its broad range.

Mobile advertising reaches more customers on their smartphones and tablets through text messages, social media, websites, email, and mobile applications. This broad range makes mobile ads even more successful since everyone carries their smartphones everywhere they go, which means you can connect with a potential customer at any time for the right price.  

According to Pew Research Center, 57% of your target customers shop online on mobile phones. Given that this group of mobile shoppers accounts for nearly one-third of digital sales revenue, your business must optimize ads for mobile sales sooner or later.

Still, your business is not the only entity that wants a slice of the over $900 billion revenue from customers who shop and spend online – no, this third party is not the government. 

Fraudsters have made elaborate efforts to position themselves to steal money from your business seeking to reach customers and from customers seeking to buy products and services online.

The effort they put into swindling both business and customers is so impressive that Forbes wrote about how mobile ads fraud has become a lucrative venture for scammers and how they contribute to your business's lost budget. 

These fraudsters hurt your bottom line through ad spoofing, click spam, click injection, and SDK spoofing. Each one is more elaborate and complex than the former.

Click spam and how it hurts your bottom-line

Click spam mimics organic reach and tricks your analytics dashboard into recording fake clicks as legitimate. Here, the fraudster monitors devices for installs/engagement with the advertised product and generates spam clicks before a customer uses the app. The fraudster may also poach clicks in the background while the user engages with the app or product. Forbes reported that click spams were higher on iOS than Android devices in Q1 2018, and fraudsters cashed out about $800 million in ad spend. 

If you have spent money on mobile advertising to drive traffic, you will understand how click spam hurts your bottom line by now. The concise explanation is that the spam clicks are counted as organic traffic and falsely attributed to the fraudster who then claims payment for the traffic. If undetected, click spam skews your ad metrics, and you continue to pump money into spam traffic.

Click injection and how it hurts your bottom-line

Click injection is a sophisticated form of click spam. The fraudster uses a system to listen to broadcasts that newly installed apps send to different apps, such as your password manager. Sending broadcasts is how apps communicate, share data of interest, and run background operations to optimize your device use. Click injection hurts your ad spending in the same way as click spam, on a larger scale, and it is more difficult to detect in your analytics. You will need a click injection filter to protect your ad campaign from scammers.  

SDK spoofing and how it hurts your bottom-line

SDK spoofing is one of the most sophisticated and fastest-growing mobile advertising frauds in recent years. Software Development Kit (SDK) is the collection of tools developers use to build applications for specific platforms. A platform's SDK allows a device and various data points to communicate back and forth.

SDK spoofing is when a fraudster intercepts this communication, thus controlling the source of data and the means of delivery. Then the fraudster creates a feedback loop to expose and steal data before replacing it with spam data that balloons ad metrics – this is a summary. SDK spoofing hurts your bottom line because fraudsters harvest data from real people and make it look like your ads are reaching target customers when no such thing is happening.

The solution to SDK spoofing is to torture your data for the hype, i.e., clicks, impressions, installs, and KPIs. Then, you must implement an SDK signature, a tool that encrypts the communication and ensures your data is coming from an authentic device and a real customer.

However, this solution is not infallible to fraudsters. Experts suggest outpricing fraudsters interested in your ad spend by lowering their return on investment (ROI). If the cost of spoofing is significantly or even marginally higher than their ROI, a fraudster is more likely to lose motivation.

The Old and Brazen Mobile Ads Scam

It turns out that scammers do not always resort to complex technology like SDK spoofing to hurt your ad spend. Some go the old – and still prevalent ways of creating landing pages, images, and posts and pay for pay-per-click advertising. Until recently, advertising companies hardly performed in-depth reviews or verification on a company before approving ads. Thus fake ads are often ranked above organic and authentic results.

When an unsuspecting customer clicks on the fake ad, they unwittingly download malware that takes over their device and operates in the background. The fraudster may then use this commandeered botnet to inflate traffic and ad impressions, making you pay for customers who do not even interact with your ads. Fraudsters may also sell the fake traffic to legitimate ad publishers trying to reach and engage target customers for client advertisers.

How Ad Fraud Affects Customers

Fraudsters may also harvest the personal, contact, and financial information of unsuspecting customers through ad surveys and online forms. They may then use or sell the data to scammers who use the stolen data for identity theft, email phishing, and – most commonly, phone scams.

Often, scammers who steal contact information use robocalls to spam customers with texts and calls offering duplicitous deals. It is easy to beat this kind of scam by installing apps that block robocalls and check unknown callers for spam activity. Robokiller and YouMail are some of the big names in this area.

Scammers also study the harvested data for vulnerable customers and place a phone call posing as a grandchild, tech support, or phone insurance company. For most people, detecting this scam from just interacting with the scammer on the phone is near impossible since they seem to know a lot about you or the product or service you own. Follow the online shopping guidelines by the Federal Trade Commission.

Generally, if a caller asks you to pay over the phone or withdraw cash, it is most likely a scam. Cross-referencing the details of the unknown phone number on databases such as Phonenumbers.org helps you know for sure. If the caller is legit, the name and employment details they provided when they called will be the same as the information listed on the carrier database. If there is any discrepancy between the caller's name and location and the information available to you, it is most likely a scam. Report any phone scam activity to the Federal Communications Commission complaint center.