Over 92% of Internet users access the web using their mobile devices. Clearly, there is a lot of incentive for advertisers to advertise on mobile devices. Advertisers can reach a large, targeted audience on mobile devices. The advertising messaging can be personalised to an incredible level, and results can be tracked closely to drive informed segmentation and optimisation decisions.

However, the same mobile ads that marketers can use to their advantage are also used by fraudsters and scammers to commit mobile ad fraud. Advertisers are expected to spend $326 billion on mobile advertising in 2023. This presents a lucrative opportunity for fraudsters to make a quick buck. While mobile ad fraud is a type of cybercrime, unfortunately, most businesses that use mobile advertising don’t employ protection against these rising threats of mobile ad fraud.

If you are one such marketer, feeling out of depth and struggling with preventing mobile ad fraud from skewing your advertising metrics and wasting your ad budgets, this article is for you. In the subsequent sections, we will discuss everything you need to know to protect yourself against mobile ad fraud. Let’s begin with the basics.

What is mobile ad fraud?

Fraudsters use unethical activities and tactics to fraudulently make money by stealing from advertising budgets. Any activities to achieve this objective fall under the umbrella of mobile ad fraud. There are a number of different parties or personas that stand to gain from committing ad fraud. Some of the most common ones are:

  • Independent fraudsters or groups of fraudsters that want to make quick money by duping advertisers.
  • Unethical advertising publishers that want to make money using fake impressions on ads on their websites or platforms.
  • Competitors that conduct fraud with the objective of gaining an advantage by wasting their competitors’ ad budgets.

Unfortunately, ad fraud is a problem that plagues consumers and advertisers across almost every industry vertical. It is also worth noting that successfully committing mobile ad fraud requires expert technical knowledge and access to a large number of resources. This means that a lot of fraudsters are educated people backed by handsome budgets.

Fraudsters employ a variety of techniques, both simple and sophisticated, to generate fake impressions, clicks, app installs, and even leads to scam advertisers. Let’s look at some of the most common forms of ad fraud prevalent today.

Techniques used to commit mobile ad fraud

In order to protect your app against mobile ad fraud, you must first understand how fraud is committed. Here’s a brief overview of some of the most commonly used techniques to commit mobile ad fraud:

Click spamming

Click spamming is a relatively simple technique to commit mobile ad fraud. As the name suggests, with click spamming, the fraudsters generate a large number of clicks in the hopes of getting credit. The technique, also called click flooding, depends on overwhelming a measurement system with the objective of letting one of the clicks slip through.

Click spamming is done both manually and with the use of sophisticated bots. These bad bots are designed to perform repetitive actions in a manner that mimics human activity. On the other hand, fraudsters in regions where labour is cheap hire hundreds of people to click on ads. Such operations are commonly known as click farms.

Click spamming is used to hijack the last click attribution before a conversion is made. By hijacking the last-click attribution, the fraudsters keep the advertisers in the dark and steal their marketing budgets. Usually in this process, the fraudsters fire a thousand clicks in a short span of time to fool the MMPs to misattribute the click. This further results in the payout to fraudsters and the advertisers end up with skewed data.

Click injections

Click injection is a slightly more complex tactic to commit fraud. Fraudsters use a malware-loaded app that “listens” for Android download broadcasts that are sent out when a user downloads an Android app. And when an install happens, the fraudsters ‘inject’ a click right before the installation is completed. This click allows the fraudsters to take credit for the download and receive the subsequent payout.

Ad stacking

As the name suggests, this fraudulent activity scams advertisers by stacking ads on top of one another. This type of fraud is usually conducted by fraudulent publishers who want to make extra money from ad placements on their websites.

From the user’s perspective, only one ad is visible. However, the advertiser stacks multiple ads under that one ad, getting impressions recorded for all of them. Fraudulent publishers are known to stack as many as eight ads on top of each other. This means that in such cases, fraudsters make eight times more revenue from that ad placement.

SDK spoofing

SDK Spoofing is another type of mobile ad fraud that is used to fabricate records of app installs when there are no installs happening. Detecting an instance of SDK spoofing can be challenging as most fraudsters use real devices to create download events, making them appear legitimate.

To conduct SDK spoofing software development kit or SDK is lined with malware. Unknowingly, developers may use a malware-loaded SDK to develop an app. Fraudsters break into the SSL encryption between the app SDK and the servers and deliver a “man in the middle” attack. They then test different URL parameters to determine those that will trigger legitimate high-value actions such as an app install or an in-app purchase. Once successful, the fraudsters are able to register app installs on the mobile measurement partner (MMP) and get the payout for the app install.

Once the fraudsters have determined the right URL parameters, they can repeat the subsequent process indefinitely, sometimes getting paid for hundreds of downloads that never take place.

Device farms

Device farms are physical locations where several devices are used to perform actions that allow fraudsters to get ad payout. These can range from manually performed clicks or instals. The common industry misconception is that device farms are a problem limited to Asian countries. However, the reality is that device farms can be found across the world and affect almost all advertisers, regardless of their location.

Device farms have been one of the longest-standing sources of pain for mobile advertisers as they are relatively simple to build and operate. Since many device farms employ real human beings, detecting device farm activity can be difficult. Some device farms have been known to perform post-install actions on apps for up to a month after downloading them.


One of the factors that determine the cost paid by the advertiser for each impression or click, or app install is the location of the traffic. Depending on the industry and the product/service being advertisers, traffic from certain locations may be valued higher than others. Similarly, for some products/services, traffic from certain locations may be completely irrelevant.

For instance, if you have a product that would benefit from advertising to audiences in the USA, you may be willing to pay a premium to show your ads to this audience. However, a fraudster using geo masking may show your ads to traffic coming from, say, Pakistan, but make it appear as if the ad is being shown to US audiences. As a result, you may be paying a higher cost per click/impression/app install but getting access to a lower quality, less relevant audience.

Ad injection

Ad injection allows fraudsters to ‘inject’ any ad on ad inventories that may belong to other advertisements. This technique involves the use of browser extensions and adware tools to hijack servers and slip ads into the ad inventory meant for other ads. This means the ads may appear on a publisher’s website without their knowledge.

Impact of mobile ad fraud on digital campaigns

The impact of mobile ad fraud isn’t limited to subpar results from ad campaigns. Depending on the severity, mobile ad fraud can impact advertisers on multiple levels, with some implications becoming apparent days and weeks after a campaign’s data is reviewed. Here are a few ways in which mobile ad fraud affects marketers:

Wasted ad budgets

The most obvious impact of mobile ad fraud is the wastage of ad budgets on fraudulent placements and payouts. This year, it is expected that advertisers will collectively lose $100 billion to digital ad fraud.

Compromised analytics data

The less obvious but equally dangerous impact of ad fraud is felt in analytics reports. Because of sophisticated techniques used by fraudsters, your campaign data may be skewed without you even realising the same. The ad campaign performance reports generated may be reporting clicks and/or app instals that have been generated by bots or click farms run by fraudsters.

These misreported analytics compromise an advertiser’s ability to correctly optimise their campaigns and reach the right audiences. In many cases, because of wrongly reported analytics, advertisers pull their budgets from authentic publishing platforms and allocate them to fraudulent websites, unknowingly compounding their losses.

Lack of confidence in mobile advertising

As budgets get wasted, and skewed analytics prevent companies from reaching their advertising and sales targets, it will become more and more difficult to get stakeholder approval for digital advertising. This might translate into a huge, missed opportunity for many businesses that can benefit from mobile advertising.

Signs to identify mobile ad fraud

By now, it is clear that mobile ad fraud is a big problem. However, how can you be sure that it is a problem in your particular case?

In most cases, there are tell-tale signs that tell advertisers that they may be victims of mobile advertising fraud. While not all signs point to fraudulent activities, they should motivate you to take a closer look at your campaigns.

Some of the most prominent signs of mobile ad fraud include:

Unusual spikes in traffic

A spike in traffic/instals can be considered unusual when there have been no noteworthy changes made to the campaign. If you haven’t changed your targeting settings or the creatives of your ads and still see a significant spike in incoming traffic, it might be a sign that you have fallen victim to ad fraud.

Incoming traffic from unusual sources

If you are seeing a lot of visitors coming from a single IP address or your traffic is coming from a highly localised region, consider it a red flag. It is also a red flag if you are seeing a high number of user sessions but only a handful of unique visitors.

Incoming traffic from unusual locations

If your campaign is attracting visitors from locations that you have not specifically targeted with your ads, then it may be a sign of click fraud. This traffic may be coming from a botnet, or a click farm established in a location separate from your target locations.

Campaign performance-traffic disconnect

If you are seeing unusually low conversions despite your ads attracting a lot of traffic, then you must investigate your campaign reports closely. This might be a sign of bot activity since bots can access your app or landing page but cannot complete conversion actions.

Quickly draining ad budgets

If you have not changed your targeting settings and see your ad budget being spent quickly, it may be a sign of click spamming or another form of click fraud.

How to prevent mobile ad fraud

As you may have guessed, preventing mobile ad fraud is not a simple undertaking. Since there is serious monetary benefit involved for scammers, they are constantly on the prowl for new and innovative ways to dupe advertisers and make quick money. Considering there are so many forms of mobile ad fraud that already exist and that more sophisticated techniques will continue to crop up, advertisers cannot overlook this problem.

While some forms of ad fraud can be tracked manually, doing so is time-consuming and may not be entirely effective. Without a dependable, automated, and long-term solution, your ad campaigns will continue to be at risk of fraud. This is where holistic ad fraud detection tools come into the picture. By leveraging an ad traffic validation tool, marketers can eliminate invalid traffic coming from unknown and unsafe sources. These solutions give advertisers the transparency they need to make efficient business decisions and optimise app campaigns to get maximum returns.

In conclusion

Unfortunately, the mobile ad fraud problem is not going anywhere in the near future. With billions of dollars expected to be spent on mobile advertising every year, fraudsters have a lot of incentives in the game. This also means that there are many fraudsters that are backed by teams of educated people and expensive resources.

As advertisers become more cautious, fraudsters are also hard at work, looking for new and innovative techniques to drain ad budgets and make some quick money. While ad fraud has a lasting negative impact on advertisers, ad fraud detection tools can provide the necessary protection.
We hope this guide will spread more awareness about mobile ad fraud and how advertisers can protect themselves and their campaigns.

Find out how mFilterIt can help you protect your app campaigns from mobile ad fraud.