Mobile advertising is a key marketing channel for businesses of all types. With roughly 85% of U.S. adults reporting that they own a smartphone (Source: Pew Research Center), the potential impact of advertising through mobile apps should not be underestimated. Because of the sheer size of the mobile app advertising audience, many companies are starting to invest in creating in-app advertisements that are shared through free mobile apps.
However, there are some scammers who take advantage of mobile to commit fraud against consumers and the companies that place mobile advertisements. This mobile app fraud costs businesses across the globe millions of dollars per day and can have a severe negative impact on a company’s marketing ROI, brand reputation, and bottom line.
What is mobile ad fraud? How does it work? What could it cost you? Most importantly, what can you do to protect your business against fraudsters who use malicious mobile apps to steal money from your marketing budget?
What Is Mobile Advertising Fraud?
Mobile ad fraud is the process of running software on mobile devices that is designed to steal money from advertisers. This is done through a variety of techniques including in-app, mobile web, and malware-based fraud.
This should not be confused with mobile fraud—which is the unauthorized use, tampering, or manipulation of a cellular phone or service (such as SIM swapping, cloning, and subscriber fraud).
How Do Mobile Fraud Schemes Work?
There are several strategies that fraudsters can use to steal money from advertisers (and even customers). Mobile fraud schemes can be divided into several broad categories based on whether they work in an app, via a browser, or use malware to take control of a mobile device as part of a bot fraud scheme.
In-App Mobile Fraud Schemes
Mobile in-app advertising fraud is when a fraudster takes advantage of an app on a mobile app storefront to defraud advertisers. This can work in a few different ways depending on the specific scheme the fraudster employs.
For example, a fraudster could:
- Hide ads to generate false impressions on ones that pay by the impression. This can involve tricks like pixel stuffing or ad stacking. The app registers that the user “saw” the ad, but the user doesn’t actually see the ad.
- Deploy malware through the app to click on in-app ads when the device is inactive or turn it into a node for a botnet. Sometimes called software development kit (SDK) hacking, the fraudster adds malicious code to the app during the app’s creation or can be added after the fact during an app update. This is a common issue for freeware apps in mobile app stores.
- Engage in cookie stuffing—putting cookies on the device so that if the user coincidentally happens to visit an advertiser’s site later, the fraudster gets credit for “referring” them.
How common is malware in mobile apps? A report featured on 9to5Mac highlighted that one check by security researchers found “85 apps engaged in ad fraud; ten are on the App Store, and the other 75 are on Google Play.” This is just the fraud they could positively identify in a brief check of random apps on each storefront that used the Scylla attack method. Scylla is only one mobile adware fraud scheme out of countless potential threats found online.
Mobile Web Fraud
Web-based fraud targeting mobile devices may use a lot of techniques similar to the ones that target non-mobile web traffic. Tactics like domain spoofing, geo masking, pixel/cookie stuffing, and ad injection work just as well against mobile web browsers as they do against desktop browsers.
Here’s a quick explanation of key types of web fraud:
- Domain Spoofing.
The imitation of a website domain by a fraudster to make it look like a more valuable website. The goal is to either trick users into visiting the fake website and/or fool advertisers into spending ad revenue on the spoofed site.
- Geo Masking. When fraudsters obfuscate the geographic origin of the leads they generate by spoofing their IP addresses. This is used in mobile web ad campaigns where the pay per lead varies depending on where the lead is from (e.g., geotargeting campaigns).
- Ad Injection. Fraudsters can use browser extensions, plugins, malware, etc. to put ads on websites where they wouldn’t normally appear or replace existing ads with ones that the fraudster can claim revenue from.
How Much Does Mobile Ad Fraud Cost?
So, how much does mobile ad fraud cost? Projections indicate that, in 2023, the global cost of all forms of digital ad fraud is expected to reach $100 billion U.S. dollars—up from $35 billion in 2018 (Source: Statista). But how much of that is from mobile fraud?
In 2017, Anura’s engineers performed a scan of the top-performing apps on mobile app stores and found that there were variations of malicious code in many of those apps that could cost businesses between $2 million and $10 million per day. That’s between $730 million and $3.65 billion per year. Assuming the rate of growth of mobile ad fraud merely kept pace with all other categories of digital ad fraud, then mobile fraud alone could be costing businesses between $2.08 billion and $10.4 billion per year. It should be noted that this is a conservative estimate that doesn’t account for the growth in mobile device use over that time period.
The specific costs of encountering mobile advertising fraud for an individual business can include:
TCPA Violation Fines and Lawsuits.When fraudsters use mobile fraud techniques to send fake leads to you, that can result in trying to reach out to consumers who never actually opted in to receive communications from you. How? Because the fraudster may have used real data stolen from an actual person to make the fake lead look real. This can result in increased complaints and even to TCPA fines/lawsuits that cost between $500 and $1,500 per incident.
Loss of Reputation.Regulatory compliance penalties—especially ones involving large class-action lawsuits—are frequently big news. Getting hit with a TCPA violation can cause harm to your brand image that can be difficult to repair. This, in turn, can drive away business.
Wasted Sales Team Time.Reaching out to bad leads can be a waste of time for your sales team—one that drives your ROI from sales team labor down as they struggle to close deals with people who weren’t interested in your products or services. This can also be frustrating for sales team members—increasing stress and their likelihood of burning out or quitting.
Wasted Ad Spend.Of course, the most direct impact of mobile ad fraud is that the money spent on fraudulent impressions, clicks, and leads is completely wasted. A fake click or lead made by a zombie bot from a piece of malware hidden in a mobile app is never going to convert into a customer. This drives down your marketing ROI. Even worse, the initial data may look like your mobile ads are working really well—leading you to double down on an ineffective ad campaign so even more money is wasted.
Protect Your Business from Mobile Advertising Fraud
So, what can you do to fight mobile fraud and keep it from dragging your mobile ads down? Trying to fight ad fraud manually is a Herculean task. The sheer number of new freeware/freemium apps that hit mobile app storefronts each day and the rate at which they’re added to advertising networks makes it nearly impossible to keep up.
When fraudsters are caught submitting malware-laden apps to one storefront, they simply come up with a new business name and are submitting new freeware within the week. They may never run out of phony business names to use to commit their fraud.
Also, reliably find fraud requires a specialized set of skills and a deep level of experience in dealing with different ad fraud strategies. Hiring a full-time specialist to find fraud can prove cost-prohibitive.
So, what can you do?
One easy way to fight mobile ad fraud is to use a proven ad fraud solution. Anura is a dedicated ad fraud solution that can identify ad fraud in real time and provide you with all the analytics you need to prove it. This way, you can disavow fake impressions, leads, and clicks before you pay the fraudster or, if necessary, get credits or refunds from your advertising network partner to recover your losses.
Get ad fraud protection that works around the clock to safeguard your business from the effects of fraud. Talk to an expert today to get started.