What Is Device Spoofing? How Is It Different from Domain Spoofing?

October 13, 2021

There are many techniques that fraudsters will employ to aid in their ad fraud schemes. When fraudsters want to try to hide their illicit activities and make themselves harder to identify, one of the first tactics they’ll resort to is spoofing.

We’ve discussed domain spoofing in the past, but it isn’t the only type of spoofing that fraudsters might employ. In this post, we’ll discuss a tactic called device ID spoofing, and how fraudsters will try to use it to cheat your organization out of its advertising budget.

Get started with a free trial today to see exactly how much you could be losing  to ad fraud.

What Is Spoofing?

Spoofing is a practice where someone tries to change various aspects of their identity or system settings to fool you into thinking that they’re a legitimate visitor, marketing partner, or website owner.

There are many kinds of spoofing tactics, including domain spoofing, device spoofing, browser spoofing, and email spoofing (often used in phishing attacks).

Different fraudsters will use spoofing to meet a variety of goals in different fraud schemes. Each type of spoofing lends itself to a specific set of fraud schemes.

What Is Domain Spoofing?

Domain spoofing is commonly used in fraud schemes related to real-time bidding for ads. Here, a publisher will declare that the ad will run on one domain that is known to be reputable. However, they actually are putting the ad on a different website with a spoofed web domain name.

The spoof often replaces a character in a website domain name with a Unicode character that looks similar or adds a random number or letter to the domain. For example, ABCompany.com vs ABCornpany.com or ABCompany1.com.

What Is Email Spoofing?

Email spoofing is often used as part of a phishing scheme. Here, the fraudster will try to imitate the email address of a person in the organization or a known vendor to trick their targets into believing that a fraudulent email is coming from a trusted source.

What Is Device Spoofing?

Device spoofing is a popular tactic for affiliate fraud where a fraudster disguises the device that they’re using as a different kind of device (or browser, operating system, etc.) when making fraudulent clicks or form fills.

Device spoofing (also known as user-agent spoofing) is done to help disguise the fact that a large number of clicks and form fills are coming from a single device. Normally, a large number of clicks or form fills all coming from a single device would be a clear indication of fraud. By disguising the device with spoofing techniques, fraudsters can make more clicks and form fills with a single device before risking getting caught.

Domain Spoofing Vs. Device Spoofing

When comparing domain spoofing vs device spoofing, which should you be more on guard against? Ideally, you’d want to protect against both types of spoofing. The specific type of spoofing you need to be most on guard against will depend on what kind of online advertising campaigns you’re running.

For example, if you’re looking to buy a lot of programmatic advertising or are looking to bid for ad space on a specific website, then you might want to take measures against domain spoofing. This means doing things like:

  • Investigating the publisher(s) you’re buying advertising from to verify their legitimacy;
  • Using third-party software to check website URLs for substituted Unicode characters; and
  • Checking for oddities like extremely low CPM prices (if it’s too good to be true, it might be fraud) or below average click rates for ads running on “high-traffic” domains.

Meanwhile, if you’re running an affiliate ad campaign, you may want to be more on guard against device spoofing techniques. Fraudsters will leverage device spoofing to ensure that their fake lead and bot click generation efforts are harder to detect—meaning they can drain more money from your affiliate ad campaign before you can put a stop to them.

A clever fraudster could steadily drain money from your affiliate campaign for months or even years by leveraging device spoofing to disguise their efforts.

Can Device Spoofing Be Stopped?

With the right tools, device spoofing can be found and stopped. The counters for device spoofing include following lead gen fraud prevention best practices, such as:

1: Checking Marketing Performance Metrics Against Sales Metrics

When you add a lot of new leads to your sales funnel through an ad campaign, you typically expect to see a commensurate increase in new customers. For example, if your normal lead-to-customer conversion ratio is 33%, and you add 10,000 new leads, you would expect roughly 3,300 new leads (give or take a few).

However, if you’re experiencing extensive lead gene fraud because of fraudsters using device spoofing and other affiliate fraud tactics, you may notice a sharp drop in your lead-to-customer conversion ratio. Instead of adding 3,300 new customers for every 10,000 leads you pay for, you only get 300—dropping from a 33% conversion rate to a 3% conversion rate.

This would obviously be a problem. A quick check of marketing metrics vs. sales metrics should easily reveal if there has been a large drop in conversion rates. This, in turn, could be a sign that someone is using device spoofing or other lead gen fraud techniques to target your ad campaigns.

2: Checking for Abnormal Traffic Patterns

Another warning sign of a fraudster using bot traffic running on spoofed devices is an abnormal spike in traffic to your affiliate ad campaign. For example, if you normally don’t get clicks or form fills from an ad campaign at 3:00 am, but suddenly get thousands of them on a random Wednesday night, that might be fraud.

Alternatively, you might see a massive and steady surge in traffic until your entire ad budget is consumed.

Even if the information captured about each user device indicates that the traffic is coming from a wide variety of devices using different browsers and operating system (OS) software, such odd timing could be indicative of fraud. The fraudster may be using device spoofing to make it look like a large variety of devices are being used when, in fact, they’re running bot software from a limited set of infected devices.

3: Vetting Affiliates Before Adding Them to Your Marketing Campaigns

There are countless fraudsters who create entire fake online personas and account lists to trick companies into thinking that they’re legitimate influencers. They’ll use traffic bots to artificially inflate their online profiles to make themselves look like more attractive marketing partners.

Being able to spot these fraudsters early and avoid adding them to your affiliate campaigns is a critical part in preventing fraud. After all, the fraudulent affiliate can’t use device spoofing to steal ad revenue if they aren’t allowed to collect revenue in the first place!

When evaluating an affiliate, be sure to look for warning signs like:

  • Abnormally large follower counts with little content history;
  • Extremely low engagement rates with content;
  • Low-quality engagement with content (such as comments that are so generic as to apply to anything—e.g. “great content” or “nice video”); and
  • Followers mostly being low-quality accounts who only follow that specific influencer.

4: Using an Ad Fraud Solution

Once fraudsters start using it, spotting device ID spoofing can be extremely difficult—especially when it’s backed up by a large botnet of devices that already covers a large and diverse set of compromised devices.

Trying to analyze the device ID information yourself and spot any major trends may have you checking the OS software, IP addresses, web browsers, and other information for thousands of devices to identify broad patterns in the data. This is, to put it mildly, a tall order for anyone—even an expert in data analytics. It’s also a task that can’t really be done in real time using purely manual methods.

Instead, it’s better to use a purpose-built ad fraud solution to detect fraudulent activity in your campaigns in real time without having to rely on device ID information. With Anura’s ad fraud solution, you can bypass device ID checks to analyze visitor behavior in real time—checking hundreds of data points against decades of real conversion data to help sort out the fraudulent traffic from the legitimate leads.

Using an ad fraud solution to filter out invalid traffic, trace it back to its source, and cut off fraudulent affiliates is much more reliable than manually trying to assess whether you’re on the receiving end of a scheme that uses device spoofing.

So, why let fraudsters try to trick you with device spoofing? Request a demo of the Anura ad fraud solution and discover how you can render their tricks useless.

Download-the-Lead-Gen-Fraud-Whitepaper