Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobile Ad Fraud Wikileaks: Exposing the Threats

697 views

Published on

This presentation is from Affiliate Summit East 2017 (July 30 - August 1, 2017 in New York).

Session description: Ad fraud is rising. This session uncovers the sophisticated ways mobile advertising fraud is being perpetrated and gives ideas on how it can be identified and how to mitigate the risk.

Published in: Business
  • 1,DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1,DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1,DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1,DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1,DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1,DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1,DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Mobile Ad Fraud Wikileaks: Exposing the Threats

  1. 1. UN//CLASSIFIED (TOPIC) MOBILE AD FRAUD WIKILEAKS EXPOSING THE THREATS Rev 1.1, 31 July 2017 Presenter: Dale Carr Email: dale.carr@Leadbolt.com Position: CEO, LeadboltUN//CLASSIFIED
  2. 2. The Mobile Frontier Worldwide, $143 billion will be spent on mobile ads this year – TWICE that of 2015
  3. 3. Dangers From the Front Line Sources: Magna Global Hewlett Packard Enterprises, “The Business of Hacking”, May 2016 Wow, that was easy!
  4. 4. DSP Who Lives In This New Frontier ?
  5. 5. Who Is at Risk ? Everyone • Developers & Publishers • Networks, DSPs, SSPs, Exchanges • Attribution companies & Solution Providers • And of course …. Agencies, Marketers & Advertisers Threats • $$$ • Resource drain • Misdirected focus • Business model alignment • Misaligned user experience • Reputation
  6. 6. Mobile Ad Fraud Hotspots
  7. 7. Who Is to Blame ? The rest • The App Stores • The Operating System • Publishers/Developers • Ad Networks/SSPs/Exchanges • Attribution companies/Solution Providers • Advertisers/DSPs The bad guys • Intentional criminals
  8. 8. Types of Fraud Areas to consider: • Impression // CPM • Click // CPC • Install // CPI • Lead // CPL • Injection // Adware • Domain Spoofing • CMS // Fake Publisher • Blending // Audience Extension
  9. 9. Attack Vectors Non-Human Traffic: • Simple Bots • Complex Bots • Botnets Human Traffic: • Invisible Ads • Domain Spoofing • Click Spam • Click Injection • Click Farms
  10. 10. Non-Human Traffic - Bots Type • Simple Bots – simple scripts that run from hosting servers with consistent patterns. • Complex Bots – sophisticated tactics mimicking normal behavior. • Botnets – array of devices that have been compromised by bad actors. Send commands that perform tasks like ‘loading’ or ‘clicking’ on ads or ‘installing’ and ‘opening’ other apps Detection • Patterns can be identified then blocked eg. IDs; agents; known data center IP addresses. • More difficult as less consistent pattern. Rotating IP; user agents; ids; timings; ctr. • Hard to detect and block. When discovered by law enforcement effectively shutdown. Patterns can be uncovered by experts.
  11. 11. Type • Invisible ads – hidden ads with zero being seen aka Ad stacking Detection • Very low CTR/high CTR with other characteristics. Detectable using off the shelf ad verification tools like Integral Ad Science. Human Traffic – Invisible Ads
  12. 12. Type • Domain Spoofing – publishers are declare their own domain and label They misrepresent by identifying as domain. Other cases the publisher spoofed within the request. Detection • Digging deeper and doing proper verification and validation of publishers. Domain Spoofing
  13. 13. Type • Click Spam – clicks, clicks and generated in hope of “winning” or install. Detection • Low/fixed conversion rate • High amount of clicks • Patterns in click frequency Click Spam
  14. 14. Example of Click Spam Installs Even distribution (flat lines) over a number of hours is an indication of spamming activity Early Installs show a normal pattern 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 Hours Install Time Analysis
  15. 15. Type • Click Injection – a process on the to “broadcast intents” for app a click before the app is opened in the install due to last click Detection • Android only • Conversion rates are 100% • Low CTIT/MTTI • High concentration of installs within moments of click Click Injection
  16. 16. CLICK TRACK DOWNLOAD OPEN NEW CLICK ! Last Click Wins Attribution based on “open” event Click Injection
  17. 17. Example of Click Injection Installs Extremely short install times (within seconds) indicate an injection pattern Install Time Analysis Seconds
  18. 18. Type • Click Farms - a large group of low- are hired to click on paid Detection • Very difficult as visitors are real • Repeated patterns Click Farms
  19. 19. Example of How It’s Done
  20. 20. Prevent Mobile Ad Fraud In The First Place Detection: Look for Deviations from Patterns / Baselines • Establish a baseline; Compare activity against it. • Flag/report any abnormalities, discrepancies asap Monitor and measure everything Notice Installs from Suspicious Sources Assign an Internal Stakeholder • Dedicated internal person to look at performance
  21. 21. Prevention: Buy Direct When Possible • Direct relationships improve quality and transparency Buy Premium • Cheap traffic comes at a high price Partner Up • Ad fraud security services • Measurement + attribution partners Research • Reputations matter Protect Yourself • Contract that outlines what you will/will not accept Prevent Mobile Ad Fraud
  22. 22. THANK//YOU! QUESTIONS Dale Carr E: dale.carr@leadbolt.com THE//END

×