The document discusses the rising issue of mobile ad fraud, highlighting its impact on various stakeholders in the mobile advertising ecosystem as the industry grows to $143 billion. It covers different types of fraud, detection methods, and strategies for prevention, emphasizing the complexity and sophistication of fraudulent activities. Furthermore, the document suggests forming direct relationships and leveraging ad fraud security services to combat these threats effectively.

1. UN//CLASSIFIED
(TOPIC) MOBILE AD FRAUD WIKILEAKS
EXPOSING THE THREATS
Rev 1.1, 31 July 2017
Presenter: Dale Carr
Email: dale.carr@Leadbolt.com
Position: CEO, LeadboltUN//CLASSIFIED

2. The Mobile Frontier
Worldwide, $143 billion will be spent on mobile ads this year – TWICE that of 2015

3. Dangers From the Front Line
Sources:
Magna Global
Hewlett Packard Enterprises, “The Business of Hacking”, May
2016
Wow, that
was easy!

4. DSP
Who Lives In This New Frontier ?

5. Who Is at Risk ?
Everyone
• Developers &
Publishers
• Networks, DSPs,
SSPs, Exchanges
• Attribution
companies &
Solution Providers
• And of course ….
Agencies,
Marketers &
Advertisers
Threats
• $$$
• Resource drain
• Misdirected focus
• Business model
alignment
• Misaligned user
experience
• Reputation

6. Mobile Ad Fraud Hotspots

7. Who Is to Blame ?
The rest
• The App Stores
• The Operating System
• Publishers/Developers
• Ad
Networks/SSPs/Exchanges
• Attribution
companies/Solution
Providers
• Advertisers/DSPs
The bad guys
• Intentional criminals

8. Types of Fraud
Areas to consider:
• Impression // CPM
• Click // CPC
• Install // CPI
• Lead // CPL
• Injection // Adware
• Domain Spoofing
• CMS // Fake Publisher
• Blending // Audience Extension

9. Attack Vectors
Non-Human Traffic:
• Simple Bots
• Complex Bots
• Botnets
Human Traffic:
• Invisible Ads
• Domain Spoofing
• Click Spam
• Click Injection
• Click Farms

10. Non-Human Traffic - Bots
Type
• Simple Bots – simple scripts that run
from hosting servers with consistent
patterns.
• Complex Bots – sophisticated tactics
mimicking normal behavior.
• Botnets – array of devices that have been
compromised by bad actors. Send
commands that perform tasks like
‘loading’ or ‘clicking’ on ads or
‘installing’ and ‘opening’ other apps
Detection
• Patterns can be identified then blocked
eg. IDs; agents; known data center IP
addresses.
• More difficult as less consistent pattern.
Rotating IP; user agents; ids; timings; ctr.
• Hard to detect and block. When
discovered by law enforcement effectively
shutdown. Patterns can be uncovered by
experts.

11. Type
• Invisible ads – hidden ads with zero
being seen aka Ad stacking
Detection
• Very low CTR/high CTR with other
characteristics. Detectable using off
the shelf ad verification tools like
Integral Ad Science.
Human Traffic – Invisible Ads

12. Type
• Domain Spoofing – publishers are
declare their own domain and label
They misrepresent by identifying as
domain. Other cases the publisher
spoofed within the request.
Detection
• Digging deeper and doing proper
verification and validation of
publishers.
Domain Spoofing

13. Type
• Click Spam – clicks, clicks and
generated in hope of “winning” or
install.
Detection
• Low/fixed conversion rate
• High amount of clicks
• Patterns in click frequency
Click Spam

14. Example of Click Spam
Installs
Even distribution (flat lines) over a number of hours
is an indication of spamming activity
Early Installs show a normal pattern
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
Hours
Install Time Analysis

15. Type
• Click Injection – a process on the
to “broadcast intents” for app
a click before the app is opened in
the install due to last click
Detection
• Android only
• Conversion rates are 100%
• Low CTIT/MTTI
• High concentration of installs within
moments of click
Click Injection

16. CLICK TRACK DOWNLOAD OPEN
NEW CLICK !
Last Click
Wins Attribution based
on “open” event
Click Injection

17. Example of Click Injection
Installs
Extremely short install times (within seconds) indicate an injection pattern
Install Time Analysis
Seconds

18. Type
• Click Farms - a large group of low-
are hired to click on paid
Detection
• Very difficult as visitors are real
• Repeated patterns
Click Farms

24. Example of How It’s Done

25. Prevent Mobile Ad Fraud In The First Place
Detection:
Look for Deviations from Patterns / Baselines
• Establish a baseline; Compare activity against it.
• Flag/report any abnormalities, discrepancies asap
Monitor and measure everything
Notice Installs from Suspicious Sources
Assign an Internal Stakeholder
• Dedicated internal person to look at performance

26. Prevention:
Buy Direct When Possible
• Direct relationships improve quality and transparency
Buy Premium
• Cheap traffic comes at a high price
Partner Up
• Ad fraud security services
• Measurement + attribution partners
Research
• Reputations matter
Protect Yourself
• Contract that outlines what you will/will not accept
Prevent Mobile Ad Fraud

27. THANK//YOU!
QUESTIONS
Dale Carr
E: dale.carr@leadbolt.com
THE//END