Click bait: How fake clicks are laying waste to digital marketing campaigns

IMAGINE you are a brand with a digital advertising campaign. One of your main goals is to reach a certain number of downloads and in-app activity. Mobile marketers like you spend millions on global campaigns, using Google, Facebook, Twitter and various other platforms to place trigger-inducing advertisements where you think consumers will see them. For many companies, it's all about using data to predict where consumers are going and getting it right.

But what if the data is phoney, the sites where the clicks are going are fake, and in fact, the traffic tracked is non-existent and originating from a software program designed to generate forged data?

Fraud in advertising and marketing has evolved from individual scammers into an organised cybercrime that is harder to spot but easier to pull off.

Not surprisingly, it is in the high-traffic, high-value mobile space, where brands want to be, that fraudulent agencies are increasingly targeting. Businesses that rely on externally provided data to place online ads are foiled by tactics like malicious bots - which replicate the behaviour of a human - or device farms - which create fake devices that generate "user" activity on non-existent devices. These tactics directly impact marketing campaigns by draining advertising resources on fake users who pose zero value.

Mobile ad fraud also has far larger implications for companies, which use such information in their decision-making processes, budget allocations and audience targeting plans for future campaigns.

Today, ad fraud comes in the form of a hidden mobile app that is faking activity in the background 24/7 when humans are not using it, generating inflated clicks and fake impressions that advertisers are paying for.

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

But the problem doesn't end there. Fraudsters can also set up complicated cost-per-click and cost-per-conversion scenarios that can involve stolen credit card numbers. And the process is repeated.

Uber vs Fetch Media

Three years ago, Uber sued mobile marketing agency Fetch Media for allegedly "squandering" tens of millions of dollars on ads that never were seen or never existed. Uber claimed it paid Fetch Media millions of dollars between late 2014 and early 2017 to buy mobile ads on behalf of the company. The total amount has been withheld, but the company said that just between 2016 and the first quarter of 2017, it paid Fetch more than US$82.5 million.

It alleged Fetch Media spent the money on "nonviewable" ads, or ads that might have been loaded on a webpage but were not seen by an actual person.

To show that these ads were working, Fetch provided data showing Uber increased its number of app installs. Fetch's metrics made the company appear so successful that Uber's advertising spend increased from less than US$1 million a month in late 2015 to more than US$6 million a month by late 2016.

In its response, Fetch claimed that it had terminated its agreement with Uber months ago after Uber stopped paying invoices for services provided by over fifty small business suppliers, engaged by Fetch to place Uber's mobile advertising. Following months of non-payment, Uber eventually raised unsubstantiated claims relating to ad-fraud as a reason not to pay its invoices, but there was no basis to the claims.

The case highlights a growing concern in digital advertising, more so now as businesses scramble online as the Covid-19 pandemic has forced most consumers home and into the virtual world to work, shop and socialise. It also brings to the fore an issue that has lurked in the background all along - how do businesses ensure that they can trust the data that they work with?

Ad fraud is tipped to become the second most lucrative form of organised crime behind drug trafficking within the next decade, according to the World Federation of Advertisers. Estimates suggest that billions of advertising dollars are lost to fraud.

Lured by scale and high payout

According to AppsFlyer's annual fraud report, "The State of Mobile Ad Fraud 2020 Edition", global financial exposure to ad fraud in the first-half of 2020 was US$1.6 billion.

While this is down 30 per cent from the first-half of 2019, it is still a massive amount of potential damage. This is money that would have been lost to fraud had there been no protection, said the San Francisco-headquartered mobile marketing analytics and attribution firm that measures the effectiveness of its clients' app marketing campaigns.

Finance is the most exposed space, with 40 per cent exposure, amounting to a staggering US$630 million in the first-half of 2020. Shopping apps are experiencing much better days this year, with a 30 per cent decrease in exposure compared to H1 2019, or a total of US$260 million at risk. A jump in online shopping activity, and therefore in marketing, was mostly seen during the Covid-19 lockdowns when brick and mortar stores and consumers went online, but existing fraud prevention tools were able to maintain protection and prevent higher exposure.

Beverly Chen, AppsFlyer's marketing director for the Asia Pacific, attributes the 30 per cent drop in global figure to greater awareness of the fraud and protection solutions to identify and prevent app install fraud risks.

"Fortunately, increased awareness of the dangers of fraud has led to the development of robust anti-fraud solutions that fight against bots, device farms, and attribution hijacking - all of which became even more prevalent as general app usage peaked during lockdowns.

"On a global level, however, app install fraud activity surged in March as a result of an avalanche of user acquisition campaigns during lockdowns. Fraudsters sensed the opportunity to meet the heightened demand for installs, increasing their attacks. Shortly after March, fraud activities have notably decreased," she says.

Ms Chen defines app install fraud as a type of fraudulent mobile activity related to fake app downloads or clicks.

"It is essentially a practice where a company falsely gets credit for getting a user to download an app," she says.

The AppsFlyer report examined 3.8 billion installs across 55,000 apps in the entertainment, finance, gaming, shopping, social, and travel verticals. It revealed that Asia Pacific markets are traditionally more exposed to ad fraud due to its high mobile penetration rate, ongoing improvements to connectivity quality, and expansion of e-payment methods vis-a-vis a booming fintech industry.

The region is responsible for nearly 60 per cent of financial exposure worldwide - a total of US$945 million due to increasing investment in marketing activity. Fraudsters are attracted by the scale and high payout of the finance vertical which has a higher than average cost per install rate and larger marketing budget.

Ms Chen says the problem is compounded by fewer resources devoted to app development, the prevalence of fraud in local marketing networks, as well as increasing demand from marketers for volume in digital campaigns.

"South-east Asia, in particular, is an attractive target for fraudsters, with marketers in the region tapping in on the mobile-first and growing digital nature of the population to drive marketing priorities," she says.

Ronen Mense, managing director and president of AppsFlyer APAC, says Indonesia, Singapore and Vietnam saw a peak of ad fraud in March 2020.

"This is because the Covid-19 forced many countries to implement strict lockdowns. With more people staying at home, the demand for mobile apps increased, leading to aggressive user acquisition activities. This saw a large number of fraudsters being drawn towards this activity," Mr Mense says.

However, their attempts were notably unsuccessful as seen in a drop of fraud levels in the following months.

Bots used in Singapore campaigns

As for Singapore, exposure to fraud has declined by almost 46 per cent from July 2019 to May 2020. Ms Chen says out of all markets though, Singapore had the second highest fraud rate overall, after Indonesia, even though numbers have been falling from 37 per cent in July 2019 to 20 per cent in May this year.

In Indonesia, fraud has declined the most compared to the other Asia Pacific peers, falling from 43 per cent in July 2019 to 19 per cent in May this year. Fraud rates in Vietnam also continue to fall, from 23 per cent in July 2019 to 13 per cent in May 2020.

A closer look at Singapore shows the entertainment space has seen lots of fluctuations. It started off at 54 per cent in July 2019 and ended at 59 per cent in May 2020, but sank to 19 per cent in November 2019, and reached a peak of 79 per cent in March 2020.

In the finance space, fraud rate here saw an overall concave downward trend, starting at 38 per cent in July 2019 and hitting a peak of 67 per cent in November 2019 before ending at 40 per cent in May 2020.

When it comes to the gaming arena, fraud rates have fallen sharply to mostly single digits or sub-1 per cent.

In the shopping market, fraud rate has been stable, hovering around 66 per cent from July 2019 to March 2020. It then dropped drastically to 37 per cent in April 2020 and 5 per cent in May 2020.

The main perpetrators are scammers using bots to conduct ad fraud. In Singapore, bots are used 77 per cent of the time when it comes to ad fraud. The next most popular method of fraud is device farms, which automate fake user activity. This is used 16 per cent of the time. Click flooding is next at 5 per cent, while install hijacking accounts for 3 per cent.

Singapore also has the highest number of ad fraud rates by bots compared to the rest of APAC, followed by Indonesia at 74 per cent, and South Korea at 64 per cent.

Prepare for next attack wave

Ms Chen says ad fraud distorts and pollutes the data that businesses rely on to make decisions, resulting in a misinformed use of resources, ineffective spending, and financial losses.

"To combat this, marketers need to have multi-layered protection solutions in place as well as understand and remain vigilant against the rising threat of bots, non-human traffic, and the always-evolving techniques of bad actors in order to maintain their competitive advantage."

As economies gradually re-open, existing ad fraud is expected to taper off in Asia Pacific as more marketers are educating themselves on the subject and finding new ways to fight fraud.

But Ms Chen warns of a false sense of security as fraudsters will never stop innovating with billions on the table. Vigilance must be kept. Fraudsters will undoubtedly come back with newer, and more sophisticated forms of attack.

"No one is immune to fraud. As long as there's money to be made, fraudsters will figure out how to make it," Ms Chen says.

"We shouldn't be fooled by the overall declining fraud trend or by the current decrease in overall activity. With fraud, the unknown is often greater than the known, so the fact that something isn't yet identified, detected, or blocked doesn't mean that it doesn't exist."

She stresses that no matter the scale of a brand's operation, it was imperative to know that fraud comes in waves and is ever-evolving.

"Ensuring that there are fierce protection tools in place is always the best and wisest line of defence," she says.