What Are Click Injections and How to Prevent Them

Alex Serra
Alex Serra May 11, 2021 12:39:12 PM CEST

Recently, we’ve been exploring types of ad fraud that target pay-per-click (PPC) ad campaigns such as click fraud, and others that target cost-per-mille (CPM) campaigns, cost-per-click (CPC), and cost-per-lead (CPL) campaigns such as pixel stuffing

However, if you’re an organization running mainly cost-per-install (CPI) campaigns, you need to know about the specific types of ad fraud techniques that fraudsters are using to exploit your efforts for their own financial gain.

One of these techniques is known as click injection. In this article, we’ll take a look at how click injections work, the threats they pose to your organization, and the necessary anti-fraud solutions to put in place to counteract them.

How do click injections work? 

how do click injections work - Opticks infographic

Click injections are a type of ad fraud technique that aims to win the last-click attribution in CPI campaigns and is considered a sophisticated type of click spamming affecting Android devices. Fraudsters either publish or have access to a downloaded app that listens to “install broadcasts”, which informs them when a new app is being downloaded.

By having access to this information, bad actors then send fake clicks just before an install is completed. Usually, publishers are charged a fixed, or bid rate only when the application is installed, but when click injections are carried out, fraudsters receive the financial credit for the installation. 

Fraudsters also use bad bots or networks of bad bots to click on multiple ads, multiple times.

Here’s a breakdown of how click injections work: 

  • 1. The user unknowingly installs a low-quality app (such as those providing phone wallpapers) that is also malicious. 
  • 2. The user begins to download a new app, and the first malicious app contains code that alerts it of this new installation, via Android “install broadcasts”.
  • 3. Bad actors inject fake clicks to the advertisement of the app that has been downloaded. 
  • 4. The advertiser attributes the credit to the bad actors and pays them a percentage of the revenue.

What are the threats posed by click injections?

Publishers who place digital ads across several platforms with the aim of driving installations of the advertised application are particularly prone to click injection attacks. 

Organizations that run CPI campaigns usually run them on multiple different ad networks, meaning that they need to be protected across multiple platforms. Plus, if they’re based in higher-CPI markets like the U.S., they are automatically at a higher risk of exposure to click injections since this region typically offers higher financial rewards. The main threats are:

Advertising budget losses 

Click injections lead to fake ad engagements, which means wasted money that could have been spent reaching real users. 

Theft of real conversions

Although engagements with the ads are fake, the final transaction is real since it is attributed. This results in the theft of real conversions.

Compromised analytics 

The data that marketers receive from campaigns influences their future campaigns and ad spend budgets. Since any data affected by click injections will be skewed, marketers will not be able to clearly identify which channels are most effective and can result in them investing money into invaluable campaigns. 

What can you do to prevent click injections?

Click injections are a relatively easy form of ad fraud for fraudsters to carry out, but they’re also considered quite a malicious form of ad fraud since they directly infect devices.

It can be tricky to keep up with every trick in a fraudster’s book. Without proactive anti-fraud solutions that automate the detection of bad actors and their techniques, click injection fraudsters will continue to use low-quality apps to hijack devices. 

Protect your CPI campaigns against click injections 

Preventing ad fraud often feels like a game of cat and mouse. As soon as you block one incidence, another ten pop up in its place.

Unfortunately, fraudsters are only getting smarter. Ad fraud is becoming more difficult to detect -- especially without the use of specialist anti-fraud solutions that are carefully engineered to prevent the very thing damaging your campaigns. 

Anti-fraud solution Opticks can help organizations prevent multiple forms of ad fraud before they have the chance to steamroll your campaigns and bleed your budgets dry. Find out more about how the expert team at Opticks can help protect your advertising campaigns by contacting our expert team here for a free demo.

Topics: Ad Fraud Blog