Skip to content
All posts

The Ultimate Mobile Ad Fraud Guide for Advertisers

Year on year, we consume more content, spend more money, and view more advertisements on our mobile phones. Advertisers take notice of this and continue to ramp up their use of all types of mobile advertising, in the hope that consumers will interact with digital ads on web pages, apps, and social media channels via their mobiles than ever before. In fact, global mobile advertising spending is set to surpass a staggering 240 billion dollars by 2022

Along with this level of ubiquity comes the danger of fraudsters exploiting mobile ads to make money quickly. As such, mobile ad fraud is already pervasive, plaguing both end-users and advertisers. 

Unfortunately, while mobile ad fraud is a cybercrime, it’s usually left to advertisers and marketing teams, rather than experts in anti-fraud technology, to figure out how to prevent the damage mobile ad fraud causes.

This guide will explore everything advertisers need to know about mobile ad fraud in order to stop it from destroying their ad campaigns, including: 

What is mobile ad fraud?

Mobile ad fraud describes any activity performed with the intention of fraudulently profiting from digital advertising budgets. It’s usually performed by individuals or groups of independent fraudsters, competitors who seek to benefit from the damage caused to their rivals’ ad campaigns, and publishers who want to benefit from the inflation of false impressions. 

Mobile ad fraud occurs across all industries and verticals and involves activity such as fraudulent clicks, leads, and impressions, and fake app installs. 

8 techniques used to perform mobile ad fraud 

Knowing how to defend against mobile ad fraud begins with awareness, and an understanding of the types of methods fraudsters employ to commit mobile ad fraud. 

Below, we go through some of the more pervasive mobile ad fraud techniques, including an exploration of how they work. 

Click spamming


Click spamming is a type of attribution fraud, where fraudsters simulate a large number of low-quality fraudulent clicks to an ad with the aim of gaining attribution before an action (such as app installations) and capturing pay-per-click (PPC) budgets. 

Fraudsters enact this technique when real users open web pages that are operated by scammers, or when they download infected apps onto their mobile devices. These web pages and apps have automated processes coded into them -- commonly known as click bots. 

Once users have opened a compromised web page or downloaded a malicious app, fraudsters are able to: 

  • Trigger a large number of fraudulent clicks, usually to ads that are present but invisible, while the app is running
  • Generate impression fraud via fake clicks, although the impressions appear to be real ad engagements
  • Send clicks from users’ devices to random vendors, where they can then collect the payment from the ad’s performance 

Click injections 


Click injections are a sophisticated type of click spamming, specifically affecting Android devices. This technique is enacted when fraudsters either publish or have access to an app that’s already been downloaded and listens to “install broadcasts”, which lets fraudsters know when new apps are downloaded. 

Fraudsters can then trigger clicks after the download is complete, but before the app is opened by the end-user. This creates the impression that the most recent click -- the one enacted by the fraudster -- is the click that drove the download. Fraudsters can then claim compensation for the attribution. 



Bad bots are used to mimic genuine user interaction, and perform malicious acts such as ad and click fraud, fake clicks, and can generate fake impressions. 

Bad bots are sophisticated and can pinpoint and emulate real human workflows across web applications to ensure their actions are credited as real users would be. 


Botnets are networks of multiple malware-infected devices, controlled remotely by fraudsters. They’re used to perform marketing fraud, and their objective is to hijack and infect as many devices as possible. 

Botnets carry out automated, repetitive tasks that are difficult to detect. Fraudsters do this by partially overriding web browsers to divert fraudulent traffic to click on digital ads.


Large amounts of click fraud are performed by malware. Once the malware has hijacked devices, it’s used to carry out an array of illegitimate functions. 

Malware can infect devices when users unknowingly install fraudulent apps/software development kits (SDKs), which can load ad impressions outside of the user’s visible area of a webpage. The apps or SDKs then fraudulently enact clicks or perform lead generation activities. Apps that exist outside of the Google Playstore are a common vehicle of malware.

Click farms


Click farms are usually found in China, India, Indonesia, Bangladesh, and the Philippines, and are made up of large groups of exploited workers who are paid very poorly to manually click on online ads, usually via mobile devices. They do this to increase the clickthrough rate value, boost engagement metrics, and inflate impressions. 

Click farms are also hotbeds for lead fraud. By providing fake details on forms, automating the form-filling process, and hiding behind several layers of false appearances, click farms are able to defraud leads for advertised products and services. 

MSISDN injections

Malicious MSISDN injections occur when fraudsters inject fake MSISDN numbers to automatically subscribe unaware users to offers they don’t want. They do this via automated software that can cleverly mimic a genuine user journey.

SDK spoofing

SDK spoofing is a bot-driven mobile ad fraud method and occurs when fraudsters create fake, although seemingly legitimate app installs and post-install events on mobile devices. Fraudsters do this by adding code to an app which can later trigger simulated ad clicks, app installs, and fake engagements. 

The impact of mobile ad fraud on marketing campaigns


While the financial impacts of mobile ad fraud can be devastating, with fraudsters perpetually finding new ways to grow and thrive, there are many other far-reaching implications.

1. Depleted ad budgets 

The financial impacts of mobile ad fraud are not just limited to small-scale, skimming-off-the-top activities. In fact, last year, ad fraud caused $35 billion worth of damage worldwide, representing more than 10% of the size of the digital advertising market.  

Fraudsters capture a substantial share of ad budgets that would otherwise be spent on real users. This translates into direct monetary losses from paying for fraudulent traffic.

2. Skewed analytics 

Mobile ad fraud completely distorts ad campaign data, which affects cohort analysis, audience targeting decisions, and misrepresented user segments. All of this affects your ability to be able to target and retarget the right users in the future since the data you base your decisions on is completely tainted. 

Oftentimes, advertisers decide to pull perfectly good ad campaigns, for example, because they’re seeing high levels of impressions but few click-throughs and believe the ad campaign itself is ineffective.

3. Unattainable objectives

As a result of skewed analytics, organizations struggle to hit their campaign objectives, leads, and sales targets since their resources and efforts have been mismanaged. 

4. Damaged advertiser-publisher relationships 

When mobile ads aren’t getting enough attention or the right kind of attention, advertisers may be inclined to stop using certain platforms and publishers. This is because they believe the poor ROI is the fault of the publisher, rather than the result of ad fraud. 

5. Extra workloads

As fraudsters use more sophisticated methods, the longer it takes to investigate the root of mobile ad fraud. This creates extra work for advertisers when investigating why their ad campaigns aren’t thriving. 

This is time that could be spent on optimizing ad campaigns, developing new campaign strategies, and generally looking at the bigger picture. 

The increased threat of mobile ad fraud during the pandemic 

Crises tend to magnify existing vulnerabilities, and this has been no different during the ongoing COVID-19 pandemic. 

With people trapped in their homes, the level of engagement with mobile devices has grown exponentially. Fraudsters capitalize on any shifts in user and consumer behavior -- and so, the rates of mobile ad fraud have also increased during the pandemic.

Fraudsters have been able to adapt to the “new normal”, finding new ways of avoiding detection. For example, there has been a huge shift in mobile ad fraud activity within the games app category -- which aligns with people downloading more entertainment-based apps while staying at home. 

Additionally, fraudsters have exploited the pandemic for their own gain by creating malicious apps purporting to be official apps such as track and trace and pandemic news apps. These apps have been designed to trick users into giving away their personal data and extract sensitive data such as passwords and bank details. 

8 indicators of mobile ad fraud 

How do you know that real people are clicking on your mobile ads? Or, better said, how do you know you have a mobile ad fraud problem? 

The following indicators might suggest that your campaigns have become victims of mobile ad fraud. While they don't necessarily mean you have been affected, they definitely merit a closer look at your campaigns, traffic, and performance, especially if you see more than one of these indicators is at play.


1. Drastic spikes in traffic

Notable spikes in ad traffic are a telltale sign of mobile ad fraud since site traffic usually increases in line with organic improvements like higher SERP rankings and quality backlinks. Sudden upsurges in traffic, when nothing has been altered in the campaign backend to validate the traffic increase, can indicate fraudster foul play. 

2. Unusual traffic locations 

When you see traffic surges from unusual locations, especially that outside of your campaign’s target locations, fraudsters could be targeting your ad campaigns with click fraud. Alternatively, this traffic could be coming from large data centers. Ultimately, traffic from outside of your target audience is a major red flag to watch out for. 

3. Unusually high bounce rates

Unusually high bounce rates can be caused by a high level of bot traffic. The same can be said for large drops in bounce rates. 

4. Slow website and server performance

A slowdown in website and server performance can also indicate bad bot activity since servers can become overloaded by the high level of bot traffic.

5. Suspicious traffic sources

When you see traffic coming from users in very specific, localized geographical regions, very few unique users, and large numbers of sessions from single IP addresses, this can indicate mobile ad fraud activity. 

6. Bad campaign performance 

Low numbers of conversions coupled with high levels of traffic can indicate fraudulent activity. 

7. Drained ad budgets  

Assuming that you've targeted the right audience with the right ads if your budgets are exhausted quickly but you’re seeing no ROI, it’s likely that fraudsters have targeted your campaigns with mobile ad fraud. 

8. User complaints

For direct carrier billing, mobile ad fraud can be identified by the number of complaints registered by mobile users to their relevant telecom operators. These complaints are very often a leading indicator of churn.

How to prevent mobile ad fraud 


Too many digital agencies and marketers still don’t believe that preventing mobile ad fraud is a priority. However, the Opticks 2020 Annual Ad Fraud Report disproves them entirely. Our report demonstrated just how widespread and pervasive mobile ad fraud is, no matter where your business is located, and no matter the size of your business. 

What’s more, is that our findings support the fact that although mobile ad fraud affects industries in all four corners of the world, it is not a static threat that affects all regions in the same way. Knowing that mobile ad fraud is not just “one thing” makes the fight against it more important than ever. 

Without a long-term solution in place, your ads will continue to be targeted and exploited by fraudsters, while your ad campaigns are squandered. A professional anti-fraud solution offers the most comprehensive protection against mobile ad fraud. 

👉 You may like: The Annual 2020 Ad Fraud Report

How Opticks can help you beat mobile ad fraud

It’s time to take a zero-tolerance policy towards mobile ad fraud. 

The fact is, it’s unlikely that your organization is equipped to fight the mobile ad fraud battle alone. While there are many manual methods of preventing mobile ad fraud, such as blacklisting IP addresses, these are overly tedious processes, wasting time and resources that you could be spending on growing your business and optimizing your ad campaigns.


The Opticks’ anti-fraud SaaS solution helps you protect your ad campaigns from fraud

Often, mobile ad fraud can be hidden within large volumes of traffic, making prevention even more difficult. Opticks uses machine learning to fight mobile ad fraud -- our proprietary algorithms facilitate the automatic and rapid detection of mobile ad fraud, without the need for manual quality checks.

By filtering out illegitimate traffic, we give you the confidence that mobile ad fraud has been prevented before it can affect your campaigns. To learn more about how the expert team at Opticks can help protect your advertising campaigns, contact our team here.

Contact Us