The Ultimate Mobile Ad Fraud Glossary

Editorial Team
Editorial Team May 14, 2020 2:50:58 PM CEST

According to Juniper Research, online ad spend lost to ad fraud will amount to $100 billion world wide by 2023.

What Does This Mean for You?

Whatever your mobile ad spend is, it is estimated that at least 37% of it is given away to ad fraud (2019 Q1 Ad Fraud Report). Mobile ad fraud not only impacts the advertisers’ bottom line as well as their brand safety and product optimization, it also erodes trust in publishers, sub-publishers, ad agencies, MPPs and ad networks. 

We know that analyzing mobile ad traffic quality can be like opening a can of worms, and keeping up with industry developments can be exhausting and time consuming. This is why we created this mobile ad fraud glossary to make sure all mobile advertisers are on the same page:

Let’s start by defining the basics around online traffic: 

Valid Traffic: valid online traffic is generated by real users, people using their devices to surf the web with genuine interest.  

Invalid Traffic:  according to Google, invalid traffic is any activity that doesn't come from a real user with genuine interest. It can include accidental clicks caused by intrusive ad implementations, fraudulent clicking by competing advertisers, advertising botnets and more.

Depending on the level of sophistication there are two types of invalid traffic : 

  • General Invalid Traffic (GIVT) this would be fraudulent traffic that can be identified through simple means of filtration or metrics analysis. 
  • Sophisticated Invalid Traffic (SIVT) is more difficult to detect as it is developed by high-tech fraud organizations.

Your Mobile Ad Fraud Glossary

Ad fraud: the act of intentionally falsifying engagement on an online advertisement. 

Ad Injection: is the visible or hidden insertion of ads into an app, web page, or other online resource without the consent of the publisher or operator of that resource. Basically, this is when ad tags are taken from a publisher’s site and put onto another site without the publisher’s consent. The point is to capitalize on more impressions, clicks, leads or downloads. 

Through browser extensions and adware plugins, ad injection allows fraudsters to put ads where they don’t belong. Fraudsters can even hijack a server to slip an ad of their choosing into a space that belongs to a different advertisement. According to AdCumulus, fraudsters even place ads on a website that doesn’t normally show ads at all. 

Ad Stacking: when fraudsters want to turn one ad placement into multiple, they can use ad stacking. This is when an online visitor can see one ad, but it will be invisibly “stacked” on top of multiple other ads driving invalid impressions and clicks to ads that haven’t been displayed to any user.

Ad Tag Hijacking: according to Google Ads, ad tags can be stolen from a publisher's website and used on another site, often to sabotage the brand’s reputation. At other times, it occurs as a side-effect of scraping and republishing content without the publisher's consent.

Ad Fraud Technique: the actual technical method used by fraudsters to perform ad fraud. There are about 14 different main ad fraud techniques in total.

Adware: also called Malware, is malignant software automatically installed on mobile devices designed to fake legitimate user-generated traffic to a site or app. Adware generally serves visible or hidden ads to users to boost ad consumption. This belongs to the category of SIVT or Sophisticated Invalid Traffic. 

Bot Fraud: this occurs when non-human traffic registers as an impression or click on an ad. Not all bot traffic is bad though. Examples of good bots would be search engine crawlers, site monitoring bots and other types that execute helpful, useful, and legitimate tasks without malicious intent.

Click Farming: is a type of ad fraud in which a large group of human workers (in one or multiple locations) is minimally paid or otherwise incentivized to view and/or click on ads on behalf of a third party that financially benefits from those human workers’ illegitimate consumption of the ads.

Crawler traffic: this could be a browser, server, or app that makes page load calls automatically without declaring themselves as a robot, masquerading as a legitimate user. 

Creative Hijacking: this is when fraudsters copy creative tags from a legitimately-served ad without the advertiser's consent, so the ad can be shown again at a later time on another site or app. This can make it look like the publisher is getting more traffic than they really are from unwanted sources.

Click Injection: Click injection is a common form of mobile ad fraud. It is the injection of clicks on mobile ads or as an app download is taking place attempting to attribute that conversion to a different source. Fraudsters employ this scheme through malware that users unknowingly download to their mobile phones. Seemingly harmless applications will then infect a user’s device once downloaded. 

In 2019, Facebook sued two developers for click injection ad fraud: “The developers made apps available on the Google Play store to infect their users’ phones with malware,” said Jessica Romero, director of platform enforcement and litigation. “The malware created fake user clicks on Facebook ads that appeared on the users’ phones, giving the impression that the users had clicked on the ads.”

Clickjacking: is a technique used by fraudsters that tricks a user into clicking a webpage element which is invisible or disguised as another element within the site or app. Clickjacking can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

Click Spamming: similar to click injection but less sophisticated, click spamming produces thousands of dishonest clicks. But instead of faking the click at the last second before a download, click spamming will flood a measurement system with thousands of low-quality clicks.

Cookie Stuffing: Cookies are text files that store information about a visitor’s browsing history (and therefore behavior and preferences). A browser's cookie history helps brands deliver targeted advertising by relaying information about the user. By using cookie stuffing, a browser’s history can be hijacked and filled with incorrect information about the visitor. For example, fraudsters operating in the mobile gaming industry stuff a user’s browsing history with mobile gaming related cookies driving up the cost of that user’s click, hence getting a higher payout for each click they generate.  

Data-center Traffic: This originates from servers in data-centers, rather than residential or corporate networks, where the ad is not rendered in a user’s device but fake clicks are generated by an undeclared source.

Geo Masking: The cost of traffic depends on its location and all marketers know, effective geo-targeting is essential to any ad campaign. Through geo masking fraudsters get paid for traffic that doesn’t come from a specified geographical location. For example: sign-ups from Nigeria are masked as originating from the US, hence making undesirable low-quality downloads appear to be of higher-quality.

Malware: this is an umbrella term used to refer to a variety of forms of intrusive software, including adware designed with malignant intentions.

Malware APKs (Android Application Packages): these application packages are essentially files in the format used by the Android operating system for distribution and installation of mobile apps, mobile games and middleware. In this case, the files are infected with malware. A common technique fraudsters use to spread malicious apps is to fake app package names.

Non-browser User-Agent Header or MSISDN Injection: is when an infected  device declares a user-agent header not normally associated with human activity. HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated. MSISDN information in browser headers is a clear indication of online fraud

Non-human Traffic: this generic term is most often used to refer to bots or crawler traffic that create fraudulent ad impressions.

Phantom Layer: these are websites operated specifically for the generation and laundering of ad fraud by obscuring the source of inventory and impressions entering the online advertising ecosystem. 

Pixel Stuffing: this could be done with normal sized pixels or tiny pixels. Pixel Stuffing is when the user is presented with a normal-looking ad embedded with an illegitimate pixel so small it’s undetectable. So users are unaware of being shown multiple ads at once, but fraudsters get attributed for many more impressions. This method of fraud can be repeated countless times on a single page.

The mobile ad fraud landscape is constantly evolving and we will endeavour to have this list reflect it’s evolution by keeping it up to date regularly. Don’t hesitate to contact us if you have any questions related to mobile ad fraud.