India having 1.39 Billion population has over 1.10 Billion mobile phone connections , 624 Million having access to internet, 448 Million having social media account, meaning we are anytime prone to online frauds and online advertisement is an easy way to do social engineering crimes with a sole objective either steal the money or damage the reputation online.
Advertisement fraud is a practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue from the clicks. Online advertisements frauds happen through (1) Email (2) WhatsApp (3) SMS (4) Fake Websites (5) E-commerce Platforms (5) Social Media Platforms and (6) Applications.
Sources for Advertisement frauds are (a) Botnets (b) Data Centres (c) Browser Toolbars (d) Infected Software (Malware) (e) Paid to Click Websites (PTC) (f) Free Apps and (g) Click Farms.
Few Methods of the Fraud:
a) Click Hijacking – Click hijacking happens when a fake click is recorded right after the installation of an app begins. There are two types: (1) Organic Acknowledgment Fraud: This is when a real, natural app installation is falsely credited to a dishonest source. (2) Paid Attribution Fraud: Similar to the first, but it involves a paid app installation being wrongly credited to a deceitful source.
b) Fake App Installation – Fraudsters often display ads in mobile apps, especially free ones downloaded outside the Play Store or App Store. They hire groups of people to install these apps thousands of times. A classic example is the case of Instant Loan Apps.
c) Botnet Advertisement Fraud – Fraudsters use botnets to create thousands of fake clicks on ads displayed on websites.
d) Hidden Advertisements – This fraud targets ad networks that pay based on the number of times ads are viewed, not clicked. Fraudsters hide these ads to falsely increase the number of views
Types of Frauds:
a) Attribution fraud is when a user downloads an application and a fraudster attempts to claim attribution for that download. (1) Click Spam – Pay-per-click advertising model, advertisers pay a fee for each click on their ad, anticipating that they have attracted a potential customer. (2) Ad Stacking – fraud in which multiple ads are layered on top of each other in a single adv placement. (3) Click Injection: – Android advertisement fraud where a click is generated just before an app is fully installed so that the fraudster will get credit. (4) In-app Event – Incorrect attribution of paid in-app events to fraudulent sources, on paid campaigns.
b) Install fraud is when app installations are not from genuine app users, these could be bots or from people that are not their intended users. These instals don’t deliver a return on advertisement spend. (1) App Install Farms: a group of people or technology that installs, launches, and then uninstalls apps from devices. (2) SDK Spoofing – Creation of legitimate-looking instals with data of real devices without the presence of any actual instals
Signs of Scam
- Too Good to Be True: If the offer looks too good, it probably is.
- Low Ad Quality: Blurry pictures and fuzzy text are usually signs of a scam.
- Urgency: If an ad pushes you to move urgently and tells you that the offer is limited in time, it probably wants you to make a rushed decision.
- Requests for Personal Information: Real ads will hardly ever ask for personal details. Do not trust any ad that does.
Modus Operandi of the Fraud:
a) The fraudster sends the click bait messages via SMS, WhatsApp, email or social media.
b) A fraudster creates a fake advertisement on social media platforms and on Google Advertisements. Fraudsters mainly advertise things that are trending, like the new iPhone model.
c) When a victim gets attracted towards advertisements and is approached by a fraudster, the victim is asked to pay an amount as a booking /advance fee.
d) The victim pays the requested amount with the belief that he will get a product at a discounted rate.
e) Again, the victim is asked to pay an additional amount towards delivery , GST, and express delivery charges etc.
f) The fraudster sends delivery tracking details to make the victim believe it to be true and the victim initiates the money transfer.
g) After the victim transfers the money, the fraudster blocks calls and all means of communication.
Tips to stay away from Fraud:
- Invest into a reliable anti-fraud / malware tools.
- Check the short links https://isitphishing.org/ if there is a phishing activity.
- Please check the authenticity of the SMS headers https://smsheader.trai.gov.in/
- Check the apps (Accesses you are giving) before downloading and using https://reports.exodus-privacy.eu.org/en/
- Check email before /doing any financial transactions https://mxtoolbox.com/EmailHeaders.aspx
- Block countries with the highest advertisement fraud rate (Pakistan)
- Search the website in incognito mode to see how it appears to others
- Blacklist suspicious website and regularly update that list
- Use the advertisement block features on the browsers
- Instal application only from App Store or Play Store
- Never install application using .DMZ or .APK files sent via E-mails, SMS or Messengers
- Pay attention to metrics that require human interaction, such as inquiries, conversions or purchases etc.