Blogs

brands-vs-bots

Brands Vs BOTs: Importance of Decoding BOT Fraud

Leave a Comment / Blogs /

Alan’s Turning remarkable theory formed the basis of computer science today. His famous test ‘The Imitation Game’ was based on whether a machine can fool us into believing that it was a human. The objective of the game was that the interrogator while sitting in a separate room had to identify which of the other two is the person and the machine. The interrogator knows the person by labels ‘X’ and ‘Y’ and does not know which of the other person and the machine is ‘X’. Alan Turning’s argument was that if a human cannot tell the difference between a computer and a human then we should call the computer intelligence. Alan Turning’s test is turning out to be true in today’s world. Almost half of the online traffic is BOT generated. This has led to adulterating the quality and genuineness of engagement driven by various platforms such as financial services, healthcare, travel, and e-commerce among others. It has not left any industry unaffected. In the advertising industry, due to fake BOT traffic, advertisers are losing millions of dollars each year. Fraudsters are becoming more advanced in their workings. They find new ways and activities to inject fake clicks or use bots to generate their revenue. The ability of bots has increased in the past few years to mimic human online behavior. As the line between humans and BOTs blurs, our suspicions are raised; so how do we get to know that real humans are clicking on our ads or installing our apps? The answer to this question is very complicated as there is no clear way to know whether the real human is clicking on the ads or not. How does BOT fraud occur? Fraud publishers use BOTs to send multiple clicks to the landing page or to fill multiple leads to earn money from advertisers. BOTs avoid traceability by changing the IP address presented at the time of the transaction from the original IP address of the device, which is either hidden or tampered with. In the absence of any fraud check, the advertiser ends up paying for fake clicks or installs. 2 Different Kinds of BOTs BOTs are trained to do multiple things at the same time. There are two kinds of BOTs: Good BOTs: They are used to gather information. BOTs in such disguises are called web crawlers. Good BOTs are used to interact with customers in an automatic form. Bad BOTs: Bad BOTs or malicious bots are self-propagating malware that infects its host and connects back to a central server(s). The server functions as a control center for the network of BOTs. These BOTs can gather passwords, obtain financial information, relay spam, log keystrokes, launch DoS attacks, etc. How to make sure that you are paying for genuine traffic? Paying for genuine traffic is never easy when it comes to performance marketing campaigns. Since the Alan Turning test, not much has changed apart from the real human interrogator, now we have technology solutions that act like an interrogator and help us identify the BOTs traffic from a genuine one. mFilterIt solution helps in identifying invalid traffic due to ad fraud in your campaigns by using different kinds of algorithms.

Brands Vs BOTs: Importance of Decoding BOT Fraud Read More »

ad-bot-fraud

How Could Ad Fraud Land You Up Dating BOTs?

Leave a Comment / Blogs /

Unaware of the complexities in tech, users end up interfacing with machines. Ad fraud is seen from a very myopic and transactional view by the entire ecosystem. Due to this insensitive nature of advertisers and publishers, an ordinary user of the service or application suffers. As per media reports, the latest buzz of the app world is Gleeden, a French dating and social networking service primarily marketed to women. Its success in India is also skyrocketing. With over 8 Lakh users in India, the app witnessed over 300% increase in subscriptions compared to the previous couple of weeks. That’s a joy ride for the app! BOT-driven users and traffic have been degrading the quality and genuineness of engagement driven by various platforms offering e-commerce, financial services, healthcare, travel, social networking, dating, and whatnot. This is literally ‘burning’ money of the entire digital value chain, including the investors who put money in growing ventures to help them scale up. But what is more damaging and consequently far-reaching is the overall experience of any user who is seriously looking at the service or value offered by the app or service. Imagine apps and use cases like dating, etc., where users come up with more of an emotional reason and look for satiating very intangible feelings. If the users on these platforms are either BOTs or the profiles are not validated, which aren’t, the whole reason for being on the platform is jeopardized. Some people also get extremely serious about these services, and the engagement could be beyond a superficial connection. In that case, a person is emotionally drained and heart-wrenched upon learning that the engagement has either been with a BOT or an imposter. This is a considerable brand safety issue where the credibility and reputation of the service go for a toss. Retail or financial services need to be careful about ad fraud and brand safety. Still, it is also equally important for platforms like dating and social networking apps to have a clean and trusted user base leading to genuine engagement. Digital platforms cannot do without inorganic growth. They will have to continue spending on Performance campaigns to get the platform discovered and potentially acquire users. However, it needs to be done with precaution to ensure that we are not paying for something that is fake and can rip apart the platform’s reputation at any stage – from acquisition to re-engagement. There is an old saying, “Precaution is better than cure,” A cure is always expensive and unsuccessful in reversing the damage. Ad fraud is one such classic example where even increasing budgets on damage control will not yield the desired results because one single bad experience makes its eternal mark in the minds of a prospect or a user. That’s the extent of damage ad fraud can cause to the safety of a brand.

How Could Ad Fraud Land You Up Dating BOTs? Read More »

app-ad-fraud

App Ad Fraud Continues to Be On the Rise in India

Leave a Comment / Blogs /

India witnessed mobile ad fraud of over Rs 573 crore during Q3 2019 over fake installations. A recent report by Sensor Tower ranked India as the country with maximum app installs in 3Q (Jul-Sep) 2019. It reported 5 billion app installations for India out of 29.6 billion app installs globally. This is excellent news for the country. However, at the same time, it also means an increase in ad fraud. As per mFilterIt internal analysis, over 273 million fake apps installation during July-Sep 2019 in India alone. This translates to a loss of over Rs 573 crore in Performance Marketing spending. Over 15% of the total app installs come through publishers, with an average fake user rate of 35%. Publishers are essential stakeholders in the value chain as they hold and influence particular communities that are potential users of several apps. This makes the engagement of app makers inevitable with the Publishers. At the same time, it is not that all Publishers resort to ad fraud and acquire fake users for the advertisers. Some Publishers get 100% validated genuine users to the Advertisers. For marketers, the key to success is engaging with a neutral ad-fraud elimination solution that can validate the KPIs claimed by Publishers in an unbiased way. With too many apps available to users and the app ‘real estate’ becoming increasingly precious, it becomes equally essential for advertisers to engage with genuine users who not only install an app but also keep the engagement on. With the valuation models changing for businesses, the user base no longer remains the only factor to gauge success. How engaging the users are with an application is the most critical part. There is an increasing challenge of Brand Safety, which comes with ad fraud. The organic traffic stealing misaligns the brand positioning and raises doubts about the performance of organic marketing, which does not come cheap. Also, organic performance is much more robust and has long-term implications for the brand. To conclude, advertisers must engage with Publishers and even have a reward system for the best partners. However, the performance cannot be judged by looking at attribution results alone. There has to be a neutral third-party validation that brings transparency to the system. That’s the most straightforward resolution of the issue.

App Ad Fraud Continues to Be On the Rise in India Read More »

app-ad-fraud

Apps Ad Fraud: Stealing an App Install after Install

Leave a Comment / Blogs /

With the push towards higher and higher KPIs and engagement checks by advertisers for their App Install campaigns, it has become more and more difficult for publishers to generate revenue simply on the trading game. The alternative: Resort to Ad Fraud. Till recently the Click Spamming fraud whereby fraudulent publishers would fire thousands of fake clicks continuously to capture organic traffic was the way to go for publishers to generate revenue and at the same time provide fantastic quality and meet KPI benchmarks for advertisers. We have recently come across new fraud in the App Install (CPI/CPR) advertising campaigns driven through affiliate networks where Organic and Inorganic installs driven through other networks/publishers are being captured and converted to your name! It is an amazing process of simply stealing an install attribution right at the very last stage of the attribution cycle : Capturing the Install AFTER the Install has been done!! When an app is installed and opened, only then does an attribution platform tracking get enabled. This is part of the Android OS restrictions whereby an app is not allowed to execute simply upon being installed. However, after an app is installed (organically or inorganically), and BEFORE it is opened by the user, there is a small period of time. Typical studies done by us indicate an average gap of 10 seconds between an install and actually, the app is opened for the first time. This increases substantially for larger-sized apps (since users will typically start doing something else while the download is happening). Now, many publishers have malicious apps that detect the installation of an app on the device (Android actually has a basic API to allow other apps on the device to know about a new app install!) and trigger a ‘fake’ click from the background AFTER the install but BEFORE the user opens the app. Simply by this one fake click, the install has been STOLEN from organic or even other inorganic channels! The reason? Attribution platforms attribute the installation based on the last click received. In this case, the last click was received by this fraudulent publisher overwriting the organic attribution or even the inorganic attribution of some other network! Since the fraud publisher did not have to fire thousands of fake clicks to capture the installation, the CR% (which was a good indication of Click Spamming fraud) will no longer work. Since this will capture both Organic as well as Inorganic installs, the quality of users acquired will be average. So the normal indicators of Click Spamming no longer work. Size of this Fraud : We estimate Click Spamming to be swindling $15m of Ad Spending each year within India. This is an estimate based on the detection we have done for many of our clients and is only an estimated number. Solution: We at mFilterIt detected this fraud in the Indian market as recently as 1 month ago and are able to track and detect these frauds deterministically as part of our Ad Fraud solution mFilterIt. Many of our customers benefit from this solution and save thousands of dollars in ad spending which are being wasted on paying for Organic traffic or incorrectly captured traffic. mFilterIt is now validating more than 1m installs on a daily basis and working with many of the top app advertisers in the country. Our aim is to provide value and savings to our clients on their Ad Spends which are getting wasted on fraudulent activities in the advertising world. Please get in touch with us to understand this fraud better and how we can help you save thousands of dollars that are being wasted!!

Apps Ad Fraud: Stealing an App Install after Install Read More »

call-center-optimizer

Lead Predictor & Call Center Optimiser by mFilterIt

Leave a Comment / Blogs /

mFilterIt has launched its Lead Predictor and Call Center Optimiser tool which will help advertisers “predict” the conversion of a lead in real time!! We will be able to identify which leads are punched-in, fake, or bots as the lead is filled up and block them from triggering the call center itself! Preventing a lead that is fake or punched-in to even reach customer care and hence save costs for the advertiser. The Background : When advertisers run lead campaigns, they generally pay on call center-validated leads. This is done to safeguard against fraud, since only when a lead’s contact number is reachable, the lead will be paid for. Unfortunately in this process, while the advertiser has safe-guarded (but only to some level) the payment of fake and dummy leads, the call-center costs would shoot up. Further, the actual frauds that are currently being done in lead campaigns like : Punched-in leads: leads filled by publishers of genuine users but without the users showing any interest or even being aware of the product or Fake call-center leads: where publishers fill leads with phone numbers belonging to their own call-center users, who will accept the calls but will never actually convert for the brand bypass the normal scrutiny, since the call from the brand’s call center will always be complete, but no end-gain will come out of it. End impact on the advertiser : 1-Lower final conversion ratio 2-Higher Call Center Costs 3-Higher payouts to Publishers for fake leads How we do it! mFilterIt Lead Predictor and Call Center optimization tool will detect these cases in real-time, which can be used by advertisers to prevent fraudulent leads from even reaching the CRM and further the call center. This means : 1-Immediate lead validation 2-Improved focus on actual genuine leads 3-Lower call center costs 4-Higher ROI and Conversion Rates 5-Lower payouts to publishers And proof point of how good we are? In multiple campaigns, our false-positive rate (leads predicted to be fraudulent end up actually converting for the customer) is less than 0.5%. All this with almost zero tech efforts, a start time of less than 30mins, and many more features of our lead platform like : 1-Lead Data Enrichment to enhance the lead information for better ROI of genuine leads. 2-Email Verification to prevent fake/mistyped email IDs from going into your digital marketing database and resulting in hard bounces and IP reputation issues. 3-mTrackIt, our Publisher Management tool, removes the need for cookies of publishers and eliminates all manual operational activity of onboarding publishers. Many large brands have already shifted their lead campaign to our technology. Reach out to us and see how we can improve your ROI on your lead campaigns from Day#1 with Zero Tech efforts and maximum returns.

Lead Predictor & Call Center Optimiser by mFilterIt Read More »

app-privacy

3 Major Threats From App Piracy That Brands Cannot Ignore

Leave a Comment / Blogs /

Do you know? 85% of apps can be decompiled and modified to be injected with malicious code triggering undesired behavior of an app with ulterior motives. APPs have become the default interface for users to interact digitally with people, services, and platforms. Globally, an estimated 3 million apps are available on Google Play Store. The common man’s perception is an app is a distinct and infringeable digital asset of an organization. People consider it genuine, especially when it is on a platform like Google Play Store or Apple App Store. However, the fact is that an app can be pirated and can result in App fraud. Techniques like decompiling an app and modifying the package with malicious code lines make an app vulnerable. Essentially three main threats emanate from a pirated app. 3 Main Threats from a Pirated App Compromised Privacy: Irrespective of any such app available over a Play Store or otherwise, if a user inadvertently installs a pirated app considering it to be a genuine version, there is a higher probability of that app being able to access personal data, including contacts, SMS, pictures and other sensitive data that must store on a Smartphone. Ad-Fraud: Compromised apps are used as a medium for fraudsters to control a Smartphone, a publishing medium to fake traffic, users, or events. With malicious code lines put along with the app or digital ads, the fraudsters commit ad fraud by getting impressions, app and even trigger clicks, etc., to fake KPIs agreed with an advertiser whose campaigns are being run. At the same time, ill-practiced publishers steal the organic traffic of mobile apps/browsers to credit any activity a user does to earn the attribution without doing any hard work. In this case, such a publisher reports ‘stolen’ traffic as theirs and credits the attribution to get paid for something they never did. This also demotivates the digital marketing team as organic traffic earned after painstaking efforts is tagged as inorganic. Brand Safety: Another important ramification of a pirated app version is the damage it causes to the image and reputation of the brand. Since the app is compromised, it cannot guarantee its behavior to align with the tenets of a brand, its philosophy, and its guidelines. This means a spectrum of issues. In its simplest forms, the brand, through this rogue app, could be seen as promoting theft of data, infringing on privacy, displaying obscene content, and several similar issues. Since this app is not in the control of the actual brand, it would not act as a responsible digital asset representing it. App Piracy Cannot Be Ignored Unfortunately, app piracy has not been getting its due mindshare from the ecosystem, including governments. There is a need to have strict regulatory guidelines about app piracy for the various damages it could result in, ranging from hampering an individual’s privacy to hurting national interests. While it’s essential to have a national consensus around app piracy, brands cannot and should not wait for the government to intervene. Marketers, every organization, institution, and entity having an app, must keep a vigil on the pirated versions of their apps available either over the Play Store or through non-play store platforms. Android RAT tools like FatRat and other powerful tools like Metasploit help to pass through the security layers of Android by circumventing the security policies and can even bypass an Antivirus and Firewalls, allowing attackers access to a Meterpreter session. These publicly available tools add to the vulnerability of an app where even app permissions are compromised. So, while a genuine version of an app will be genuinely seeking 10 permissions from the device, a pirated version might be taking entirely different or some more critical permissions, which are not required by the app. Still, fraudsters modify them for their ulterior intentions. How Can mFilterIt Help? mFilterIt helps its clients monitor any pirated version created over several alternate app stores and identifies the modification – addition or deletion of permissions fiddled with such duplicated versions. Below are some of the examples to highlight.   In all the above examples, mFilterIt scanned the pirated versions of these popular apps on various APK Stores and identified the modified permissions. This helped the clients take necessary actions and understand the motive behind creating such pirated versions, which ranged from infringing piracy of legitimate users and using these apps for ad fraud. Monitoring pirated app versions is essential for every organization. However, its importance becomes paramount for sensitive domains like government, security, BFSI, healthcare, etc. Consumers need assurance and trust that the app they are installing on their devices is the verified version of the organization or any other entity they are engaging with. There should be a public repository of identified pirated app versions, and consumers must be made periodically aware of fake apps. Get in touch to learn more about the App Piracy Threat.

3 Major Threats From App Piracy That Brands Cannot Ignore Read More »

app-advertising-fraud

Using KPI Targets Against App Advertising Fraud

Leave a Comment / Blogs /

Let’s start this topic with a question from a different universe! Imagine owning a bank and having a vault where lots of money is stored. It has the world’s best security systems safeguarding it. All the tools we see in the latest spy movies are implemented – Cameras, thermal visions, laser beams, explosion protection, retina eye scanners, and fingerprint scanners. All state-of-the-art and best of the breed. Your security advisor comes to you and asks whether we should guard the building where the vault is located with essential security guards and an entry register. A primary access control. Should we spend money on security guards with such excellent protection in the vault? Or should we allow anyone and everyone to come to the vault and try their best to steal from it (in the hope that they will not hack the top-class vault security)? What will be your answer? Performance KPIs-Based Campaigns Don’t Offer Fraud Protection Many advertisers moved to KPIs and goals-based campaigns to better align their spending with their revenue. E.g., CPR (Pay per Registration), 30% of installs should lead to registrations, 20% of installs should lead to wallet top-ups, etc. The aim: Aligning the advertising costs with the business objectives. If an affiliate gives users who carry out transactions, it is worth the expense. But, very quickly, it has also become their line of defense against fraud for many advertisers. Hey, it’s simple. If a publisher is acquiring a user who generates business for me, and that’s when I pay the publisher, why should I bother with fraud? Let there be fraud. As long as I pay for an actual business transaction, I don’t need to think about fraud. That is an incorrect approach to fraud and the topic for this research. Faking Events! Most advertisers depend on attribution platforms to measure and track publishers’ performance and use it to enable/disable publishers who are working and those who are not. Attribution platforms keep track of ‘events’ that the APP raises at specific points of the user journey, which is projected against the publisher to identify the alignment of publishers with end business objectives. E.g., What is the ROI for X publisher vs. Y publisher? But the question is: How is the ROI being calculated? And is it sacrosanct? Can it be manipulated? Our research shows it can!! Attribution platform events can be faked and triggered without actual activities happening on the app. Fundamental is that android is an open OS, and getting root access to change and modify anything is not very complicated. This includes events. The events faked will show up on attribution platforms against the publisher, and the advertiser will get an image of excellent traffic and all KPIs being met. But when the actual so-called ‘sales’ or ‘registrations’ are tracked at the back-end systems of the apps, there will be nothing present! This gets further complicated by silos between marketing and product teams, whereby access to data across teams is restricted. So, if your only protection against AdFraud is the KPIs tracked on the attribution platform, you may be in trouble. Here is a step-by-step guide of what we did : Take an app that is pushing CPR/CPS/KPIs linked campaigns. Decompile the app using standard android decompiles. Find the event’s structure implemented (while tools like prograde make the code unreadable and obfuscated, can understand most of it, simply because attribution platform events are standard and their documentation readily available) Install the app on the phone. Link the network to a proxy analyzer (like Burp Suite etc.). Implement a custom root certificate on the phone, which allows a simple man-in-the-middle attack. This will allow you to read HTTPS communication also. Open the app, and carry out the transaction. You will see the events being fired from the app on the proxy analyzer. You can now read the events being fired. Reverse engineering the event allows you to construct the event’s structure easily. Some attribution platforms implement basic SHA1 encoding on specific timestamps and other data fields, which can be undone once you know the code from step # 2. Remember that you need to do this for an attribution platform only once since the structure of events will mostly remain the same. Now you have an engagement engine in your hands! Link it to a simulated install engine. So you can carry out a sequence of simulated installs and events!! Install the app on a simulated phone (e.g., blue stacks) to fake the event. Remove the app. Modify the device IDs. Repeat. And Repeat. Your engagement KPIs will be 100%. The advertiser will be delighted! The Problem is in the Approach!! The basic approach to advertising in this scenario is wrong. You cannot allow fraudsters to reach your systems and try to manipulate them. You cannot expect the end goal of KPIs to protect you against fraud (to clarify, KPIs to track publishers is still a great idea, but thinking that it also protects you from fraud is incorrect). There must be a multi-layered fraud protection system in place; otherwise, you are at the mercy of fraudsters continuously trying to hack your systems and find a loophole. With due regard to attribution platforms, any and every system globally is susceptible. And no system is fool-proof. When a fraudster understands that the only thing stopping him from earning money is some events being tracked on a platform, he will find a way to hack it. Advice: Invest in the Security Guard!! The bank (in our leader story) decided to have security guards at the building so that only controlled people could enter the bank and reach the vault. This substantially reduces fraudsters’ access and the opportunity to try their tricks to hack the system. Also, if they still hack it, they leave identifiers (e.g., register entries at the bank, etc.) behind, resulting in them being caught. It does not matter if the vault is heavily protected and has the best security in place. Advertisers need

Using KPI Targets Against App Advertising Fraud Read More »

brand-safety-solution

How Video Advertising Will Erode Brand Safety?

Leave a Comment / Blogs /

Marketers are required to take proactive Brand Safety measures ensuring their ads are placed on relevant channels. Video is the future of content. Brands are globally spending anywhere between the range of 8-15% of their total advertising spend on video advertising, depending on the geo-market we are talking about. Irrespective of how much is being spent, there are no two opinions about video being the fastest-growing medium of advertising. The majority of these videos, including ads, are being consumed over YouTube – the default internet video place. It has over 1.8 billion active monthly subscribers, which continues to grow. In Performance Marketing, most of the focus of advertisers is on the types of ad fraud like BOTs, fake traffic, and behavior. However, there is also a need to introspect how it is tarnishing the reputation of a brand. mFilterIt has been advocating for some time about the interlinkages of Ad-Fraud and Brand Safety. Today, let’s exhibit an insight that helps to understand how grave the issue is. A Brand Safety audit was carried out for a leading platform in the entertainment domain. The top 500 YouTube channels were analyzed where the ads regarding the entertainment app were served. The results were astonishing keeping in mind that the advertiser is among the few leading players in the industry using all cutting-edge technology to stay ahead of the curve. Almost 1 out of 3 ads (30%) were consumed over YouTube channels which were ‘unsafe’ for the brand. There were also some invalid channels (2%), which would only waste marketing spending. The most damaging part was of ads being served over ‘unsafe’ channels; channels that did not identify with the brand’s philosophy, reputation, and beliefs. mFilterIt categorizes ‘unsafe’ channels into Prohibited, Sensitive, Conflicting, and Contentious categories based on the type of content the channel carries. For instance, in this specific case, the ads were served on a channel that was promoting superstition along with other unscientific beliefs, which directly conflicted with the positioning of the marketing brand. In this case, the brand wanted to ensure that it stayed apolitical. However, its ads were served on some channels that either belonged to a particular political party or were promoting a certain definite political ideology. This would fall under the contentious category of unsafe video ads. Similarly, several marketers face this enormously increasing challenge which comes in their way of effectively using video platforms like YouTube advertising platforms adhering to the brand policies defining the image and reputation of the brand. Underperformance pressure, affiliates push ads to high-traffic channels, which not only results in the unproductive burning of marketing spend but also creates a situation where brands could eventually be required to implement crisis management measures. Even if these are highly sophisticated, they won’t result in a 100% recovery of the brand image or reputation. For effective video advertising, brands need to have a holistic Brand Safety solution which can be enforced by a tool giving more control over the way the brand is represented in any form including videos. Examples of unsafe channels Conflicting: http://youtube.com/channel/UCB6Kcs76B4Jaiih-NRVntHA Contentious: https://www.youtube.com/channel/UC6ZEaf32feEZYK7jwLyNU0Q Prohibited: http://youtube.com/channel/UCuQoHgzcFLwPib9NU4quPIw Sensitive: http://youtube.com/channel/UCo1FB2i8t5qIX6bgM6A2dbQ Get in touch to learn more about brand safety.

How Video Advertising Will Erode Brand Safety? Read More »

Scroll to Top