India having 1.39 Billion population has over 1.10 Billion mobile phone connections , 624 Million having access to internet, 448 Million having social media account, meaning we are anytime prone to online frauds and online advertisement is an easy way to do social engineering crimes with a sole objective either steal the money or damage the reputation online.
Advertisement fraud is a practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue from the clicks. Online advertisements frauds happen through (1) Email (2) WhatsApp (3) SMS (4) Fake Websites (5) E-commerce Platforms (5) Social Media Platforms and (6) Applications.
Sources for Advertisement frauds are (a) Botnets (b) Data Centres (c) Browser Toolbars (d) Infected Software (Malware) (e) Paid to Click Websites (PTC) (f) Free Apps and (g) Click Farms.
Few Methods of the Fraud:
a) Click Hijacking – Click hijacking is when a fake click is sent to an acknowledgment directly after the installation has begun. There are two types of clickjacking. (a) Organic acknowledgment fraud occurs when a legitimate and organic installation is incorrectly acknowledged to a deceptive user. (b) Paid attribution fraud is essentially the same. However, instead of an organic install being wrongly mis-attributed, it is a genuine paid install that is being misattributed to another deceitful source.
b) Fake App Installation – Advertisements are frequently displayed within mobile applications, especially for the free apps available for download outside of the Play Store or App Store. For this type of fraud, fraudsters employ groups of people to install apps thousands of times, Instant Loan Apps is a classic case study for this type of fraud.
c) Botnet Advertisement Fraud – Fraudsters can use botnets to generate thousands of fake clicks on an advertisement that is displayed on a website.
d) Hidden Advertisements – This fraud targets advertisement networks that pay based on impressions (views) and not clicks.
Types of Frauds:
a) Attribution fraud is when a user downloads an application and a fraudster attempts to claim attribution for that download. (1) Click Spam – Pay-per-click advertising model, advertisers pay a fee for each click on their ad, anticipating that they have attracted a potential customer. (2) Ad Stacking – fraud in which multiple ads are layered on top of each other in a single adv placement. (3) Click Injection: – Android advertisement fraud where a click is generated just before an app is fully installed so that the fraudster will get credit. (4) In-app Event – Incorrect attribution of paid in-app events to fraudulent sources, on paid campaigns.
b) Install fraud is when app installations are not from genuine app users, these could be bots or from people that are not their intended users. These instals don’t deliver a return on advertisement spend. (1) App Install Farms: a group of people or technology that installs, launches, and then uninstalls apps from devices. (2) SDK Spoofing – Creation of legitimate-looking instals with data of real devices without the presence of any actual instals
Modus Operandi of the Fraud:
a) The fraudster sends the click bait messages via SMS, WhatsApp, email or social media.
b) A fraudster creates a fake advertisement on social media platforms and on Google Advertisements. Fraudsters mainly advertise things that are trending, like the new iPhone model.
c) When a victim gets attracted towards advertisements and is approached by a fraudster, the victim is asked to pay an amount as a booking /advance fee.
d) The victim pays the requested amount with the belief that he will get a product at a discounted rate.
e) Again, the victim is asked to pay an additional amount towards delivery , GST, and express delivery charges etc.
f) The fraudster sends delivery tracking details to make the victim believe it to be true and the victim initiates the money transfer.
g) After the victim transfers the money, the fraudster blocks calls and all means of communication.
Tips to stay away from Fraud:
- Invest into a reliable anti-fraud / malware tools.
- Check the short links https://isitphishing.org/ if there is a phishing activity.
- Please check the authenticity of the SMS headers https://smsheader.trai.gov.in/
- Check the apps (Accesses you are giving) before downloading and using https://reports.exodus-privacy.eu.org/en/
- Check email before /doing any financial transactions https://mxtoolbox.com/EmailHeaders.aspx
- Block countries with the highest advertisement fraud rate (Pakistan)
- Search the website in incognito mode to see how it appears to others
- Blacklist suspicious website and regularly update that list
- Use the advertisement block features on the browsers
- Instal application only from App Store or Play Store
- Never install application using .DMZ or .APK files sent via E-mails, SMS or Messengers
- Pay attention to metrics that require human interaction, such as inquiries, conversions or purchases etc.