Fraudsters are finding new and sophisticated methods of defrauding publicity efforts-all while trying to remain imperceptible and unscathed.
But as fraudsters develop, so do advertisers. Advertisers remain up-to-date and have a highly analytical, data-driven approach to fraud control, always looking for the best tools to help them stay safe from fraudsters.
In this post, we will present you with the top 10 signs that will help you identify if your user acquisition campaign is being compromised.
1. Organic traffic takes a big fall – a sign of attribution fraud
You need to be careful about drastic drops in organic traffic as you track the efficiency of your app. Fraudsters tend to use fraud of attribution, also known as organic stealing, to attack ad campaigns and commit theft by exploiting the attribution model of the last click. The intention is to steal and wrongly assign your organic installations by clicking on spam and clicking on injection.
2. Abnormally high rates of post-install activity – a sign of incentive traffic injection or smart bots
Hold on celebrating just yet when you see a high post-install activity level and are prepared to high-five yourself. Abnormally elevated post-install activity can be a sign of injection of incentive traffic or smart bots. In both instances, fraudsters analyze all post-install advertisers occurrences and KPIs, and train bots or motivate customers to conduct the in-app activity needed.
3. Abnormally low conversion rate – a sign of click spam
Based on the nature of spam clicks, fraudsters attempt to “spray” clicks on as many users as possible with their monitoring link. Fraudsters flood and assign these installations to themselves with as many clicks as possible to produce the last-click previous organic installations. But fraudsters can’t influence whether or not consumers install the app after a click, so an abnormally small conversion rate can fall, which is a red flag for spam clicking.
4. Abnormally high conversion rate – a sign of incentivised traffic or bots injection
High conversion rates are another reason to celebrate-and while we don’t want to rain on your parade, we suggest investigating if you’re the victim of incentive traffic or injection of bots. If consumers install the app at an unusually elevated speed, fraudsters may inject incentivized users or bots into your app without being caught.
5. High rate of paying users – a sign of fake financial events
If, for no demonstrable reason, you see an extraordinary quantity of customers paying in your app, you may be the victim of intelligent bots making those payments.
With continuous reverse engineering, smart bots are a very advanced and dynamic type of fraud. Unlike traditional bots, using Machine Learning and Big Data techniques, smart bots can not be identified by manual assessment of abnormal post-install activity and involve thorough assessment of post-install occurrences.
6. Disappearance in retention and return of a large number of users – a sign of smart bots
Smart bots can be signaled by an abnormally high retention rate, and fraudsters find ways to manipulate the retention rate within each daily cohort so they don’t look suspect. For instance, an unexpected loss of a particular group of customers for several days and their subsequent return in a rather large quantity (e.g. retention: 18 days-20 percent, 19-21 days-0 percent, 22 days-15 percent in a particular cohort) could imply that your app is assaulted by intelligent bots.
7. Large fragmentation at a sub-publisher level within the source – a sign of click spam
Usually, for precise traffic analysis, you need a cohort of at least 15 conversions in 1 sub-publisher. Large source fragmentation is a fraudulent effort to avoid marketers from correctly assessing a particular group of fraud customers owing to the tiny amount of installations within a single sub-publisher. Clicking spammers will use this technique and the fragmentation rate can achieve 1 install per 1 sub-publisher.
8. Concentration of installs with similar hardware parameters – a sign of device farms or bots
Fraudsters buy a big amount of inexpensive phones with actual hardware parameters and use them to build device farms to boost pay-as-you-go traffic through fraudulent installations to get paid for them.
If you find a suspiciously big number of installations with the same or similar parameters of “hardware”-device, browser version, ancient versions of OS, IPs, etc.-we suggest further evaluation of installation fraud.
9. Abnormally low drop in retention rates – a sign of incentivised traffic or bots
As a user procurement manager, seeing a high level of retention is an achievement. But first, the true reason behind an abnormally small fall in retention rates for particular traffic sources must be analyzed and discovered compared to organic or other sources, as it could be a red flag for a bots or incentivized traffic fraudster attack.
10. Stable, large volume of installs over a long period of time within a single source – a sign of smart bots
It sounds like a dream for any mobile marketer, but you must be concerned. All traffic sources tend to “burn out” because target audiences for each source are limited and it’s normal that after a period of time, the volume of installs gradually decreases. This usually happens starting from the second week. If you experience a large volume of traffic within one source that performs consistently for over a month, your user acquisition campaign may be the target of smart bots and needs to be double-checked.
Final thoughts: taking effective, immediate action
Fighting ad fraud is an ongoing battle – as soon as advertisers find ways to neutralise one type of fraud, fraudsters are already hard at work to come up with new, more sophisticated threats – and not in vain as losses caused by app-install ad fraud are estimated to reach $12.6 billion in 2019.
As an experienced user acquisition manager, you understand the importance and the crucial need for a comprehensive and powerful anti-fraud tool.
Arm yourself with the best technological engine and stay insured against fraud.
