Beware of online advertising scams

Posted: Date Posted – 12:30 AM, Tue – Jun 14, 22

Cyber ​​Talk Article – Online Ad Scams

India, with a population of 1.39 billion, has over 1.10 billion mobile phone connections, 624 million with internet access and 448 million with social media accounts. It also means that we are prone to online fraud and online advertisements are an easy way to commit social engineering crimes to steal money or damage online reputation.

Ad fraud is the practice of fraudulently representing online ad impressions, clicks, conversions, or data events in order to generate revenue from the clicks. Online ad fraud happens through – email, WhatsApp, SMS, fake websites, e-commerce platforms, social media and apps.

Sources of ad fraud include botnets, data centers, browser toolbars, infected software (malware), pay-to-click (PTC) websites, free apps, and click farms.

Fraud methods:

Click Hack: Click hijacking occurs when a fake click is sent to an acknowledgment directly after the installation begins. There are two types of click jacking. (A) Organic recognition fraud occurs when a legitimate, organic install is incorrectly recognized to a deceptive user. (B) Paid attribution fraud is essentially the same. However, instead of an organic install being wrongly attributed, it is a genuine paid install that is wrongly attributed to another deceptive source.

Installing a fake app: Ads are frequently displayed in mobile apps, especially for free apps available outside the Play Store or App Store. For this type of fraud, scammers employ groups of people to install apps thousands of times. Instant loan apps are a classic case study for this type of fraud.

Botnet ad fraud: Fraudsters use botnets to generate thousands of fake clicks on an advertisement displayed on a website.

Hidden Ads: This fraud targets advertising networks that pay based on impressions (views) and not clicks.

Types of fraud:

Attribution Fraud it’s when a user downloads an app and a fraudster tries to claim attribution for that download. (1) Click Spam – Pay per click advertising model, advertisers pay a fee for each click on their ad, anticipating that they have attracted a potential customer. (2) Ad Stacking – fraud in which multiple advertisements are layered on top of each other in a single ad placement. (3) Click injection: Android ad fraud where a click is generated just before an app is fully installed in order for the fraudster to get credit. (4) In-App Event – Incorrect attribution of paid in-app events to fraudulent sources, on paid campaigns.

Installation Fraud occurs when app installs are not from genuine users of the app; they can be robots or people who are not the users for whom they are intended. These installs do not offer a return on ad spend. (1) App Install Farms: A group of people or technologies that installs, launches, and then uninstalls apps from devices. (2) SDK Spoofing – Creating legitimate-looking installs with data from real devices without the presence of real installs

Operating mode

a) The fraudster sends the clickbait messages by SMS, WhatsApp, email or social networks
b) A fraudster creates false advertising on social media platforms and on Google Advertisements. Fraudsters mostly advertise trendy things, like new iPhone model
c) When a victim is lured by advertisements and is approached by a fraudster, they are asked to pay an amount as booking/advance fee.
d) The victim pays the requested amount with the belief that he will get a product at a reduced price.
e) Again victim is asked to pay extra for delivery, GST and express delivery charges etc.
f) Fraudster sends delivery tracking details to trick victim into believing it is true and victim initiates money transfer
g) After the victim transfers the money, the fraudster blocks calls and all means of communication.

How to stay safe

• Invest in reliable anti-fraud/malware tools
• Check short links https://isitphishing.org/ if there is phishing activity
• Please verify the authenticity of SMS headers https://smsheader.trai.gov.in/
• Check apps (access you give) before downloading and using https://reports.exodus-privacy.eu.org/en/
• Check your email before/making financial transactions https://mxtoolbox.com/EmailHeaders.aspx
• Block countries with the highest ad fraud rate (Pakistan)
• Search the website in incognito mode to see how it appears to others
• Black list of suspicious websites and regular updating of this list
• Use ad blocking features on browsers
• Install app only from App Store or Play Store
• Never install any app using .DMZ or .APK files sent via email, SMS or messengers
• Pay attention to metrics that require human interaction, such as inquiries, conversions, or purchases, etc.

Marilyn J. Hernandez