Mobile ad fraud rates double, with shopping apps hardest hit
- Mobile fraud rates have almost doubled compared to 2017, with e-commerce the hardest hit category, according to new data from Adjust sent to Retail Dive in an emailed press release. The numbers reflect the total installations of fraudulent apps rejected by Adjust, a mobile measurement and fraud prevention company based in Berlin.
- E-commerce accounted for 40% of the total installs rejected by Adjust in the 2018 report, up from 20% in 2017. The games category was last year's leader with 35%, but declined to 30% this year.
- Total damage could reach $4.9 billion in 2018 with a 7% paid install rejection rate. As a result of one fraud type — SDK (software development kit) spoofing — some advertisers could lose up to 80% of their ad budgets on single campaigns, representing tens of millions of dollars.
Mobile advertising is growing fast but so is the fraud accompanying it. U.S. mobile ad spending will grow 20% in 2018 to over $75 billion, according to eMarketer research cited by Adjust, and mobile ad fraud represented 7.3% of all paid installs rejected by Adjust.
This is the measurable tip of a very large iceberg. "Naturally, the fraud rates we see in active rejections only show the level of fraud prevented for advertisers who actually chose to protect themselves," Andreas Naumann, fraud specialist with Adjust, said in the release. "The number of unreported cases of advertisers being victims of mobile ad fraud is undoubtedly a much higher number."
Fraud targeting mobile marketers increased 30% in 2018's first quarter, hitting shopping apps the hardest, according to the AppsFlyer State of Mobile App Install Fraud report. The cost of fraudulent transactions, especially for e-commerce, is rising with each dollar merchants lost to fraud in 2017 costing about $2.77 in overall losses, up from $2.40 the previous year, reported the LexisNexis Risk Solutions Fraud Multiplier Tool. AdExchanger commented that 2018 will be "a year of reckoning" for mobile app install fraud, and said it cost mobile marketers about $2 billion in 2017.
SDK spoofing is fraudsters' "preferred scam du jour," Adjust said. The scam is also referred to as traffic spoofing or replay attacks, and creates legitimate-looking installs on devices without an actual installs being present, Adjust said in its Fraud Expert Guide. It accounted for 27% of the rejected installs in e-commerce.
Among other fraud types, click injections are a sophisticated form of click spam, where a device is hijacked to create a legitimate-looking ad-click. This affected 51% of the e-commerce installs rejected, Adjust said. Meanwhile, click spam results in fake ad engagement, and it represented 38% of e-commerce installs rejected by Adjust. Fake installs are fabricated users that trigger installs based on fraudulent advertisements. It affected 14% rejected installs for e-commerce, Adjust said.