Fraud Types to be Aware Of

What Are Fraud Types That I Should Be Aware Of?


I previously wrote a blog on how you can find fraud in your online marketing campaigns, track it and then prevent it. Now, this blog will go more into detail about all the different categories of fraud that are out there and how to identify what type of fraud could be happening in your marketing channels.


  • Bot Traffic - Bot traffic is non-human website traffic.

  • Bot Traffic Click Farms - Click farms are where a large number of devices are placed in one area and connected to a program that sends out fake clicks, installs, views and other actions. Programs can also create fake device IDs as well as hijacking real device IDs and then sending fake clicks through those.

  • Attribution Fraud - When fake clicks are sent from a source, leading that source to get attribution credit and thus, steal credit from other sources. Oftentimes, an advertiser may end up paying for clicks that came in organically.

  • High Conversion Speed - when a large number of fake clicks are converted into fake installs in a quick burst.

  • Install Farm - low paid workers are hired to click on ads and install the advertiser’s app on real devices. This makes this type of fraud hard to track since real users are being hired to click on ads.

  • Incentivized Traffic - If an advertiser agrees to receive incentivized traffic from a publisher, then this wouldn’t be considered fraud. It becomes an issue when a publisher starts sending traffic that was incentivized by monetary rewards and the advertiser is not aware of this. Then, it becomes fraudulent. Incentivized traffic generally is lower performing since the user may not be interested in the advertiser itself and just clicking it to get their reward.

  • Install Hijacking - A user’s device is infected with malware which then fires a fake click to steal credit for an organic install.

  • Click Injection - A fraudulent app on an Android device can detect when other apps are being installed and fire a fake click to take credit for those installs.

  • Click to Install Times (CTIT) Anomaly - Click injection fraud (as defined above) has a short click to install time so it’s good to check timestamps of when the click occurred relative to the install and look for anomalies.

  • Click Spamming - When a user downloads an app that clicks on ads in the background that a user never actually sees or clicks. The app can be sending fake clicks while it’s running on a device without the user’s knowledge. The developer of the app may end up receiving payouts for these clicks since it appears the ads in their app were clicked on when they actually were not. This is also known as organics poaching.

  • Viewability - this is a metric that many platforms track and it basically measures if your ad is actually visible and viewed by a user. Impressions can be faked to get credit here. An advertiser can check for low viewability rates, extremely low click through rates that do not match your average click through rates on a particular channel and high bounce rates to help identify poor or possibly fraudulent traffic.

  • SDK Spoofing - When an attribution tool’s SDK is hijacked to then create clicks, installs, in-app purchases and various conversion events. These events appear to be legitimate and come from a real user but they never occurred.

Duplicate IPs - When an advertiser receives multiple installs or conversions from clicks in a very short period of time from the same IP address. When the same IP address shows up in reports and is attributed to multiple conversions in a given hour or day, that is highly suspicious behavior. A user is unlikely to install multiple times from the same IP address and thus, this is fraudulent behavior.