Forbes: Mobile Ad Fraud: Why Should An Enterprise CIO Care?

August 30, 2017

Mobile Ad Fraud: Why Should An Enterprise CIO Care?

Most of the CIOs I meet with are concerned about mobile fraud, but they focus their resources on mobile commerce (card-not-present transactions), phishing attacks and/or ransomware.

CIOs and CTOs should not underestimate, however, the cost and manpower drain caused by mobile ad fraud for their corporate users and IT teams.

Shutterstock

At face value, it would appear mobile ad fraud is primarily a problem for the advertiser and publisher — or the app itself that’s running the fraudulent ad. Why should a CIO or CTO care? Unfortunately, with advancements in mobile ad fraud, it’s rarely just one fraudulent ad.

Over the last few years, the number of different types of mobile ad fraud integrated into apps via malware has grown (and continues to grow) to include click spamming, click injection, ad stacking and invisible ads. Now, if an app that contains malware is downloaded by someone in a corporate environment, that could enable a hacker to use one of the aforementioned mobile ad fraud tactics to access the corporate network. It’s also highly likely that the initial corporate user who downloaded the app with the malware would encourage friends in the office to also download that app, infecting their devices, which could ultimately compromise the network.

The Far-Reaching Effects Of Fraud

There are many negative repercussions of mobile fraud. First, in order to generate fraudulent ad clicks, these phones need to communicate with the servers hosting the fraudulent activities. Next, these communications shorten a phone’s battery while increasing the data bandwidth used by the phone. Beyond this, fraudulent ads can also slow down the phone, resulting in a poor user experience.

So far I’ve addressed the more benign side of mobile ad fraud. Unfortunately, it can also be an opening for corporate hackers to gain access to your corporate network. Remember how alleged Russian hackers used fraudulent emails to gain access to the Democratic National Committee’s network? There’s no reason something similar could happen with a fraudulent mobile ad or app.

A good example of how mobile fraud can impact the enterprise is the ad malware attack from last year named CopyCat. The attack, which infected over 14 million Android devices, was the result of cyberattackers essentially highjacking apps, repackaging them with the malware and allowing them to be downloaded from third-party app stores. CopyCat utilizes an advanced technology to conduct various forms of ad fraud, including getting credit for fraudulently installing apps, displaying bogus ads while hiding their origin (so users can’t understand what’s causing the ads to pop up on their screens) and installing fraudulent apps directly to the infected devices.

With CopyCat, the malware waits until a device is restarted to ensure that a connection between the app installed and the malicious activity isn’t made. After restarting, once CopyCat roots the user’s device, it allows the attackers to gain full control of the device, essentially leaving the user defenseless.

Beyond the revenue CopyCat generates from fraudulent and malicious marketing activities, the risks to the enterprise are far greater:

  • Adware enables the stealing of sensitive information from infected devices, which can then be sold to third parties.
  • The perpetrators of adware campaigns root or jailbreak devices, leaving users vulnerable to other kinds of hacks. In the future, the same perpetrators could spread different, more nefarious types of malware or use them to create denial of service attacks.

Once hackers gain control of one mobile device connected to a corporate network, attackers then have all they need to breach the business’ complete network and gain access to sensitive data. Adware, which roots a device and leaves it vulnerable to any type of attack, is ultimately what these hackers are looking for in order to infiltrate a corporate network.

A Smart Plan Of Attack

From the broad range of devices, device types and operating systems that today’s CIO must support, coupled with users increasingly bringing in or buying their own hardware and software, it’s nearly impossible to eliminate mobile ad fraud in the corporate network. The best way to combat mobile ad fraud is via continuous employee education:

  • Corporate users should be careful with the apps they install. They should install popular apps from Google Play or Apple’s App Store that are familiar to corporate system administrators and uninstall the apps they’re no longer using.
  • Corporate users should make sure that the permissions asked aren’t suspicious. A flashlight app, for example, doesn’t need to know your location.
  • If something looks or seems suspicious, consult with your sysadmin.

While cyberattackers make it their mission to supersede the latest technologies and anti-fraud measures, savvy CIOs can set their organizations up for safety and success with thoughtful and cautious preventive measures.

– Ofer Garnett

You may also be interested in

Five New Apps You Need to Check Out!

Didn’t hear about the newest celebrity keyboard? There’s a lot going on in the world! Taking time to look for new apps shouldn’t be another item to add to your list. We’re here to help! Every week, we round up five new apps that you should definitely check out. StephMoji With the NBA Finals in […]

Continue Reading

MobyAffiliates: YouAppi Adds Re-engagement Campaign Tool for Improved Mobile App Marketing

YouAppi Adds Re-engagement Campaign Tool for Improved Mobile App Marketing by Anne Freier Driving app installs is just one piece of the app marketer’s puzzle. However, a majority of apps lose users on the day of the install. That’s why mobile app platform, YouAppi, today announced the expansion of its OneRun platform to include Re-engagement. According to […]

Continue Reading

[YouAppi Infographic] Travel Apps Are on the Rise!

From strolling along the Seine to bushing-whacking through the jungles of Rwanda, there’s no shortage of travel fantasies, but as for actually getting from point A to point B, well, that’s no fantasy at all. So, it’s no surprise that in our highly digital world, that demands convenience and immediacy, we’re seeing a rise in a adoption of travel […]

Continue Reading

Looking to Identify High Quality Users with High Lifetime Value?

YouAppi is a fully managed solution for mobile brands, providing one single point to streamline their mobile media buying. YouAppi’s OneRun platform combines the power of machine learning with our proprietary predictive algorithms, and cohort technology, to analyze the mobile content consumption patterns of over 1.5B users, converting data into profitable users.

Access the Intelligence of YouAppi’s OneRun Platform:

  • 2 billion mobile profiles
  • 16,600 campaigns
  • 4.200 mobile apps and sites
  • 200 countries
  • 100 billion impressions monthly
  • 12 offices and global data centers
Let's Get Started