M&M Global: YouAppi founder Moshe Vaknin provides key insight on mobile ad fraud
With Dmexco in full swing and ad fraud high on the agenda for many advertisters Moshe Vanknin, founder, YouAppi provides insight into mobile ad fraud.
At face value it would appear mobile ad fraud is primarily a problem for the advertiser and publisher, or the app itself. Unfortunately, with advancements in mobile ad fraud it’s rarely just one fraudulent ad and it rarely affects just one user. The industry is gathering at Dmexco now and no doubt fraud will be a big topic of conversation.
While most companies are concerned about mobile fraud they focus their resources on mobile commerce (ie: card-not-present transactions), phishing attacks or ransomware. However, businesses cannot underestimate the internal cost and manpower drain caused by mobile ad fraud.
Over the last few years, the types of mobile ad fraud integrated into apps via malware has grown to include click injection, click spamming, incentivized traffic and non-human traffic. While protecting customers remains front and centre marketers should also turn their attention inward and ensure they are protecting the company and its employees.
The Far-Reaching Effects Of Fraud
There are many negative repercussions of mobile fraud for the phones affected. First in order to generate fraudulent ad clicks the phone needs to communicate with the servers hosting the fraudulent activities. This communication shorten a phone’s battery while increasing the data bandwidth used by the phone. Fraudulent ads can also slow down the phone resulting in a poor user experience.
These are actually the more benign elements of mobile ad fraud. It can also be an opening for corporate hackers to gain access to your business network. Russian hackers allegedly using fraudulent emails to gain access to the U.S. Democratic National Committee’s network made big headlines last year. There’s no reason something similar could happen with a fraudulent mobile ad or app.
A good example of how mobile fraud can impact a business was CopyCat. The ad malware attack, which infected over 14 million Android devices was the result of cyber attackers essentially hijacking apps, repackaging them with the malware and allowing them to be downloaded from third-party app stores.
The malware waited until a device is restarted to ensure that a connection between the app installed and the malicious activity wasn’t made. After restarting, once CopyCat rooted the user’s device, it allowed the attackers to gain full control essentially leaving the user defenseless and vulnerable to any type of attack.
Beyond the revenue CopyCat generated from fraudulent and malicious marketing activities the risks to the enterprise were far greater. These included adware that enabled stealing of sensitive information from infected devices, which could be sold to third parties, as well as perpetrators who could root or jailbreak devices, leaving users vulnerable to other kinds of hacks. In the future these same perpetrators could spread different, more nefarious types of malware or use them to create denial of service attacks.
Once hackers gain control of one mobile device connected to a corporate network they have all they need to breach the business’ complete network and gain access to sensitive data.
A Smart Plan Of Attack
Taking into account the broad range of device types and operating systems that today’s businesses encounter coupled with users who bring in, or buy their own hardware and software it’s nearly impossible to eliminate mobile ad fraud in the corporate network. The best way to combat mobile is via continuous employee education, which should include:
- Encouraging corporate users to be careful with the apps they install. Not only should they come from a trusted source users should also uninstall apps they no longer need
- Make sure permissions asked aren’t suspicious – a flashlight app, for example, doesn’t need to know your location
- Most importantly if something looks or seems suspicious, consult with the company’s IT department.
Cyber attackers make it their mission to supersede the latest technologies and anti-fraud measures. Without question a company’s duty is to protect its customers, but forward thinking marketers can also help their internal organisations prepare for safety and success with thoughtful and cautious preventive measures.