Cyber Talk: Watch out for online advertisement scams
India, with a 1.39 billion population, has over 1.10 billion mobile phone connections, 624 million with access to the Internet and 448 million with social media accounts. This also means we are prone to online frauds and online advertisements are an easy way to do social engineering crimes with the objective of either stealing money […]
India, with a 1.39 billion population, has over 1.10 billion mobile phone connections, 624 million with access to the Internet and 448 million with social media accounts. This also means we are prone to online frauds and online advertisements are an easy way to do social engineering crimes with the objective of either stealing money or damaging reputation online.
Advertisement fraud is a practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue from the clicks. Online advertisements frauds happen through — Email, WhatsApp, SMS, fake websites, e-commerce platforms, social media and applications.
Sources for advertisement frauds include Botnets, Data Centres, Browser Toolbars, Infected Software (Malware), Paid to Click Websites (PTC), Free Apps and Click Farms.
Methods of fraud:
Click Hijacking: Click hijacking is when a fake click is sent to an acknowledgment directly after the installation has begun. There are two types of click jacking. (A) Organic acknowledgement fraud occurs when a legitimate and organic installation is incorrectly acknowledged to a deceptive user. (B) Paid attribution fraud is essentially the same. However, instead of an organic installation being wrongly misattributed, it is a genuine paid installation that is being misattributed to another deceitful source.
Fake App Installation: Advertisements are frequently displayed within mobile applications, especially for free apps available outside of Play Store or App Store. For this type of fraud, fraudsters employ groups of people to install apps thousands of times. Instant Loan Apps are a classic case study for this type of fraud.
Botnet Advertisement Fraud: Fraudsters use botnets to generate thousands of fake clicks on an advertisement displayed on a website.
Hidden Advertisements: This fraud targets advertisement networks that pay based on impressions (views) and not clicks.
Types of frauds:
Attribution fraud is when a user downloads an application and a fraudster attempts to claim attribution for that download. (1) Click Spam – Pay-per-click advertising model, advertisers pay a fee for each click on their ad, anticipating that they have attracted a potential customer. (2) Ad Stacking – fraud in which multiple ads are layered on top of each other in a single adv placement. (3) Click Injection: Android advertisement fraud where a click is generated just before an app is fully installed so that the fraudster will get credit. (4) In-app Event – Incorrect attribution of paid in-app events to fraudulent sources, on paid campaigns.
Install fraud occurs when app installations are not from genuine app users; these could be bots or people who are not their intended users. These installs don’t deliver a return on advertisement spend. (1) App Install Farms: a group of people or technology that installs, launches, and then uninstalls apps from devices. (2) SDK Spoofing – Creation of legitimate-looking installs with data of real devices without the presence of any actual installs
Modus Operandi
a) The fraudster sends the clickbait messages via SMS, WhatsApp, email or social media
b) A fraudster creates a fake advertisement on social media platforms and on Google Advertisements. Fraudsters mainly advertise things that are trending, like the new iPhone model
c) When a victim gets attracted to advertisements and is approached by a fraudster, the victim is asked to pay an amount as a booking /advance fee.
d) The victim pays the requested amount with the belief that he will get a product at a discounted rate.
e) Again, the victim is asked to pay an additional amount towards delivery, GST and express delivery charges etc
f) The fraudster sends delivery tracking details to make the victim believe it to be true and the victim initiates the money transfer
g) After the victim transfers the money, the fraudster blocks calls and all means of communication.
How to stay safe
• Invest in reliable anti-fraud / malware tools
• Check the short links https://isitphishing.org/ if there is a phishing activity
• Please check the authenticity of the SMS headers https://smsheader.trai.gov.in/
• Check the apps (Accesses you are giving) before downloading and using https://reports.exodus-privacy.eu.org/en/
• Check email before /doing any financial transactions https://mxtoolbox.com/EmailHeaders.aspx
• Block countries with the highest advertisement fraud rate (Pakistan)
• Search the website in incognito mode to see how it appears to others
• Blacklist suspicious website and regularly update that list
• Use the advertisement block features on the browsers
• Install application only from App Store or Play Store
• Never install application using .DMZ or .APK files sent via E-mails, SMS or Messengers
• Pay attention to metrics that require human interaction, such as inquiries, conversions or purchases etc.
