Mobile FraudMobile Heroes

Kirill Grigorev by Kirill Grigorev | October 26, 2021

Kirill Grigorev is Senior Marketing Manager at Dataduck, a creative publishing studio that delivers tailored service and works globally across multiple channels. Before joining Dataduck, Kirill worked as a lead designer for three years, developing banners, interstitials & other ad creatives. From 2017 on, Kirill has focused on user acquisition, ad creative optimization, and finding new media sources at Dataduck.

Read Kirill’s blog in Russian here.


Ad fraud evolves as rapidly as the marketing industry itself. As anti-fraud systems learn to prevent fraud schemes, scammers simply move on to new solutions that allow them to continue to reap profits.

Severe threats from a year ago now cause fewer damage thanks to successful blocking solutions such as anti-fraud systems built into MMPs. But old systems of fraud are already being replaced by new techniques that are more difficult to recognize.

In this post, I cover one of the most common fraud schemes in mobile marketing, its main indicators, and its impact on the performance of financial apps.

Attribution fraud

Attribution fraud is the most insidious type of fraud scheme in mobile marketing. It is difficult to recognize and equally difficult to assess its impact on a campaign. In this scheme, platforms attribute an organic conversion, or a conversion generated by a different source, to a fraudulent one.

Types of attribution fraud include Click Spamming and Click Injection (intercepting installs). Additionally, unscrupulous partners often increase the attribution window for tracking links. This allows them to generate more conversions. To prevent tampering, check your attribution windows regularly when working with a new partner.

Other times, the method is less obvious. For instance, a publisher may use a click URL to track impressions as well as clicks. The absence of clicks or clicks that outnumber impressions by a factor of 10 or 100 are possible indicators of malicious activity. But then again, not all partners have a technical base for tracking impressions. These indicators should only be used in conjunction with other indicators.

More advanced fraudsters mask click injection with forms of non-attribution fraud, i.e., fake installs. When this happens, abnormal metrics might neutralize each other, making their activities much harder to spot.

The Negative Impact of Attribution Fraud

Attribution fraud causes major harm to the marketing industry. Not only do companies suffer financial losses caused by overpaying for installs and post-install events that are organic, but they also suffer forms of indirect damage with far-reaching implications. Because these are harder to quantify, many advertisers underestimate the impact of fraud.

Indirect damage from attribution fraud (mainly click injection) affects the metrics of legitimate and high-quality traffic sources. If attribution fraud is widespread, legitimate traffic sources will attribute to fewer conversions, which lowers Installs per Mille (IPM). Sources of Cost Per Install (CPI) based purchases will receive fewer install event postbacks, and because the conversion rate has fallen, the algorithms will automatically decrease the ads’ display priority. When CPI is stable, the traffic volume via quality traffic sources still declines. This reduction can be considered indirect damage.

IronSource suggested a possible solution in its report “Monetization and UA benchmarks for mobile games in 2021.” It recommends tracking the total number of installs each time a new traffic source launches. If there is suspicion that already active sources are non-incremental, you can pause the campaign and see how the indicators change (Source).

Advertisers who attract users from many different traffic sources are highly vulnerable to attribution fraud. There are specific app categories where attribution fraud proves especially attractive for fraudsters—for instance, financial apps with relatively high CPIs and CPAs. If your product offers traditionally high payouts for installs or post-install events, it makes sense to monitor carefully the quality of the traffic sources you work with.

Recognizing Attribution Fraud

Abnormally high Assisted Installs combined with a low CR (click-to-install conversion rate) and anomalies within long CTIT (hours, days) may indicate Click Spamming. You can also look at the number of clicks per traffic source—abnormally high values may be a good indicator. With Click Injection, anomalies mainly occur in the first seconds of short CTITs, while CRs may sometimes be too high, too.

Latest Trends

Since mid-2021, Dataduck began encountering a new type of attribution fraud: Impression Flooding. This technique is very similar to Click Flooding but less effective due to its specific features. With MMPs, impressions often have a lower priority and a narrower attribution window than clicks, so the traffic received by this method is significantly smaller than through click flooding. We are currently investigating sources believed to be engaging in this type of fraud. We aim to develop an optimal strategy to minimize the negative impact of these sources on user attraction.