COVID-19 and Mobile Ad Fraud

Much like the seemingly unstoppable gangster duo of the 1930s, COVID-19 and mobile ad fraud became partners in crime in 2020. Fueled by unprecedented global uncertainty, the dynamics of mobile ad fraud evolved to become a problem that is now costing the industry more than US$ 20 billion.


What happened to mobile ad fraud in the year of the pandemic?

COVID-19 caused havoc, fear, and financial loss in more ways than one – requiring fraudsters to change focus. With everyone trapped inside, mobile engagement rose. And with it came a shift in mobile ad fraud techniques exploiting process, control, and technical weaknesses in the mobile ecosystem. In turn, this caused operators to incur hefty financial and reputational losses through malicious apps and fraudulent ad clicks.

To assess how far the pandemic impacted the mobile ad fraud landscape and how it will change the risk profile for all players in the future, Secure-D experts conducted an in-depth analysis. The analysis was based on aggregate data from Secure-D, Upstream’s full stack anti-fraud platform.

The full findings can be found in our mobile ad fraud report. But let’s look at some of the main takeaways.


The mobile wise-guy: How does ad fraud work?

Mobile ad fraud is most often conducted through two common exploits:

—  Social engineering or technical methods such as “invisible buttons”. Direct Carrier Billing (DCB) payment channels, where users charge goods and services to their phone bills, were popular targets for fraudsters.

—  Falsifying ad impressions via click farms, bots, etc. This is where advertisers unwittingly pay scammers for machine-generated clicks.

Similar to how Bonnie & Clyde’s criminal enterprise had a broad impact across the States, these two mobile ad fraud exploits affect the entire mobile ecosystem.

Left unchecked, operators will see an erosion in customer loyalty and confidence. Customer service departments will be flooded with calls from angry end-users, frustrated by their data allowance depleting faster than it should, or experiencing issues like increased battery consumption and device overheating. Simultaneously, advertisers will spend large sums of money on fake impressions.

It’s a lose-lose situation for all involved, except the fraudsters.


Key takeways

Aggregate data from Secure-D platform highlights the scale of this problem in the year of the pandemic:

  • 1 in 6 users conducting a transaction, had malware infected devices.
  • 95% of all mobile ad transactions processed were fraudulent.
  • More than 45,000 malicious apps were identified.
  • 29% of malicious apps went through the Google Play Store, but there was a shift away from Google’s official storefront to less secure third-party stores.
  • More than US $1 billion in mobile ad fraud losses were prevented by Secure-D.

Just as Bonnie and Clyde targeted small isolated gas-stations and country stores, mobile ad fraudsters looked to make small individual profits from a large number of users. As a low risk – high reward crime that can be difficult for mobile operators to tackle without the right systems in place, the true cost of this fraud is likely far greater than the numbers above suggest, which is based on activity in markets where Secure-D platform is deployed.  

The issue is only made worse by the fact that end-users in emerging markets are often the target. Here, DCB is a popular – and often the only – choice for purchasing goods and services.

These regions also have a larger number of people going online via their mobile phones for the first time.


The COVID connection: fraudsters played games as consumer focus changed

Clyde’s sister mused after his death that the duo wielded a screwdriver more often than a gun, changing license plates to avoid detection from the police. Like Bonnie and Clyde, mobile ad fraudsters were also forced to adapt their business to the changing behavior of end-users when COVID-19 hit, finding new ways to survive and avoid detection.

Our data shows fraudsters got smart. They focused their efforts on apps that exploited the need for information about the pandemic and a desire for light entertainment.

As a result, 2020 saw a shift in fraudulent activity towards the “games” category. The year prior, it was the “tools, personalization, and productivity” category. This comes as no surprise. As people spent more time at home looking for entertainment on their mobile devices, gaming became the main target for fraudsters. Like legitimate businesses, fraudsters were following the money trail. Download the report here and discover the top categories of suspicious apps.

Unlike legitimate businesses, however, fraudsters didn’t think twice to prey on the uncertainty and fear caused by the pandemic. After the pandemic’s outbreak there has been a surge in the creation of “pandemic news apps” promising access to unreleased information about COVID-19. Many of these apps were a ruse to encourage unwitting end-users to enter their personal data.

2020 also saw many “copycat” apps made to look and feel like official, government-sanctioned mobile applications designed to keep citizens updated and track local infections. In reality, these apps would install malware to gather sensitive data such as passwords, bank details, and more.


Fraudster ‘firms’ got even more sophisticated

Mobile ad fraudsters were already operating like multinational businesses before the pandemic. But this ecosystem became much more elaborate in the last 12 months. The new fraudster operational structure is often as follows:

—  Highly complex with many moving parts, exploiting the human psyche.

—  Involves many stakeholders at different levels.

—  Global in reach, operating across multiple jurisdictions.


The smoking gun of mobile ad fraud: What can be done to tackle the problem?

Hand in hand, COVID-19 and mobile ad fraud helped sow the seeds of discontent within the industry. Yet preventing mobile ad fraud has not been a key focus for industry leaders in recent years, despite global investment in mobile – and the losses they stand to suffer from mobile ad fraud – being higher than ever before.

52% of mobile operators admit to having no data security strategy in place. Much like US sheriffs from across state lines had to band together to bring down Bonnie and Clyde, industry leaders must band together to tackle mobile fraud with a proactive approach.

Get the full report here and discover actionable steps for how businesses & end users can mitigate these risks.