Scalarr discovered Complex VTA Spoofing fraud
Fraudsters have upped the ante and are now operating under a new scheme - Complex VTA Spoofing, which is the method of faking tracking links to spoof clicks as impressions

New fraud in town

It’s clear that mobile is no longer a complementary channel, but instead, it has become a driver of digital transformation. So far, the worldwide mobile app revenue in 2019 is close to 462bn USD via paid downloads and in-app advertising, which comes as a result of the nearly 194 billion downloads that occurred in 2018.

One of the most widespread categories of mobile ad fraud is attribution fraud when organic users are stolen. Organic users are engaged and motivated to make use of the mobile app; this makes users a greater target for attribution fraudsters, which mainly use popular fraud types such as click spam and click injection.

But fraudsters have upped the ante and are now operating under a new scheme that is still unfamiliar but malicious nonetheless. Scalarr, an authority in using machine learning algorithms as part of its ongoing commitment to fighting mobile ad fraud, has recently discovered this new type of fraud that is severely impacting advertising campaigns. The name of this newly-discovered fraud type is Complex VTA Spoofing.

What is Complex VTA Spoofing?

Complex VTA Spoofing is the method of faking tracking links to spoof clicks as impressions. View-through attribution (VTA) has become the preferred choice of fraudsters to attack and perform Complex VTA Spoofing. In essence, fraudsters use Complex VTA Spoofing to hide spam clicks as views and steal organic traffic.

This latest form of mobile performance fraud, as uncovered by Scalarr, focuses on ad views, which fraudsters love to target to stay under the radar as fraud patterns in views are harder to detect; by default, and before Complex VTA Spoofing was on the radar, installs acquired via view-through attribution were considered non-fraudulent.

“Scalarr's Data Science and Analytics team has done a tremendous job at validating the new fraud patterns found by our Unsupervised Machine Learning engine. Having noticed an abnormally large percentage of installs with view attribution within certain sources, we conducted a deep analysis, which led to the identification of a new type of fraud - Complex VTA Spoofing,” says Sergiy Zaichenko, Lead of Data Science and Analytics at Scalarr.

Unveiling a new fraud scheme

As we’ve covered, fraud patterns in ad views were typically overlooked as many fraud detection tools considered them non-fraudulent by default. Thus, VTA campaigns were not analyzed in detail - giving headway to fraudsters to advance their criminal methods.

Scalarr is the only anti-fraud solution that makes use of several layers of Machine Learning algorithms to analyze data from mobile ad campaigns in all stages, starting from views, clicks, installs, and unlocking post-install events analytics.

This comprehensive analysis coupled with Scalarr’s machine learning-powered engine enables Scalarr to analyze patterns in views that show signs of irregular behavior.

Scalarr’s engine is non-stop working to not only detect all known fraud types but to also reveal new fraud patterns; that is how Scalarr, after validating traffic analysis results, is the only anti-fraud solution that can confidently confirm the discovery of the new fraud type to watch out for - Complex VTA Spoofing.

How does this fraud work?

Fraudsters are continuously searching for ways to make fraud attacks more sophisticated, and Complex VTA Spoofing is proof of it.

As explained, Complex VTA Spoofing works by spoofing or masking spam clicks as views, which are then attributed by a mobile measuring partner (MMP) as VTA. A clever scheme to eat away from marketing budgets.

With further detail, Complex VTA Spoofing works as follows:

  1. Fraudsters receive a tracking link from the publisher for VTA.
  2. Fraudsters use this link to target users who are watching an ad and generate a great number of fake clicks in the background and without the user’s knowledge.
  3. Fraudsters replace the click-link with a view-link to conceal the abnormal conversion rate (CR), in case of click-attribution.
  4. As a result, these fake clicks are spoofed as views and completed installs are attributed by MMP as VTA. Fraudsters stay in the shadow and get paid.

Based on the results of Scalarr’s daily analysis of client data, the estimated impact of this newly discovered fraud type is targeted to affect nearly 60% of attributed paid installs in given campaigns. In August 2019, Scalarr discovered Complex VTA Spoofing in certain traffic sources of their client TextNow, the estimated savings is $72,000 in a month. The potential losses due to this new fraud are nearly $1 million per year just for TextNow, and imagine what the total losses for all advertisers could be!

Inna Ushakova_CEO & Co-Founder at Scalarr.jpg
One of the main trends in mobile ads is a significant increase in the speed of reverse engineering by ad fraudsters. This process never stops, and the attacks of fraudsters are becoming more and more sophisticated. A big misconception on the marketer’s side is the belief that if their fraud level is low at the moment, then they are constantly protected. And our recent discovery of a new kind of mobile ad fraud - Complex VTA Spoofing - confirms this misconception.
— Inna Ushakova
CEO and Co-founder of Scalarr

No time to lose - time to act!

Instead of waiting for traffic to show signs of Complex VTA Spoofing, mobile marketers should proactively implement security measures that help strengthen anti-fraud strategies as fraudsters are typically discouraged by solid defense measurements and move on to more vulnerable advertisers.

Ideally, and because it is a much-harder-to-detect fraud type, mobile marketers would be wise to partner with Scalarr who not only discovered Complex VTA Spoofing, but who also understands this new fraud type from top to bottom and has the ability, tools, and resources to address it and fight it.

Ready to take action with Scalarr? Request a trial now.