How to detect advertising fraud?

Solution  Marketing Mix Modeling 
 Attribution 
 Analytics 
 Activation
 Module  Drive & Analyze 
 To plan 
 Enable 
 Data mining 
 Privacy Center
 Problematic Digital marketing campaigns are exposed to ad fraud through malicious practices such as click spamming and click injection . These frauds not only result in significant financial losses , but they also distort the analytical data that is essential for making informed strategic decisions.
 Objective The goal of this guide is to educate on the mechanisms and impacts of two very common types of advertising fraud . By providing clear explanations, concrete examples, and analysis methods for each type of fraud, this documentation will help you more effectively detect fraudulent activities that could impact the performance of your marketing campaigns; and implement robust solutions to prevent them .
﻿
 Difficulty  Simple 
 Intermediate 
 Advance 
﻿
﻿
 1. Click Spamming What is Click Spamming?Click spamming is a fraudulent practice where the attacker generates a large number of fake or unsolicited clicks on ads. The attacker's goal is to take credit for conversions that would have otherwise been attributed to other traffic sources, organic or paid.
﻿
 Concrete Example for an E-commerce Advertiser or a Mobile App An e-tailer launches a mobile ad campaign for its new clothing collection. A malicious publisher embeds code in a popular app that automatically generates clicks in the background without the user knowing. So, if the app is popular and the user decides to install it by going directly to the app store, the fraudulent network will claim credit for this installation thanks to the fake clicks generated previously.
﻿
 Risks for the AdvertiserFinancial loss : Paying for illegitimate conversions.
Skewed Data : Distortion of metrics, making it difficult to optimize campaigns.
Impact on strategy : Bad decisions based on inaccurate data. 
﻿
 How to Analyze and Detect Click Spamming?Click-to-Install Time (CTIT) : An abnormally long CTIT (several hours or days) may indicate click spamming.
Click-to-Purchase Time (CTPT) : An abnormally long (several hours or days) or abnormally short (less than 3 minutes to complete a purchase) CTPT may indicate click spamming.
Low Conversion Rate : High number of clicks with few installs or sales
Click Source Analysis : Sources with disproportionate click volumes compared to installs.
Suspicious user behavior : Inactive users after installation. 
﻿
﻿
« Click spamming » par Kevin Frisch (Responsable de Acquisition chez Uber).« Click spamming » par Kevin Frisch (Responsable de Acquisition chez Uber).
﻿
 2. Click Injection What is Click Injection?Click injection is an advanced form of fraud specific to Android devices . Malicious apps detect when an app installation is triggered and generate a click just before the installation is complete, taking credit for the installation.
﻿
 Concrete Example for an E-commerce Advertiser or a Mobile App A user downloads the e-commerce app from the Play Store. A fraudulent app on their device detects the start of the install and sends a fake click to an ad network. The advertiser then attributes the install to this fraudulent click, thinking that their campaign generated the install.
﻿
 Risks for the AdvertiserWasted Budget : Paying for Organic Plants.
Misattribution : Difficulty in assessing the true effectiveness of campaigns.
Loss of trust : Strained relationships with advertising partners.
 How to Analyze and Detect Click InjectionVery short CTIT : A CTIT of a few seconds is suspect for click injection.
Very short CTPT : A CTPT of a few seconds (or any abnormally short duration for the completion of a complete purchasing journey) is suspect for click injection.
Abnormal Click Spike : High volume of clicks during peak installation hours.
Source App Analysis : Identify apps generating clicks just before installs.
Geographic inconsistencies : Clicks and installs coming from unexpected geographic areas. 
﻿
﻿
 How can Eulerian help me analyze my Click-to-Purchase-Time (CTPT)? ﻿
 The practical case described below focuses on the identification of CTPTs that are too short to be able to come from human trafficking .
 In order to perform this analysis, you will need to perform a sales export from your Datamining > Sales List , adding the appropriate columns (see below). 
﻿
Path : Analyses > Datamining > Sales list
﻿
Export configuration: Click on "Add columns" , then select:
 Duration of visit (expressed in seconds)
 Marketing History
 Interaction type (post-click vs post-impressions vs revisit)
 Interaction date by channel 
﻿
Add a caption...
﻿
 Click on the "Search" button, then "Export" , and finally "Export in background task". The export will be available a few moments later.
 To download it, click on "Generation History" then on the download icon.
﻿
Add a caption...
﻿
Add a caption...
﻿
 Once the file is downloaded, delete the unnecessary columns and add a "Fraud Analysis" column (find an example of the file below).
﻿
 In the first cell of your new column (last column in the example below), copy and paste the following formula:
=SI(E16 < 180; "Fraud Suspicion"; "Valid Trafic")
 E16 corresponds to the cell in which the visit duration value is available
 180 is the minimum duration in seconds for a purchase session to be considered valid . In our case, any purchase session completed in less than 3 minutes is considered suspicious. 
﻿
﻿
Exemple d'export datamining > liste des ventes avec durée de session et formule "Fraud Analysis"Exemple d'export datamining > liste des ventes avec durée de session et formule "Fraud Analysis"
﻿
 Using the order reference and media dimensions also available in the file, identify the partner involved to further analyze the suspected fraud. 
﻿
 This way, you can effectively identify conversions exposed to a Click-to-Purchase-Time that is too short!
﻿