Know Your Fraudster

14 March 2023
Reading: 7 min

Do you know that 29.39% of all mobile traffic is fraudulent? Fraud is a plague of affiliate marketing that damages all the parties involved. But how to fight it back? Anti-fraud systems, long hold periods, manual checking etc. are the most common answer. Yet, in order to win the battle against fraud, you need to know your enemy. Therefore, we invite you to learn more about the fraud traffic types, as well as to provide the hints and tips on how to mitigate their impact on your campaigning.

Traffic types 101

First, let us define all the traffic types, so we have a clear understanding of where the fraud stands. All traffic streams can be divided into four groups:

  1. Live traffic: real people with genuine stimulus to complete target actions, thus bringing profit to publishers, CPA-networks, and advertisers.
  2. Incentivized traffic: real users, motivated to complete a target action for a freebie — their motivation is insincere, and they do not remain hooked for long.
  3. Fraudulent traffic: trash sources, filled with cheap or bot traffic. In any case, the conversion rate of fraud is close to zero.
  4. Mixed traffic: simply a combination of the trio above.

Fraud is everything opposed to the real users seeing ads, clicking on them, and completing target actions. It is a dark side alternative to fair traffic acquisition techniques that can be used by both publishers and webmasters. There are two types of defrauding:

  • AI-based: bots, impersonating humans
  • Human-based: zero chance of impression or deception of advertiser

Bots can be different

Bot traffic generates clicks or impressions out of thin air. They vary in their complexity, resulting in different set of characteristics like detectability, predictability, efficiency etc.:

  • Casual bots: scripts, launched from a server like Amazon Web Services. Static IP, user agent, and cookie ID assure their high detectability, which is why they can be blocked easily.
  • Smart bots: dynamic IP, randomized proxy, and CTR close to the average make them more concealable. Can hold high retention rate of up to 2 weeks, make deposits, and even imitate mouse movements.
  • Botnets: large number of hosts housing a few bots. While hard to detect, they act relatively predictable thanks to the programming.
  • Self-learning botnets: neural networks rewrite bots’ behavior to prevent any attempts to detect the AI. Neural botnets are used predominantly for hacking, so the affiliate marketing is safe…yet.

How people are fooled

Know Your Fraudster

Source: FraudScore report

Fraud can take multiple forms. When it comes to human-based fraud, the creatives are shown to people but with a bunch of nuances:

  • Invisible ads: doubling the impressions by hiding one ad behind another or uploading a pixel with ad to iframes. Invisible ads can be countered with Pixalate or Integral Ad Science.
  • Cookie stuffing: leading to a side resource or advertiser’s website with a popunder behind. Either way, the subwindow assures the cookies or UTM respectively are loaded and benefit the maladvertiser.
  • Click spamming: organic poaching registers the user as interacting with an ad without their consent and even knowledge. This is dangerous, because it may look like as if the maladvertiser brings in the organic traffic with high retention rate, while in reality the impostor does nothing.
  • Click injection: making a malevolent app that can listen to “installation broadcasts” on Android can help the maladvertiser to inject clicks into the downloading process, resulting in a messed up attribution model — a more neat version of click spamming.
  • SPK spoofing: creating legitimate looking installations with data of real devices, without actual installations. It boils down to the notorious “man-in-the-middle” attack, where the SSL is decrypted and the freshly installed mediator starts to impersonate the interacting parties.
  • Tracker (TDS) manipulations: replacing data in tracking software in order to convince the affiliate program that the performance is greater than it is.

Although classified separately, incentivized traffic is a type of fraud, because users’ motivation is insincere and their retention rate is overwhelmingly low. Incentive traffic might be allowed in rare cases, but generally it’s a red flag, much like the fraudulent traffic.

50 Shades of gray

Surprisingly, but not all the fraudulent practices are straight up bad. In case of the following practices, much depends on the intention of media buyer. Sometimes, they are a legitimate way to enter the whitehat territory with gray stuff.

  • Email spamming: irritating mails that the users didn’t opt for, often prevent the conversion. However, when you have a unique selling proposition, this hard-sell technique can earn you a fair share of conversions. Just don’t go overboard and start with something less intrusive and annoying.
  • Domain replacing: redirecting to side resources, basically a doorway or cloaking. While in some cases it might be considered as misleading, there is no other way to enter whitehat platforms like FB to promote non-whitehat products of adult or nutra.
  • Onclicks: clickunders, popunders, popups—they all are here. Those are the windows that unveil behind or over the main browser window. Not necessarily something bad, especially considering that the advertisers understand the futility of hard selling constantly.
  • Brand bidding: no advertiser is willing to compete against its own ads. This is fraud, because it makes the maladvertiser’s ads resemble the official ones without the respective permission. However, if the brand owner doesn’t have its own ads due to budget or time constraints, brand bidding transforms into legitimate outsourcing.

To avoid any misunderstandings, make sure to talk to your dedicated manager first, before launching a campaign. There is always a room for an exception, and what is always forbidden might be allowed in some specific cases. Vice versa, the allowed sources may be banned for the most bizarre reasons imaginable.

How to beat the crap out of fraud

Fraud disrupts all digital marketing elements: CPA-network loses its reputation, web-master gets banhammered and unpaid, and advertiser wastes time and money on non-target leads. ZorbasMedia is against defrauding the partners and stands for fair play, long-term relationship, and mutual trust. Which is why we decided to elaborate on how to counter the fraudulent traffic, should the need arise.

Fraud can be detected and removed from the flow manually, which is not a good endeavor in terms of time-management. While there is no 100% anti-fraud solution, you can use fraud detecting systems, capable of bot prevention and traffic filtering. Some good examples of anti-fraud systems are:

But AI alone will never save you from inadequate share of traffic, you need to state the goals of your campaign clearly. Also, adding a 30-day-long hold period is an efficient solution to assess the traffic quality and detect almost any fraud.

Make sure to monitor your retention rate carefully. It is based on the user dynamics throughout the period:

Retention Rate = (CE — CN) / CS х 100%

CE = Customers at the end of the period measured

CN = New customers brought during the period measured

CS = Customers at the start of the period measured

Low retention rate is either a sign of fraud or unfulfilled users’ expectations. Other signs of fraud are:

  • Sudden shifts in performance without changing anything in a campaign
  • Same time of activity, especially applicable to large GEOs like Russia, China, or the USA with many timezones
  • The majority of activity belongs to outdated smartphones or unpopular browsers


Protect yourself from fraud by making the payout model more complex (installs, in-game actions) or increase the hold period. Use common sense, because a sudden rush of installations at night is a sign of non-human behavior. Use anti-fraud software to give the bot abusers a taste of their own medicine.

Always negotiate terms and conditions with the dedicated manager, because even fraud is occasionally allowed, at least some versions of it. This boils down to the campaign objectives and brand goals. But even if you fail to detect each and every fraud, sometimes it’s better to let go and save more time, which can be invested into more profitable activities than witch-hunting.

Have a story to tell about traffic arbitrage?
Become a ZorbasMedia contributor!
Become an author