Skip to content

Fraud Reasons

What are Fraud Reasons?

Traffic anomalies are divided into several categories, each category being a Fraud Reason - a generalized reason for fraud.

Fraud Reasons are further divided into lower-level groups - Extended Fraud Reasons - more detailed (extended) reasons for fraud.

Activity

A category of various suspicious actions related to performing conversions.

For example, an anomalous rate of transitions from impressions to clicks in the impression-click-install funnel is typically a sign of click-spamming in attribution based on both impressions and clicks.

Attribution

A category of anomalous activity that may constitute fraud during attribution:

  • Clickspamming - an app installation attributed to a click, which is an organic installation captured by an ad network through user fingerprint spam algorithms;
  • Click injection (Android only) - a specific type of fraud for Android where a click is simulated to steal an organic installation.

Blacklist & Dynamic Blacklist

Blacklist and Dynamic Blacklist (for mobile devices) are parameters that help detect and block conversions made by users whose IP address was recently used by fraudulent devices (devices used to perform fraudulent actions).

Browser

The Browser category flags situations where an outdated browser version is used.

Currently, almost all browsers automatically update to the latest versions. Fraudsters more often use outdated browser versions, as they lack the necessary control and security updates available in newer versions.

Click

The Click category refers to a group of parameters flagging users with anomalies in clicks.

For example, a suspicious distribution of time between clicks on different ads. Bots typically make such clicks.

Crawler

A category flagging search engines and other automated scanners.

Datacenter

The Datacenter category flags traffic originating from servers in data centers or known cloud platform providers, rather than from residential or corporate networks, which have a very low likelihood of being from a real human user.

Device

A category encompassing all anomalies detected in device parameters:

  • Fake device identifiers (user agent, IDFA/Android ID, MAC address, etc.) and their combinations;
  • Device emulators;
  • Hacked devices with a user present, where additional HTML or ad calls are made independently of the content requested from the user’s IP (all violations identified by IP address in combination with other conversion parameters).

Events

Events - a group of parameters that help identify fraudulent conversions based on in-app event data.

For example, conversions made by users who did not continue using the app after the target event.

HighCR

A category indicating an anomalously high conversion rate from click to conversion (installation or registration).

This characteristic is typical for sources with bot-driven devices and may indicate the presence of incentivized users.

IP

A category of anomalies or suspicious actions related to IP addresses:

  • Multiple transitions from the same IP;
  • Multiple conversions from the same IP subnet.

IP addresses are also constantly checked against “black IP” databases.

LowCR

A category indicating an anomalously low conversion rate from click to installation.

Typically, this is a sign of click-spamming.

Operating system (OS)

A category of issues with the operating system is considered fraudulent.

Abnormal distribution of devices in traffic (device models, browser versions, operating system, etc.).

Proxy

A category of anomalies identified by IP address in combination with other conversion parameters:

  • Traffic is routed through an intermediary proxy device or network, where ads are displayed on a user device with a real human user;
  • IP addresses associated with known botnets and adware;
  • A user actively hiding their identity or performing conversions from an undesirable GEO.

Source

In this category, all anomalies are related to traffic sources:

  • A click made from a suspicious website;
  • The traffic source does not match the declared source.

Individual

A category that includes Extended Fraud Reasons developed individually for the client.