The Oracle Data Cloud blog highlights the latest data-driven insights and trends in digital marketing and ad tech.

  • March 1, 2019

How to protect mobile campaigns from devious forms of invalid traffic

Sam Mansour
Principal Product Manager for Moat Analytics

You’re an advertiser running a big campaign and you’ve found yourself in this scenario: one of your mobile ads had more views than ever before and an impressive click rate! You’re certain you just pulled off one of your best digital campaigns yet. Alas, the numbers seem off. A little digging drudges up more questions. Is this traffic legit? And where is it coming from?

There is a high chance you are dealing with invalid traffic. But how can you be sure and is the traffic something even more devious like ad fraud?


How invalid traffic detection catches ad fraud

Fraud in digital advertising is a subset of invalid traffic, commonly referred to as IVT. It’s important to note that invalid traffic alone is not fraudulent. For example, bots or “spiders” from search engine giants like Google are considered IVT. These bots scour the web and categorize content to help deliver better search engine results. While they aren’t “bad” bots, they still generate ads on the non-human traffic that they create and advertisers shouldn’t pay for those.

Nonetheless, ad fraud may be lurking in the midst of invalid traffic-- intent on creating false demand for ads. These “bad” bots do everything possible to appear human in order to generate illicit profits for their the bad-acting handlers.

Detection for invalid traffic continues to develop in order to validate ads actually made it to real people. For example, Moat was calling out “fake traffic” before there was a standard or broad awareness of the problem.  IVT doesn’t judge the intent behind an invalid ad impression but in the process thwarts criminals and occasionally pin points them.

Over the past several years we’ve heard of several ad fraud schemes that focused on spoofing websites and driving bot traffic to cash in. With names like Methbot, Hyphbot, and 3VE these operations were costing advertisers real money.

Unfortunately, this devious type of invalid traffic is spreading into more digital technologies, such as mobile. Discovered by Oracle Data Cloud, the recently uncovered DrainerBot was a major mobile ad fraud operation distributed through millions of downloads of infected consumer apps. DrainerBot caused direct financial harm to consumers by affecting phone battery life and chewing through data. The bot was uncovered through the joint efforts of technology teams from Moat and Dyn and took months of careful tracking to properly discern and take action against.


A move toward mobile manipulation

More and more media spend is shifting digital and with that, much of the mobile budget is focused on in-app strategy. EMarketer estimates that in-app ad spend will reach $77B in 2019, a 25% increase over last year, and 82% of the total mobile spend. This growing budget has not gone unnoticed by the fraudsters.

With mobile web and apps and the continued rise of programmatic, there is an unlimited number of loopholes for bots and fraudsters to attack. Further, not only is the in-app advertising market ten times the size of install campaign spending, it is also exposed to fraudsters regardless of the format–video, display and native are all affected. This makes the media extra vulnerable and the invalid traffic extra complicated to detect.

Given these factors, it’s not hard to see why advertisers have lost trust in the old ways of measuring their campaigns. Changing attitudes toward the quality of softer metrics like clicks, as well as the overall losses to advertisers for fraud—reported as $19 billion in 2018— illustrates the inherent challenges in digital that advertisers and publishers need to be educated about so they can understand the solutions.


Detecting in-app fraud

So how can you be sure you are monitoring, and in necessary cases, eliminating, invalid traffic?

Based on the Invalid Traffic Detection and Filtration framework created by the Media Rating Council (MRC), they have granted SIVT accreditation to Moat across Desktop, Mobile Web and, most recently, Mobile In-App. 

Moat has strict guidelines for IVT detection, including nine areas of focus across both GIVT and SIVT.


GIVT Rate (General Invalid Traffic)

  • Data Center Rate

  • Spider Rate

  • Excessive Activity Rate


SIVT Rate (Sophisticated Invalid Traffic)

  • Automated Browser Rate
  • Incongruous Browser Rate
  • Invalid Proxy Rate
  • Invalid Source Rate
  • Hidden Ad Rate
  • Session Hijacked Rate

While all IVT is important to track, SIVT is where things can get complicated and harder to detect. For that reason it’s where fraud is more likely to be lurking. Each of the metrics above has several methodologies within them which are continuously updated in order to keep pace with the ever evolving landscape.

Brands and agencies need to adjust the way they plan and measure their campaigns. No matter if the objective is brand awareness or sales lift, the first step is making sure you’re reaching real users. Whether malicious or not, undetected IVT can devalue performance metrics, or worse, deplete budgets for which marketing organizations often fight so hard.


How to avoid wasting media dollars

It’s critical to protect campaigns from invalid traffic, whether it’s a known spider providing a useful service or a nefarious network (see: DrainerBot). Thwarting devious enterprises that benefit from the anonymity of the web and the complexity of our digital ad ecosystem is imperative. Along with partnering with the right measurement provider, here are some steps brands and agencies can take to help in the fight:

  1. Measure multiple metrics and connect them to outcomes.
  2. Employ IVT avoidance technology where possible, such as targeting capabilities or ad blocking.
  3. Setup alerts to inform campaign managers when an inventory source has high invalid traffic.
  4. Work with your publishers to better understand the causes of IVT on their site and encourage them to manage it with tools like Yield Intelligence.
  5. Test, learn, optimize, repeat.


To learn more about how to protect your ad spends, check out our white paper on invalid traffic.


Moat continues to expand its measurement capabilities and is better than ever at helping you detect and prevent invalid traffic in advertising. If you are interested in learning more, contact your client representative or contact the Data Hotline.


About Sam Mansour

Sam Mansour is Principal Product Manager for Oracle Data Cloud's Moat Analytics. Moat provides an ad verification platform for brands, agencies, publishers and technology platforms to measure and optimize their advertising. With a history of developing cutting edge ad products for both the advertiser and publisher side of the ecosystem, Sam is well versed in the tools and technologies of the trade. He applies his experience to his focus on General and Sophisticated Invalid Traffic (IVT) detection at Moat.


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.