Mobile app fraud: how to fight back to protect against risk

mobile security

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Carlos Marques, Head of Product Marketing at WeDo Technologies looks at what marketers and operators can do to counter app fraud.

Across all factions of the mobile industry, fraud is presenting unprecedented problems, with a recent report from BI Intelligence revealing that mobile app marketers are expected to have lost more than $100 million in 2016 due to app install and engagement fraud. In addition, the report stipulates that a further $250 million will be lost without being verified as fraud, taking the total potential revenue loss to $350 million.

Against this backdrop, fraudsters are using increasingly more sophisticated methods to target mobile app marketers; for example, encouraging advertisers to pay for fraudulent in-app engagement or false installs. With BI Intelligence estimating that app-install ads accounted for 25 per cent of total US mobile ad revenue in 2015, together with the fact that app-install ad revenue is expected grow to over $7 billion in the US by the end of 2020, mobile app marketers need to wake up to the risk this kind of fraud presents to their business’ bottom line.

However, it is not just mobile app marketers who are at risk; consumers are subject to increasing levels of fraud. Losses from fraud are also replicated across the telecoms industry at a much larger scale, with a report from the GSMA highlighting that telecom operators will have faced nearly $300 billion global loss from uncollected revenue and fraud in 2016. With such significant risks looming, it is vital that both app marketers and operators act now to tackle fraud and protect their businesses.

A surge in smartphone fraud

With the rise of app-install products offered by leading advertising platforms such as Facebook, Twitter, Google, Instagram and Snapchat, smartphones today are a much more appealing target for potential fraud than ever before. While the responsibility and the liability of installing mobile apps on a smartphone falls to the owner of the device, operators often lack the insights or resources to actively identify and address mobile app fraud.  As a result, instances of fraud on mobile phones, such as one-click fraud, have surged due to the widespread use of smartphones and growing number of mobile apps.

Apps can be used to implement fraud on smartphones in a number of ways. As an example, fraudsters can create a fake site that leads users to access what they think looks like a funny video website. By clicking on a video, the user is redirected to a page that asks if they would like to follow the website for receiving future videos. A download page will then be displayed, and if the user clicks the download button, they will download the fraudulent application onto their phone. This page will also include instructions to the user on how to install the application.

After installation, to persuade the user to make a payment, the app frequently opens the browser and displays a registration page with user details such as the customer ID, phone number and bank account used on the device. This kind of fraud is almost identical to the fraud approach used on Windows computers, and the fact that fraudsters can determine both their phone number and email address is a frightening development for smartphone users.

The importance of education 

Unfortunately, most users give fraudulent apps permission to access their information without realising. It is therefore important that users learn to recognise suspicious traits, such as the fact that it is unusual for an app that is meant to broadcast videos to request access to the user’s location, or ask to search their accounts. Through increasing awareness, consumers will be better equipped to recognise fraud, and less likely to fall into fraudsters’ traps.

Taking a unified approach to fraud and security

In addition to educating consumers, operators and app manufacturers must ensure they have robust and agile fraud management systems in place. Traditionally, fraud detection in the telecom industry has been looking at CDRs (Call Detail Records) as the primary source of fraud detection. However, as CDRs are in short supply in the IP world, operators can enrich CDR based fraud detection with IP threat intelligence to ensure that fraud management solutions link to security. This is achieved by connecting with third party IP reputation lists (security feeds) to add additional intelligence, and evaluating if verification is required. This type of solution will help businesses to cost-effectively identify and prevent fraudulent activity, at the earliest stage, as a first line of defiance.

Operators can also enrich CDR-based detection with third party lists to prevent frauds such as subscription fraud, by providing every new subscriber entering the network with a score rating to rank activities from low to high risk. In the same way that every new subscriber that enters the network is monitored, an IP address should also be analysed. For example, when security vendors detect suspicious activity, such as spam or viruses originating from that address, a negative or positive reading can be provided.

By analysing the trillions of events every year that are generated by mobile devices, security systems can provide fraud management teams with threat intelligence in real-time, enabling them to identify and block fraudulent IPs, user agents and device IDs and prevent fraud before it occurs.

However, having a security system in place is not enough to prevent app fraud in its entirety; fraud and security teams will need to work seamlessly with one another to fraud mitigate risk. Linking security information with a fraud management system that relies on robust statistical anomaly detection and machine learning can improve the ability to detect abnormal trends and patterns that can be linked to fraud on specific apps installed by groups of users in the CSP networks.

With the Business Insider report highlighting that fraudulent players are becoming increasingly sophisticated, it’s clear that operators, and the industry as a whole, must act now to protect both app marketers and consumers from growing fraud threats. Only through this approach will they be able to protect their customers, their business and their reputation.


Carlos Marques_2Prior to joining WeDo Technologies in 2009, Carlos Marques held roles in marketing and sales for various IT companies. In his current role, Carlos is WeDo Technologies’ product marketing manager, where leads the company product board and acts as the meeting point between product and services strategy. Carlos is also responsible for managing the product roadmap process within the company.

Tags: , , ,
  • TechXLR8

  • BIG 5G Event

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.