• Home
  • Blog
  • What is Click Spam & how does it work ?

What is Click Spam & how does it work ?

Due to developing countries such as India, Brazil and China the worldwide mobile market continues to grow rapidly. According to industry research and stats, these countries will bring more than 400 million new users ,in the mobile scene during the following years. 



Companies that intend to bring in revenue streams with an App, need to know that the most important component is — the user.
The more users an app engages, the more money can be made. 

However, the user acquisition process has its pitfalls, where fraudsters can harm your traffic quality/ channels therefore your revenues.

ClickSpam is a known, but complex attribution problem in the performance marketing scene. In a few words: ClickSpam means that a fraudster uses an app (e.g. Flashlight App) to steal organic users and attribute an app install, to himself in order to receive a commission.



We want to showcase this complex fraud case step by step with an example:

Flashmo Mobile Fraud App

  • User installed Flashmo App from the Appstore
  • During the App Usage or even in the background Flashmo sends automatic clicks to the MMP / Advertiser for various offers
  •  Days later the user installs one of the popular apps. Because of the previous Clicks and the associated Device this conversion gets attributed to the Affiliate that owns the Flashmo App.
  • The user creates activities and spends money in the App and KPIs look very good.

Click Spam is attribution Fraud generated by a large amount automated / fake clicks to steal conversions from organic traffic and other legitimate traffic sources.

Sven Hezel (Founder of 24metrics) Tweet

How to identify ClickSpam ?

When Click Spam occurs, analysing session time is a major factor to recognise it. Session Time describes the time between a click and the install. 
You should notice that conversions are not coming in, within the first hour as normally expected. Instead conversions appear with randomly distributed Click to install times that span across the the whole or even multiple days

In the picture below, you can see the difference between fraudulent and good quality traffic inside of FraudShield.

Normal Session Time Distribution

Example of Traffic without ClickSpam

ClickSpam Session Time Distribution

Example of a ClickSpam Case

Server Side generated ClickSpam (update)

Recently we have discovered a new ClickSpam tactic which is even more agressive than the traditional Clickspam. During our Click Analysis of Clicks we have noticed that a new schema using Server Sided Clicks with real device IDs to generate fake clicks on any app at any moment. We have noticed this type of fraud during our traffic analysis for one of clients looking at his click statistics where we found unusual high amounts of VPN / Cloud / Server generated traffic. Analyzing it further we uncovered this new type of ClickSpam Fraud schema.

The difference from traditional Clickspam is that Clicks are not directly triggered from the Mobile Device. The Fraudster will instead send real Device Ids to a database and from there send server side generated Clicks to the MMP. This clicks including their Device ID get then stored on the MMP side and when the user installs the app – the conversion will be attributed to the Fraudster. 

By running his own database of real Device IDs the Fraudster has two advantages:

  1. He is in full control when a click will happen and how often he wants to trigger a click from this device 
  2. He does not need access to the device afterwards. He can even generate clicks under the Device ID of the user when the smartphone is turned off. 
  3. He can decide to spread his fake clicks across as many apps as he wants.

What can be done against this new type of fraud ?

Sources with high amounts of VPN / Server side clicks shall be blocked before reaching the MMP / advertiser. This can be done automatically through Clickshield. 

VPN Clickspam

Want to get the latest from 24metrics ?

Subscribe to our newsletter below to receive updates on features, filters, new types of fraud etc.