What is Click Spam and why it is the fastest growing type of fraud?

Click Spam
ShareShare on FacebookTweet about this on TwitterShare on LinkedIn

Even though the mobile boom is growing slower in the United States, the worldwide mobile market is booming. Due to developing countries such as India, Brazil and China the worldwide market will continue to grow rapidly.

According to MediaPost these countries will bring more than 400 million new people to the web. Now for companies to make money with an App, the most important component is — the user.
The more users your app has the more money you can make. However, the user acquisition process has its pitfalls where fraudsters can harm your business heavily.

Click Spam is a known, but complex attribution problem in the performance marketing industry. Described in one sentence, Click Spam means that a fraudster uses an app (e.g. Flashlight App) to steal organic users and attribute an app install to himself in order to receive CPI Payout commissions.

We decided to explain this complex problem step by step with an example:

Example – Flashlight App “Flashmo”:


  • Monica has a simple flashlight app installed on her device; Let’s call it Flashmo. (These type of apps are usually free and include small advertisements)


  • As soon as Monica opens the Flashmo app on her phone, the fraudster sends an automatic click to the affiliate network’s link
    (promoting BatterySaverPro) using an Iframe or a Script to open the App Store in the background.


  • Monica does not notice anything of this, but later this day she browses the App Store in the Utility Category.
    Since BatterySaverPro has a very high ranking and many positive recommendations, she decides to install the App on her phone.


  • Once Monica opens the app for the first time, the advertiser’s tracking system recognizes that there has been a previous click from Monica’s phone.
    The install is now attributed to the developer of Flashmo. It is going to pay a CPI Payout commission ranging from $1 – $10.


  • Since Monica is a real user she is also an active user of the application. She might even spend money on upgrades or In-App purchases. This is making it more difficult to identify the fraud. The retention metrics are shown as it would be a normal new user.


  • Once Monica opens the new app for the first time, which can happen even a while after the download was finished.
    Analytics and tracking platforms are informed to reference advertising clicks.


  • The click appears to be real and matches Monica’s Device ID perfectly.


This type of fraud is hard to detect and needs detailed investigations. It can be very tedious and error prone if you are doing it manually.

Here is how you can identify fraudulent patterns inside your traffic:


When Click Spam occurs, analyzing session time will be of great help. Session Time describes the time between a click and the install.

You should notice conversions that are not coming in within the first hour as normally expected. The traffic is rather randomly distributed throughout the day or throughout multiple days. The results are fake clicks being attributed to conversions at random times.

In the picture below you can see the difference between fraudulent and good traffic inside of FraudShield.

                                             FraudShield – Session Time Distribution Analytics (www.24metrics.com)

The system identifies click spam patterns and analyzes the behavior of the Session Time Distribution.

If you are interested in finding out more about Click Spam, write us an e-mail.
We are excited to hear from you.