Fraudsters manipulate engagement metrics by generating fake traffic from an app. Also known as traffic-pumping, this is when fraudsters use bots to create fake accounts on virtual mobile devices in order to artificially inflate traffic.
Unfortunately for businesses, generated traffic is hard to detect – let alone stop. In fact, Elon Musk recently stated that SMS fraudsters are costing Twitter $60m a year in artificially generated SMS traffic generated.
Why do fraudsters generate fake traffic?
There are several reasons why fraudsters would generate traffic from a company’s app, but these are the main ones:
Improve margin
By inflating traffic from a business or app, fraudsters get a share of the billed SMS traffic. This is a high-margin tactic because the fraudster doesn’t send the inflated traffic to an onward supplier.
To the business or app owner, it looks like the conversion rates are better via one supplier (themselves) versus others (their competitors) because they don’t convert the fake traffic that hasn’t come through them. Typically, this results in the business choosing to send all their traffic to the supplier with the best conversion ratio, effectively giving the fraudsters a licence to generate more fake traffic at 100% margin.
Manipulate conversion rate and data
In some cases, the fraudster wants to win more SMS traffic from a specific brand or app in order to beat a competing supplier. This is done by convertinggenerating generatedfake traffic from one app, and not converting inflating traffic sent to a competitor.
With this tactic, the fraudster is manipulating the conversion rate in their own favour, encouraging the business or app to send even more traffic to the fraudster.
Fraudsters typically sell traffic to other countries – often at a loss in order to win incremental traffic.
However, these fraudsters can make a net profit by off-setting the margin made on generated traffic against any losses made when sending traffic to a different country. For the fraudster, this is an effective way to boost revenue.
Overall, fraudsters generate fake traffic to boost revenue, improve their margin and to beat a competing suppliers perceived quality..
How fraudsters manipulate engagement metrics
Fraudsters manipulate your metrics by generating fake traffic, using a tactic called Artificial Inflation of Traffic (AIT). Also known as traffic-pumping fraud, this happens when fraudsters abuse a phone number input field and generate OTPs (One-Time Passwords).
If the mobile number input fields on your app or website have inadequate protection, whether it’s for sending OTPs or an app download link, fraudsters can take advantage and send large volumes of SMS to a range of phone numbers. Using bots and large servers, fraudsters can exploit your app or website to create a fake user account and send OTPs to a mobile number.
Fraudsters use AIT to specifically exploit the A2P (Application-to-person) SMS model, which is used to send automated texts, such as OTPs (One-Time Passwords), alerts and delivery updates. For businesses using A2P, the key metrics typically include customer conversion rates and ROI (return on investment). But how exactly do fraudsters manipulate these figures?
Being automated, the bot can repeat this process thousands of times over, creating numerous fake accounts, sending thousands of fake messages. Businesses pay for each SMS that’s sent, which means AIT may force your business to pay through the nose for an SMS service – without the accurate engagement metrics to back it up.
To make matters worse, unruly SMS service providers or MNOs can work with fraudsters to generate large volumes of fake traffic through your SMS service. This is because the current SMS industry is flawed when it comes to data governance and GDPR compliance. When fraudsters and SMS providers team up, these bad actors can manipulate your engagement metrics and take a share of your revenue while you get 0% ROI.