Attribution fraud costs advertisers billions annually. Bots don't just waste your ad spend — they actively steal credit for organic conversions.
How Attribution Fraud Works
- Click flooding: Bots generate thousands of ad clicks
- Click injection: Malware fires clicks right before organic installs
- Cookie stuffing: Bots load tracking pixels silently
- SDK spoofing: Fake install signals sent to attribution platforms
Detection Signals
Click-to-Install Time (CTIT)
def detect_click_injection(clicks, installs):
suspicious = []
for install in installs:
matching_click = find_last_click(clicks, install.user_id)
if matching_click:
ctit = install.timestamp - matching_click.timestamp
# Click injection: suspiciously short CTIT
if ctit < 10: # seconds
suspicious.append({
'type': 'click_injection',
'ctit': ctit,
'install': install
})
# Click flooding: very long CTIT
elif ctit > 86400 * 7: # > 7 days
suspicious.append({
'type': 'click_flooding',
'ctit': ctit,
'install': install
})
return suspicious
Click Distribution Analysis
def analyze_click_distribution(clicks_by_source):
for source, clicks in clicks_by_source.items():
# Natural clicks follow a time distribution
hourly = group_by_hour(clicks)
entropy = calculate_entropy(hourly)
if entropy < 0.5: # too uniform = bot
flag_source(source, 'uniform_distribution')
# Check click-to-conversion ratio
conv_rate = conversions[source] / len(clicks)
if conv_rate < 0.001: # abnormally low
flag_source(source, 'low_conversion')
Prevention
- Real-time click validation — check before attributing
- CTIT analysis — flag anomalous timing
- Distribution checks — natural traffic has patterns
- Fingerprint matching — click device must match install device
Resources
- ads-review — attribution fraud detection
- WuXiang Shield — real-time click validation
If you're not checking for attribution fraud, you're probably paying for stolen conversions.
Top comments (0)