Click Fraud & App Malware – global increase

In Empello by Empello

One of the most serious problems for mobile users is being billed from their phone account without them knowing a thing about it. There are lots of names for this – charging without consent, invisible billing, auto subscription.

Currently we see increased activity in two main areas. Firstly “click fraud”, otherwise known as i-framing, iframe overlay, billing from banner. Besides using an iframe to hide page elements, there are several further variations, such as putting the subscription page into a pop-under, with which the user then interacts without seeing.

And secondly, malicious apps, which can also be called app malware, code stuffing or auto-billing. These apps execute payment instructions and associated activities, and in some cases this is completely in the background and the user sees nothing at all.

In the last 4 weeks, Empello has seen several hundred instances of these charging without consent problems. Of the 21 countries where we currently work, we have seen these problems in 12 markets during this 4 week period.

The countries with the highest prevalence of the problem are South Africa, Italy, Brazil, Egypt and Portugal.

The consequences of fraudulent charges include:

– unhappy consumers, who lose faith in using VAS services
– significantly increased demand on customer care
– threat of action by Mobile Operators or Regulators
– distortion of advertising costs for other VAS providers

As a first step, companies hosting billing pages should implement defence mechanisms such as xframe deny and blocking of third party scripts. Besides this, traffic patterns, billing and customer care should be monitored closely.

In terms of best-in-class monitoring “in the wild”, Empello has made specific investments in both people and tech to counter these problems. Our Guardian technology has recently been updated to enhance its abilities to find and record click fraud. And we have significantly increased our manual (human) monitoring of all charge-without-consent scenarios.

Last but not least, a vital contribution to combat these problems is collaboration and intelligence sharing. Empello works with its extensive network of content providers, mobile operators, billing aggregators, and regulators to share information swiftly and apply learnings into multiple countries.