On the "clean" mobile web, scams and advertising

Show me only a rich man, and I will take money from him.

With money you need to part easily, without groans.

Ostap Bender

In the article I will try to talk about the problems associated with not very honest weaning from mobile device users and mobile Internet users in particular.

Mobile Internet is still quite young and the rules of the game have not been fully formed in it. It’s in the big web that everyone is accustomed to the fact that there are fraudsters, you need to install antiviruses and firewalls, or use operating systems where viruses do not spread.
Just do not forget that almost every mobile device has a mechanism for withdrawing money from users - a sim card.
')
The problem has already been written several times on x a b e , and in general - http://bit.ly/ReGcFd .
There is also a lot of information on the Internet - for example, a Wikipedia article . Mobile fraud itself is impossible without attracting new and new “clients”. One of the most "cheap" ways is advertising on the mobile Internet. To my surprise, even well-known mobile advertising networks do not fight against scammers. There are many examples of this. From the last - this article on Habré.
If you place ads on your resources yourself, you are also not protected from fraudsters, because when the service becomes widespread, the issue of moderation is acute. If the moderation is not carried out by an expert in this field, the risk of placing “alarms” increases. In this regard, the IMHO network is even slightly safer than self-advertising, because there the prohibition of fraud is at least stated.
Under the cut, I will talk about the types of fraud and how we identify fraudsters in plus1.wapstart.ru


In fact, all weaning money from the user is quite the same type. Operators help with fraud (do not interfere), kindly providing services to pay for purchases (content) via sms and calls to short numbers, as well as subscriptions. IMHO this is the case when a good goal results in a completely harmful functionality. In an ideal world, one could pay for public transport or parking by sending an SMS to a short number. It would also be possible, for example, to receive exchange rates and mortgage offers once a week.
And still it would be possible to pay the state duty for obtaining foreign passport directly from the FMS office. Unfortunately, in the real world everything is different.

Fraudsters can be divided into several types:
1. Fraud sending sms to a short number. This type can even be divided into two subcategories:
1.1. The fraudster warns that sms will be sent. Example - you download an application with a photo session of some famous actress , you are shown 1-2 photos and warn that further viewing is available only after registration via sms. Cmska certainly costs money.
1.2. You "randomly" send sms. This type of fraud is especially common on platforms that support j2me. There, as a rule, there are two hardware buttons that can be programmed. To confirm that the sms has been sent, the platform will ask you to click one of these buttons, and the fraudster will usually know which one.
Example: you are downloading a toy where the control takes place with these buttons. Suppose this is a race where you need to go around obstacles. The game interface is reduced to pressing the "left" and "right." Left-right-left-right-left-right-left-right-left-right-send sms (OK). With proper game speed sending sms will occur almost on the machine.
Another example: A user is downloading an application. After launch, it displays the message "Download not completed, click OK to speed up the download." The person presses "OK", 1% of loading moves ahead. As a result, the user presses the button more and more often, until at some point the message "Send sms" appears.

2. Premium Charging. The scammer offers you to download something for free, keeping silent about the fact that it is “free” in the premium segment of the provider's network. Example rates for mts - pdf . As you can see, for downloading 1MB they'll take 70 rubles. A two-megabyte picture book is already about 150 rubles. Very profitable. There, by the way, 11 pages of text can be found.
3. Subscription. My favorite method. You "sign an agreement" on the paid receipt of any service. For example, to send jokes. As a rule, to subscribe you need to specify your phone number on the site. You will receive sms, the text of which you need to specify on the same site. This activates the subscription. Operators try to make the client as comfortable as possible, so the creators of the service can use templates of such messages, in other words, insert arbitrary text before and after the code. As you can understand, this can lead to text messages like "You won the lottery, to confirm your winnings, go to http://swindler.com/service/% SMSCODE% / confirm /". To activate a subscription, simply follow this link.
4. Dear calls. A good example is the voice beater .
It is often distributed in mobile advertising as a free program, thus misleading the user. The program itself is good, but it is used for mercenary purposes.
five. Separately, you can select applications for android (see screenshot) - they ask for permission during installation. Some users immediately agree with everything without reading the text. As a result, they give the application the right to "Paid services / SMS sending", and then everything is simple.

I already wrote above that fraudsters need some kind of permanent source of new customers. For this purpose, great advertising. In an ideal world, all ad networks moderate the banners coming to them and monitor their changes. In the real world - far from it. But let's not talk about the bad - I'd rather tell you about how the problem of fraud is solved in WapStart.
To begin with, we as an advertising network are not against paid content, subject to the following rules:

1. The cost should always be reliably indicated in the most visible place BEFORE performing any actions on the site.
2. Content that has been submitted must be provided to the user.

The Plus1 WapStart rules say:

No advertisements are allowed, the link from which leads to:
...
14.2. Internet resources that spread viruses or other malicious programs that allow hidden from the subscriber, send SMS or otherwise perform actions that are not obvious to the subscriber ;

Back in 2009, we made a decision that we would not allow any dangerous ads to the network. I remember the date well, because because of the deployment of barrage mechanisms, I had to be late for the corporate curling game :). (By the way, a very exciting game, I recommend).

r63813 | dovg | 2009-12-30 18:12:07 +0300 (, 30  2009) | 4 lines + tag 1.8.11.10: #9037, #9041, #9032 fixed: alarms go away 

The fight against fraudsters is as follows:

• Each banner passes a manual moderation after creation and after all significant changes. If the application is advertised, the moderators will download and launch it themselves. If any service is offered, we will use it ourselves. In the moderation interface, the workspace is built in such a way that the moderator sees everything about the client right away: the number of suspicions in the frode, the total number of banners and the number of banners that have not been moderated.
• Sometimes we ask users to leave a "pledge" to confirm the purity of intentions. We can send this pledge to payments to victims. In our memory, none of the scammers agreed to leave the pledge, which in itself is already good.
• On schedule (cron) we launch the automatic anti-fraud mechanism. I can not disclose the details - we assume that fraudsters also read this article. The main directions of antifraud:
  • User control. If one of the users was already suspected of fraud, and the other user is surprisingly similar to him, then this is a reason to notify the moderators.
  • Control of the page / application - if briefly, the content to which we refer should be relatively unchanged from the moment of moderation.

Some interesting statistics from our moderation department:

• Every day we reject about 20 ads as inappropriate for the network rules.
• Every week we block 1-2 users for a fraud attempt.
• Over the past year there have been no complaints about our banners from end users.
• The number of "allymschikov" in our network, who add to moderation RO constantly decreases. This suggests that alarmschiki realized that it was not profitable for them to work with us.

If you see an ad with the Plus1 WapStart logo, click boldly, there are definitely no scams!

---

Additional literature:

• http://ru.wikipedia.org/wiki/Mobile fraud
• http://antifraud.narod.ru/fraud-example2.html
• http://www.procontent.ru/news/6863.html
• http://life-prog.ru/wap-trafik.php
• http://wap-partnerka.in/partner_ucoz.php - "affiliate program" of scammers

update:
Formally, the Golomenankalka program is free. Money is written off only for calls, not for the fact of installing the program, while the user is warned about the cost of calls.
According to the link that I quoted, their cost is reliably indicated.
The problem is that some users are misled by the phrase “free program” while waiting for free calls. IMHO this is the case when you need to carefully read the user agreement.