How Uber’s Advertising Team Combated Ad Fraud Amid Period of Protest

"Who’s causing ad fraud? It’s not 15 year-old kids or Russian bots -- it’s large agencies and networks," Kevin Frisch, head of Driver & Rider Acquisition at Uber, told MMA Impact attendees.

At the end of January 2017, Uber found itself under attack on two major fronts. As the dominant ride-hailing company, it had often found itself at odds with various levels of government officials and segments of the public. But this time was different.

Barely two weeks after the Trump Adminstration was settling in, an executive order banning travelers from certain countries from entering the U.S. sparked protests at airports. In response to the widening crowds at the protests, Uber said it was turning off its “surge-pricing,” a decision executives positioned as a goodwill gesture. But many protesters took it as an opportunistic move and all of sudden, “#DeleteUber” was trending on Twitter.

As consumer anger swirled, a second controversy emerged: Uber co-founder and now former CEO Travis Kalanick’s presence on an economic council assembled by President Trump — which included Apple’s Tim Cook, Facebook’s Sheryl Sandberg, Amazon’s Jeff Bezos of Amazon, Tesla’s Elon Musk,  Alphabet/Google’s Larry Page and Eric Schmidt, Microsoft’s Satya Nadella, and others — also stoked anger in the tech community. (Kalanick ultimately stepped down from the President’s council, which was ultimately disbanded and he eventually resigned as CEO in June 2017 following several other controversies including charges of mishandling sexual harassment and a video of the executive getting into a shouting match with an Uber driver. He remains on Uber’s board.)

Just as the ride-hailing company’s customer and contractor bases were diminishing, Kevin Frisch, head of Driver & Rider Acquisition at Uber, was forced to pullback on the one program meant to reverse those negative trends: ad spending.

Why Are Those Ads Appearing Here?

“As Travis was distancing himself from Trump by getting off the council, our ads — my ads — were showing up on Breitbart, which created this strange little situation, because at the time, it was run by [erstwhile Trump advisor] Steve Bannon,” Frisch told the audience in a presentation at the Mobile Marketing Association’s Impact conference on Tuesday this past week. “These calls — and somehow, they’re always at 10 o’clock on a weekend night — from Travis began, “Kevin, why are these ads showing up?”

In an attempt to respond to the protests and ease the pressure on Uber, the company decided to stop placing ads on Breitbart.

“There wasn’t a ton of advertising [on Breitbart], but it was enough to give me a lot of late-night phone calls from Travis,” Frisch said. “The ads kept showing up, and so we just started turning off networks whose ads were showing up on Breitbart. And it turned out to be about 10 percent of our spend. And while this is going on, you have ‘#DeleteUber’ happening. So a number of riders were leaving us, and here I am turning off the acquisition of riders at the same time.”

“That black line is total signups, the blue line is organic signups, and the red line is the paid signups, the ones that come up through our paid marketing,” Uber’s Frisch said at MMA Impact.

Ad Spend Falls, But Signups Don’t

Despite cutting its ad spending, Uber was surprised to find it didn’t see much of drop in signups. Executives were amazed and relieved, Frisch said.  But he wasn’t comforted.

“My response was, “Yeah, thank you. But something seems a little fishy.” So we started poking around, and we looked at our past data a little more holistically,” Frisch said. “We started trying to figure out what was happening . We were not  set up to ingest the click logs from our measurement partners, but we did some spot-checking on a subset of logs. We got the publisher, whether it’s the app or the site for mobile web, we got clicks, installs, signups. And then, things got really interesting.”

Welcome To The World Of Attribution Fraud

Apps that Uber placed advertising on showed the number of clicks were more than Uber’s monthly active users (MAUs).

“To be clear, our creative is great,” Frisch said. “Our creative’s just amazing. But the fact that every single person who goes to that app is clicking on ads seems a little aggressive. We had click-to-install rates that were so amazingly low, just too low. One app claimed 300,000 clicks, an amazing click-through rate of 10 percent, but a very low click-to-install rate. Then we had some where the publisher-placement had one name, but the referring URL was something else.”

In one example of a false URL reference, one ad that claimed to be from the app-based game Temple Run actually showed a referral URL that was from the PornHub site.

“We paused for a minute and wondered, ‘How can we be the victims of fraud? We don’t pay on views or clicks or anything like that. We only pay when there’s an actual rider who takes a trip in a real car with a real driver and pays with a real credit card,'” Frisch said. “And so we realized, this was ‘Welcome to Attribution Fraud.'”

As Frisch explained it, what happens here is that some networks are trying to place ads everywhere. And to get paid, they’re generating clicks on a thousands of devices, so that when that someone’s smartphone installs the Uber app — organically, on their own, not seeing an ad —  if they happen to click anywhere within the ad network, the network can claim credit for the install.

A look at “click spamming” from the MMA Impact presentation by Kevin Frisch, head of Driver & Rider Acquisition, Uber.

New Flavors of Fraud

Frisch pointed out the many flavors of fraud that have been around for years, such as “fat finger fraud,” which is when someone accidentally clicks an ad on their phone.

“There are ads that actually don’t look like ads,” Frisch noted. “They’re disguised to be non-ads, so that when you click on your emoji keyboard, you accidentally click on the ad. So what happens? Now your device has a click. Then, two weeks later, you’re out on Saturday night. You download the Uber app — again, on your own, not because you clicked on anything — and now that ad is taking credit for that download and install.”

There’s also click injection. The way Frisch described it, on Google Android devices, users will install apps that promise to make their phone function better, such as offering to help save battery power. Those apps run in the background, and are designed to be forgotten.

But when a user searches in the Google Play Store for Uber, as soon as someone types the letter R, it triggers malicious software in the background that fires a click on the device. And after the user downloads the Uber app and uses it, that click is credited to the network that placed it.

Kevin Frisch, head of Driver & Rider Acquisition, Uber

Uber’s Solution: Staying Aware

“You can detect fraud if you set your mind to it and once you’re aware of it,” Frisch said. “We set up a system to ingest all the data from our mobile measuring partners, going back to 2016. We have 48 billion rows of data, a lot of terabytes — that’s about 200 million rows per day. It just takes some analysis to sort out what’s going on. It’s not rocket science. You just have to be looking at it regularly. Are there too many clicks for a given app? Is the click-through rate or the click-to-install rate too good to be true? Is it not making any sense. If a single device has made too many clicks, you know there’s something clearly wrong happening. We do great creative, but it’s unlikely that a single person clicked on our ads 10,000 times. And that’s actually occurred.”

The bottom line is that generating an actual install from someone who wasn’t intending to do it anyway is hard and expensive, Frisch said. Getting fraudulent installs, which are just sort of taking credit for ones you’ve gotten anyway is cheap.

During the Q&A period of his presentation, one audience member asked Frisch to share categories of who the bad actors are. “Are these 15-year-olds in their family den, or Russian bots or publishers that are maybe being a little over-aggressive in terms of their reach?”

“There’s a limit to how much I can share that because there’s some disputes going on with these folks, but it’s not just 15-year-olds in their basements,” Frisch said. “It’s established networks and agencies.”

As for why fraud is becoming so prevalent on mobile at the moment, Frisch also noted the distinctions between app-based ads and desktop.

“The thing that makes it a little trickier on mobile is that when someone clicks on an ad, they go to the device’s App Store,” Frisch said. “That severs the connection. Unlike on web, where you can see the direct connections, you actually know where that click is coming from. Mobile is still the new Wild, Wild West.”

About The Author
David Kaplan David Kaplan @davidakaplan

A New York City-based journalist for over 20 years, David Kaplan is managing editor of A former editor and reporter at AdExchanger, paidContent, Adweek and MediaPost.