What is Click Hijacking and How Does it Work?

What is click hijacking and how does it work
Reading Time: 4 minutes

Grab yourself some popcorn and buckle up, because today, you’re going to learn about click-hijacking. Spoiler alert: click hijacking is like a race, where the last person is the winner! But fear not, as click-hijacking is a type of attribution fraud which is easy to detect. Click hijacking is another term for click injection. Here at Interceptd, we refer to click hijacking as “click injection”, and have our very own click injection alarm and algorithms to detect and prevent this. However, in this article, we are going to refer to it as the click hijacking. So, exactly what is click hijacking, and how will it affect you? If your company has an app, if you’re an app developer, if you are an ad network or a digital agency, then we recommend reading this article, as click-hijacking will more than likely be affecting your campaigns. 

What is Attribution Fraud?

An attribution tool is essentially responsible for telling advertisers who to attribute their advertising budget to. In the case of attribution fraud, fraudsters (through many different methods) fool attribution providers into attributing the event to themselves. Attribution fraud has two main sub-categories: organic attribution fraud and paid attribution fraud. Organic attribution fraud is when a genuine and organic install is wrongly attributed to a fraudulent user. Thus, an install that should not have been paid for, as it was organic, is now counted as a paid install. Paid attribution fraud, is essentially the same, however, instead of an organic install being wrongly mis-attributed, it is a genuine paid install that is being misattributed to another fraudulent source. We can say this in simple terms, that fraudsters are stealing that install. So, what is click hijacking and how does this relate to attribution fraud? Click hijacking is one of the most common methods of attribution fraud along with click spamming. We estimated that approximately 17% of all fraudulent mobile ad traffic for the shopping category is due to click hijacking. 

What is Click Hijacking and How Does it Work?
Our report: 2019 Q1 Mobile Ad Fraud Report, reveals that 17% of the ad fraud we analyzed was due to click injection (click hijacking)

What is Click Hijacking?

Click hijacking is one of the most common types of attribution fraud, however, it is easy to detect. Click hijacking is when a fake click is being sent to an attribution directly after the installation has begun. This tricks attribution tools into attributing that install, to the fraudulent click, as it was the last click received. If that is hard to image, then imagine that you’re waiting in-line at the bank for your number to be called. The bank-teller calls out “number forty-four”. You quickly get up, with your ticket number ‘44’ in hand. Immediately after, a person with a fake ticket swoops in and takes your spot. The bank teller looks up, and sees the person with the fake ticket last, assumed that the person is genuine and therefore, ushers him to your seat. Of course, in this situation, you can easily object. This is what Interceptd does too, in our ad and attribution fraud prevention tool. Our algorithms automatically check each install, so that click hijacking does not affect your advertising budget and won’t be paid for. 

Why Does This Matter to You?

Perhaps you know what is click hijacking, but maybe you think attribution fraud does not affect your advertising campaigns. If you don’t then you are in the hegemony, that wrongly believes that attribution fraud, such as click hijacking exists, but does not affect them. A recent study shows that 77% of Marketers Know Ad Fraud Exists Yet Only 20% Believe Their Campaigns are Affected. However, this is a start contract to industry results, that show the prevalence, proliferation, and cost of ad fraud. In Q1 2019, ad and attribution fraud cost advertisers $2.3 billion in that quarter, alone. These figures are concurrent with our results, indicating the prolific state of ad and attribution fraud, as we estimate that 32% of all iOS mobile ad traffic is fraudulent. 

How Interceptd Intercepts Click Hijacking

If you are in the 23% of experienced digital marketers, that know that ad fraud is affecting their ad campaigns (firstly, congratulations), then you’re probably wondering how to combat it. The answer is incredibly difficult, complex, time-consuming and not cost-effective. That is a lie, it is the opposite. The answer is easy, effective, not time-consuming and you can easily calculate the ROI spent on our ad and attribution fraud services with our real-time updated “estimated savings” figure. This will be your experience, as an Interceptd customer, benefiting from our marketing-budget saving ad fraud solutions. 

However, if you’d like to know how our developers, engineers, and data scientists do their job in detecting different ad and attribution fraud types, such as click hijacking, here are some patterns which our machine learning and algorithms are based upon, to detect this particular type of attribution fraud:

  • CTIT Anomalies – if “click to install time” is too low, this may be an indication of click hijacking. Especially if very low CTIT times is repeatedly coming from the same sub-publisher.* 
  • Comparing click time and Google Play referral times –  Also known as ‘store landing time’ and ‘install begin time’. If the click comes after install start it is click hijacking. If click comes after the store page landing time, again, it is click hijacking. We get referral times on individual installs

If you’d like to see how our sophisticated and complex algorithms and machine learning patterns make your ad fraud protection life simple then you can book a consultation here. We will show you how our incredibly sophisticated methods, are surprisingly easy to use.



* If you’d like to get super technical, let us explain more. We analyze CTIT anomalies more effectively than our competitors, as we don’t have strict rules, such as ‘block every install under 10 seconds’, as that would create false-positives. We check the distribution of CTIT’s and block the ones that are too short in comparison to the others. 


Leave a Reply

Your email address will not be published. Required fields are marked *