Try for free
  • Blog

Device Spoofing – What it is and how to protect your ad budget

Headshot of Oliver Kampmeier

Oliver Kampmeier

Cybersecurity Content Specialist

Verschiedene Geräte in verschiedenen Farben von Apple auf weißem Hintergrund. Darunter iPhones, iPads und Apple Watches

Fraudsters will use a variety of strategies to perform their scams. One of the most common and most used strategy fraudsters use to conceal their illegal actions and obscure their identities is device spoofing.

Device spoofing is a method that cybercriminals employ to trick systems, networks, and devices into believing that their device is authentic. It involves changing a device’s identity to imitate another device or user, such as a computer or mobile phone.

Device spoofing is typically done to launch phishing attacks, gain unauthorized access to sensitive data or resources, or in the case of ad fraud to avoid detection by security systems and to avoid digital fingerprinting.

In this article, we will discuss device spoofing in detail, including the techniques used by attackers, the types of device spoofing, and how to protect yourself from it.

How Device Spoofing works

Device spoofing works by manipulating a device’s unique identifiers, such as:

  • Media Access Control (MAC) address
    Changing the MAC address of a device to appear as a trusted device on a network.
  • Internet Protocol (IP) address
    Spoofing a device’s IP address to trick a network or system into accepting it as a legitimate device. Fraudsters run their bots through large Amazon, Google, or Microsoft data centers. However, their IP addresses are blocked by bot detection software, so fraudsters disguise the bots’ IP addresses and often pass them off as a residential IP address.
  • Global Positioning System (GPS)
    location Manipulation of the GPS signal to provide false location information to deceive location-based services. Using fake GPS data, fraudsters also manage to get geographically restricted ads displayed.
  • User-Agent String (UA String)
    By manipulating the user agent string, fraudsters can impersonate a particular browser. This method is especially common in connection with CTV fraud. Fraudsters use a headless version of Chrome running in a data center for their bots and impersonate Connected TV (CTV), to display more expensive video ads.
  • Caller ID
    Falsifying the caller ID information to hide the true identity of the caller.
  • Technical device details
    Fraudsters can also manipulate all the technical details of a device. This includes graphics card info, CPU info, IMEI, unique Android and / or Apple ID, the version of the operating system and many more.
Overview of how device spoofing is used to commit ad fraud

How is device spoofing used for ad fraud?

By using various spoofing measures, fraudsters can bypass a number of security protocols. To identify who is using their services or visiting their websites, for instance, many ad platforms or online services will use device fingerprinting.

Device fingerprinting uses a variety of techniques, including a combination of the user agent string and other factors like the IP address, device hash, cookie hash, and more, to identify the website visitor.

Device fingerprinting can also be used to block the display of ads from specific browsers, device types, or even geographic areas.

With the help of device spoofing, fraudsters manipulate and bypass device fingerprinting. Specifically, they use it to:

  • Make a bot look like a real person
  • Display ads outside of their geographic location, resulting in higher revenues
  • Spoof bots as CTV devices to get paid for higher priced ad inventory

In our overview of the biggest cases of ad / click fraud, the trend is quite clear: fraudsters have been making a killing in recent years by passing off bots as CTV devices to get more expensive ad inventory. Fraudsters have even gone so far as to spoof smart refrigerators as CTVs devices. All thanks to the device spoofing method and a wide range of software that makes it possible.

How to protect yourself from device spoofing

The good news first: With bot detection software like fraud0 it is possible to protect your ad budget from device spoofing.

fraud0 automatically examines several thousand factors in real time for each visitor. The system also uses artificial intelligence (AI) and machine learning (ML) to learn how visitors interact with your website / app, helping you detect and block spoofing attempts.

Now for the bad news: without such software, you won’t be able to detect device spoofing attacks. The fraudsters are too clever for that, and their deployed bots are too advanced. In your analytics data, you would only see traffic coming from what appears to be real devices.

So sign up today for a 7-day free trial of fraud0.

Share this article
Author
Denis Kargl
  • Published: March 27, 2023
  • Updated: November 28, 2023
Contents
Latest Whitepaper
Cover of the report "Unmasking the Shadows: Invalid Traffic 2024"
Unmasking the Shadows: Invalid Traffic 2024

Learn everything you need to know about Invalid Traffic in 2024 based on our customers’ data. Including a breakdown into marketing channels, industries and much more.

Free Download
Subscribe to our newsletter
Share this article
Related Articles
Visualization of a clean (bot-free) data pool
The Importance of CLEAN First-Party Data
Dark background with green visual elements. In the centre is a dashboard visualization where you can see an uplift.
Smarter Ad Spending Boosts Performance in a World Full of Fraud
Dark background with green visual elements. In the centre is a magnifying glass in which you can see the words ‘Ad Fraud’, as well as bots and fraudsters.
Uncomplicating Digital Ad Fraud with fraud0: How to Solve It Yourself
How much of your marketing is wasted on fake traffic?
1%, 4%, 36%?
Try fraud0 7 days for free and find out. No credit card required.
4.8/5
4.9 out of 5 stars
Want a tour of fraud0?
Request a demo
Subscribe to our newsletter
Product
Solutions
Company
Resources
Get in touch
TCF registered Vendor badge
BVDW Logo
Linkedin Youtube
Try fraud0 for 7 days
No credit card required.

Already have an account? Log in

Linkedin Youtube
Insights & Alerts
Bot Intercept
Audience & Platform Protection
Integrations
Usercentrics
Plans
Success Stories
About fraud0
Career
Schedule demo
Login
News
Blog
Whitepaper
Webinars & Videos
Glossary
FAQ
Try for free