iGaming Faces Attacks from High-Rolling Bots and Fake Users
Kerry Coppinger
|Marketing | March 15, 2021
With bricks and mortar casinos closed due to the pandemic, more people have settled down to online plays.
In the UK alone, online casinos and igaming have seen a 25% increase in people trying out internet gambling, and 38% chancing their hands at online poker. With this rapid increase in igaming, the house has been paying out, through rising paid customer acquisition. So much so that online gaming ad spend has tripled in many countries during the lockdowns of 2020 and 2021.
However, due to an arsenal of digital threats, from networks of bots to click farms, igaming has faced new threat levels of sophisticated attacks on ad budgets with real users, replaced with fakes.
The fraud follows the money. As we see, customer acquisition for gaming increased in countries including the UK, India, Brazil, and Germany (Americans face a patchwork of state laws that give limited options for lawful online betting). In each of these countries, the rate of attacks on paid customer acquisition has increased. Using sophisticated means to drain competitors’ ad budgets, bad actors have been able to skew data and help themselves to money from online casinos, skimming off the top.
14% of all online gaming user acquisition clicks are invalid
CHEQ is increasingly used by many of the leading names in gaming to root out millions of dollars of user acquisition fraud. CHEQ has found that around 14% of all clicks on online gaming ads are invalid, coming from geographically irrelevant countries and hidden through location obfuscation. Across user acquisition campaigns we detected millions of mismatches between the declared browser, and the actual user agent. That this occurs at such high volumes indicates the fraud originating from click farms, masquerading as legitimate users. And during the initial pandemic-related lockdowns in 2020, fraudulent traffic surged by around 21%.
There are several specific attacks on customer acquisition spend facing online casinos. Here are five that hit hard.
1. Affiliates and Click Outs
The $60 billion online gambling sector depends on affiliates. With the rise in bad actors, affiliates have seen plummeting “clickout rates”. They describe this as where a user deposits money for the first time that an affiliate provider gets paid. This has been subject to bot competitor attacks designed to deplete ad budgets and bring down rates of new customers.
2. Bots clicking keywords
Every time a click on a crucial keyword is made – the advertiser must pay out even if it is invalid. In igaming this often means clicking on the brand name of the company and the most common phrases searched. To put it in context, there are 450,000 searches for the keyword ‘online casino’ each month, and the average click costs around $30. Bot attacks are an attractive way for bot-driven attacks against competitors in a highly competitive online space.
3. Bots spin free plays
Once in the funnel, large armies of bots spin their way to lots of free plays. In one case, a leading online brand created a digital campaign targeting new players to receive €8 free play without paying any deposit. The bots “play” until they win and then cash their winnings. The techniques used by fraudsters included the use of Navigator Webdriver, where the user agent of the bot is controlled by an automated script. It also involved spoofed user agents, where the bot’s user agent was passing back false information about the platform and the devices accessing the site.
4. igaming sees 15-30% of clicks from existing users
Igaming also faces the challenge that many of the biggest spending PPC brands see between 15-30% of paid traffic clicks coming from existing users. This often means that a registered or converted user is clicking rather than new users that ads are designed to attract. To take a typical example seen, in some case one user is clicking 500 times in one week on ads. This is not a problem for all verticals but is especially acute for igaming as online gambling is prevented from using audience targeting/audience exclusion on ad platforms with such restrictions increasing. This means many companies cannot exclude returning users. This means they spend millions of dollars on targeting existing customers needlessly.
CHEQ has a unique feature which creates controls over the amount of clicks coming from each user within a preset time and customizing this to the needs of a specific client. The platform can protect from spending money on good users (who have already converted), as well as out-and-out criminals seeking to deliberately destroy igaming ad campaigns.
5. Early raids drain user acquisition budgets early in the morning
Raids on gaming budgets see peak bot attacks at 5am, CHEQ has found. In a sense, this reflects the no clocks/windows of Vegas casinos when time can get away from a player. But for bot clicks on customer acquisition campaigns, this early morning bot activity is in sharp contrast with the peak time we record real online players are spending real money – this peaks at 11pm. The case of one leading UK gaming site shows the bot click rates peaking early in the morning and draining their customer acquisition budget through replacing real users with fake users.
How online casino brands are stopping user acquisition fraud
Ploys by bad actors to cheat physical casinos have been around for a long time. Bad guys in person have traditionally used fake glasses, and moustaches. In attacks on the millions spent on online user acquisition campaigns, bad actors use bot versions of disguise, using data centers, headless browsing, VPNs, stolen credentials, and residential IP cheats to pretend to be someone else. While facial recognition has long been used to catch persistent cheaters in physical casinos, CHEQ for PPC offers a cybersecurity version. The cybersecurity-based customer acquisition security includes 1,000 sophisticated honeypots to the user’s browser, to uncover discrepancies between the declared data and the actual data. This ensures a user is human and a valid potential customer.
Online casino operators see igaming as a vital source of revenue emphasized further during the distancing restrictions of COVID-19. Now new technology to spot the bad guys is shifting the odds back in their favor.
CHEQ is the first solution to block invalid clicks across multiple platforms, including Google Ads, Facebook Ads, Instagram, Baidu, Bing, LinkedIn, Snap, Twitter, Pinterest, Yahoo, Yandex, and more. CHEQ is a cybersecurity company that drives revenue efficiency by eliminating fake users from your customer acquisition.
P.S.
Want to protect your sites and ads? Click here to Request a Demo.
Author
Kerry Coppinger
Senior Manager, Brand Marketing
As head of the brand marketing department at CHEQ, Kerry manages all things content and brand including: research reports, public relations, content marketing, copywriting, press, and other editorial features. Prior to her work at CHEQ, Kerry worked for several tech companies in New York.
