Device Spoofing – What it is and how to protect your ad budget

Denis Kargl

Cybersecurity Content Specialist

Verschiedene Geräte in verschiedenen Farben von Apple auf weißem Hintergrund. Darunter iPhones, iPads und Apple Watches

Fraudsters will use a variety of strategies to perform their scams. One of the most common and most used strategy fraudsters use to conceal their illegal actions and obscure their identities is device spoofing.

Device spoofing is a method that cybercriminals employ to trick systems, networks, and devices into believing that their device is authentic. It involves changing a device’s identity to imitate another device or user, such as a computer or mobile phone.

Device spoofing is typically done to launch phishing attacks, gain unauthorized access to sensitive data or resources, or in the case of ad fraud to avoid detection by security systems and to avoid digital fingerprinting.

In this article, we will discuss device spoofing in detail, including the techniques used by attackers, the types of device spoofing, and how to protect yourself from it.

How Device Spoofing works

Device spoofing works by manipulating a device’s unique identifiers, such as:

  • Media Access Control (MAC) address
    Changing the MAC address of a device to appear as a trusted device on a network.
  • Internet Protocol (IP) address
    Spoofing a device’s IP address to trick a network or system into accepting it as a legitimate device. Fraudsters run their bots through large Amazon, Google, or Microsoft data centers. However, their IP addresses are blocked by bot detection software, so fraudsters disguise the bots’ IP addresses and often pass them off as a residential IP address.
  • Global Positioning System (GPS)
    location Manipulation of the GPS signal to provide false location information to deceive location-based services. Using fake GPS data, fraudsters also manage to get geographically restricted ads displayed.
  • User-Agent String (UA String)
    By manipulating the user agent string, fraudsters can impersonate a particular browser. This method is especially common in connection with CTV fraud. Fraudsters use a headless version of Chrome running in a data center for their bots and impersonate Connected TV (CTV), to display more expensive video ads.
  • Caller ID
    Falsifying the caller ID information to hide the true identity of the caller.
  • Technical device details
    Fraudsters can also manipulate all the technical details of a device. This includes graphics card info, CPU info, IMEI, unique Android and / or Apple ID, the version of the operating system and many more.

How is device spoofing used for ad fraud?

By using various spoofing measures, fraudsters can bypass a number of security protocols. To identify who is using their services or visiting their websites, for instance, many ad platforms or online services will use device fingerprinting.

Device fingerprinting uses a variety of techniques, including a combination of the user agent string and other factors like the IP address, device hash, cookie hash, and more, to identify the website visitor.

Device fingerprinting can also be used to block the display of ads from specific browsers, device types, or even geographic areas.

With the help of device spoofing, fraudsters manipulate and bypass device fingerprinting. Specifically, they use it to:

  • Make a bot look like a real person
  • Display ads outside of their geographic location, resulting in higher revenues
  • Spoof bots as CTV devices to get paid for higher priced ad inventory

In our overview of the biggest cases of ad / click fraud, the trend is quite clear: fraudsters have been making a killing in recent years by passing off bots as CTV devices to get more expensive ad inventory. Fraudsters have even gone so far as to spoof smart refrigerators as CTVs devices. All thanks to the device spoofing method and a wide range of software that makes it possible.

How to protect yourself from device spoofing

The good news first: With bot detection software like fraud0 it is possible to protect your ad budget from device spoofing.

fraud0 automatically examines several thousand factors in real time for each visitor. The system also uses artificial intelligence (AI) and machine learning (ML) to learn how visitors interact with your website / app, helping you detect and block spoofing attempts.

Now for the bad news: without such software, you won’t be able to detect device spoofing attacks. The fraudsters are too clever for that, and their deployed bots are too advanced. In your analytics data, you would only see traffic coming from what appears to be real devices.

So sign up today for a 7-day free trial of fraud0.

Latest Whitepaper
Whitepaper - BFCM 2023 - EN Cover
The Impact of Bots on the End-Of-Year Business of E-commerce Companies

Learn everything about the specific challenges companies face from bots during Black Friday and Cyber Monday (BFCM) and the end-of-year shopping season, the resulting impact, and approaches to counteract these threats.

Subscribe to our newsletter
Share this article
How much of your marketing is wasted on fake traffic?
1%, 4%, 36%?
Try fraud0 7 days for free and find out. No credit card required.
4.9 out of 5 stars
Want a tour of fraud0?
Try fraud0 for 7 days
No credit card required.

Already have an account? Log in