MWM
Contact salesMWM AI
Attribution & Measurement

Click Spam

Also known asClick FloodingClick Spamming

An ad-fraud technique where a bad actor fires huge volumes of fake clicks so that, by chance, some precede organic installs — letting the fraudster claim attribution and steal the payout.

Key takeaways

  1. 01Click spam (click flooding) sends mass fake clicks hoping to be the "last click" before an install that would have happened organically anyway.
  2. 02It steals attribution — and budget — from organic installs and from legitimate networks, on a last-click model.
  3. 03The classic detection signal is CTIT (click-to-install-time): click spam produces an abnormally long, flat distribution instead of a natural curve.
  4. 04It's distinct from click injection, which fires a click at the real moment of install detection; click spam is blind volume.

Click spam — also called click flooding — is a mobile [[ad-fraud]] technique. The fraudster reports a high volume of clicks that never really happened, for devices the user never engaged. On a last-click attribution model, if any of those fake clicks happens to land shortly before the user installs the app organically, the fraudster "wins" the attribution and collects a payout they didn't earn.

How it steals installs

Click spam is a numbers game: blast enough fake clicks across enough devices and, statistically, some will precede a genuine organic install. The fraudulent network then claims credit for installs that would have happened anyway — siphoning budget from [[organic-installs]] and from honest networks. It needs no real user interaction, just volume.

Detection centers on the [[click-to-install-rate]] and especially the click-to-install-time (CTIT) distribution. Genuine ad clicks produce a CTIT curve that peaks within minutes and decays; click spam produces a suspiciously flat, long-tailed distribution because the "clicks" have no real relationship to the installs they're claiming. MMP fraud tools flag these patterns and reject the attributions.

Click spam vs click injection. Click spam is blind volume fired in advance. Click injection is more surgical: on Android, malware detects the exact moment an install begins and fires a click right then to win last-click attribution. Both hijack credit; injection is more precise and harder to spot on CTIT alone.

Quick answers

What is click spam?

Click spam (click flooding) is an ad-fraud technique where a fraudster reports massive volumes of fake clicks. On last-click attribution, if a fake click happens to land just before a user installs organically, the fraudster claims the install and steals the payout. It requires no real user engagement — just enough click volume to get lucky.

How is click spam detected?

Mainly through the click-to-install-time (CTIT) distribution. Real ad engagement produces a CTIT curve that peaks within minutes of the click and decays; click spam produces an abnormally long, flat distribution because the fake clicks have no genuine link to the installs they claim. MMPs flag this signature and reject the fraudulent attributions.

What is the difference between click spam and click injection?

**Click spam** is blind volume — mass fake clicks fired in advance, hoping some precede organic installs. **Click injection** is precise — on Android, malware detects the moment an install starts and fires a click exactly then to win last-click credit. Both steal attribution, but injection is targeted and harder to catch with CTIT analysis alone.

Next reads

Back to glossary