Skip to main content
Brands run lead-generation campaigns to get people interested in their products/services. They often incorporate form submissions to acquire personal details for callbacks and address lead inquiries. In marketing terminology, Single form submission is called a ‘punch-in. Brands frequently incorporate OTPs in such forms to validate that a human is submitting them.
All industries, including BSFI, Ed-tech, OTT, E-com, Gaming, etc., are acquiring leads through form-filling and OTP validation. But unfortunately, fraudsters have found a method of OTP bypass. Fraudsters collate personal details of real users, such as names, phone numbers, email ids, etc., from different sources.
Fraudsters use bots to fill user information in forms and punch them as leads. But unfortunately, brands don’t realize whether the information was filled by a BOT or by a genuine user. On the other hand, the advertiser assumes that an actual person filled the lead. As a result, the sales team contacts the lead to convert it into a potential customer.
The unconsented call receiver gets irritated because the person was never interested in the brand to begin with. These are commonly referred to as ‘fake leads’. The consequences can be near fatal as ad budgets are drained without generating any ROI and the brand reputation is put at stake.

Repercussions of OTP Bypass

Cybercriminals use bots for bypassing OTPs and submitting forms. The brands connect with the actual user; however, the lead gets irritated because submitted details were unconsented. Hence, a real person is no longer interested in the brand and wants to disassociate from it.
Another disadvantage of OTP bypass is the loss of marketing budget to fraudsters.
Cybercriminals use form-filling or lead generation bots to submit the wrong user information. Alternatively, fraudsters even submit duplicate user information after altering names, surnames, and emails while keeping the same phone number.
The permutation and combination of altering user information could be endless. As a result, brands waste valuable time and money connecting with “fake leads.” Brands lose valuable marketing budget to fraudsters because they never vetted the traffic sources of their affiliates or
used an ad fraud elimination solution like mFilterIt. Alternatively, they increase their marketing budgets to get high campaign performance which most likely lands up increasing the “cost-per-lead”.
Fraudsters code bots to click ads and then visit a landing page for submitting forms. As a result, an additional drawback of form-filling bots is an exponential rise of click fraud. Moreover, cyber criminals hide their ongoing CVR, i.e., 100%, by continuously using sophisticated invalid traffic (SIVT) on ads during specific time intervals.
The spiked traffic also transforms the click-to-visit and visit-to-conversion ratio into believable percentages. As a result, brands think that increasing the budget for the CPL campaign would help increase revenue. But, by doing so, they lose even higher amounts to fraudsters.
Many cybercrime experts advocate that two-factor authentication that can safeguard brands against form-filling bots.
However, bypassing OTP during a CPL campaign for form submission eliminates this myth. Moreover, this is a severe breach as it is sent to a user’s device for a specific duration. Furthermore, it means that the fraudster has found a method to breach the “user device” and read the messages.
Therefore, user safety is hampered and can even cause severe issues like ATO, as the fraudsters have device access and can reset passwords. Last year, OTP and message breaches had already happened in India and were reported in the news.
So, brands facing such issues lose reputation and consumer trust, directly impacting revenue or growth opportunities. Moreover, these practices can diminish ad fraud but never eliminate them. Therefore, the need for an ad fraud elimination service provider like mFilterIt has risen drastically across continents. Here is an example of our exemplary work with a single client:

Case Study of a BFSI Company

One of our leading BFSI clients running regular performance campaigns involving product offerings became a victim of fake leads. The brand used multiple new landing pages/micro-sites based on the occasion’s theme, like festive campaigns, home loan campaigns, etc. Moreover, the client regularly ran diagnostic checks on their website; but they often failed to test the new landing pages.
Fraud affiliates took advantage of the loophole by doing high-volume lead punch-ins through OTP bypass. One of their methods involved filling multiple leads using a single device. These fraudulent activities substantially affected the campaign’s performance resulting in financial losses in terms of marketing spending happening on these ad fraud activities.
Our analysts have found that brands have witnessed 25-30% fraud in lead generation campaigns involving form submissions with OTP validation. The victims (brands) have lost nearly $130,000 or more through this fraud in a month’s time.
mFilterIt helped the brand identify such fake leads and optimized the call center cost by helping the brand detect and eliminate fraud. After analyzing similar instances, we have found that the average monthly punched leads ratio across affiliates ranges from 28 to 42 percent. Moreover, we have witnessed that two types of lead punching are widespread:

Basic Lead Punching

Affiliates punch all leads from the same device and don’t change anything (cookie and properties). The average leads received from these devices in a month is ~4k from one device.

Advanced Lead Punching

Affiliates change device properties like cookie and IP but use the same device, and the repetition is as high as filling 400-500 leads/day from the same device.


Detecting loopholes in CPL campaigns is essential for preventing ad fraud. Moreover, brands can face significant drawbacks due to form-filling bots, which could easily get avoided by mFilterIt’s ad fraud elimination solution.
The solution uses data science, AI, and ML for checking analytical anomalies and verifying fraud activities on the targeted landing pages. Moreover, brands receive real-time alerts as the solution works 24×7.
Protecting the ad campaigns through mFilterIt’s ad fraud elimination solution can also offer advantages like more real leads, connection with real human traffic, higher revenue, etc., especially on CPL campaigns.

Leave a Reply