Ba Da Ba Ba Bah, I'm Lovin' the app attribution fraud being pushed through the Fortnite YouTube Scams from PAF - they are using a fake Bootstrap domain (missing the "p") @ "bootstraplugin.(scam)com"

Some of the network has been researched by @RiskIQ @… 🌩️
Also, it should be clear by now I'm finding this network because they heavily buy Google / YouTube ads

You can also site search their scam domains and get Google ads for other scams from (imo) the same group :/

~These phish kids & gamers - but are apparently low priority?:
The PAF attacks against Epic Games Fortnite Players are *quite epic* and these people have been attacking Epic Games since well before I caught the same group controlling a House Party subdomain.

They control numerous domains - orchestration for days - PAF gang are OG operators
I've been capturing the requests on mobile and even in the PAF gang's Fortnite scammer videos (…) you can see which SDK attribution companies have buyers who are being scammed. So far i've seen AppsFlyer + @adjustcom attribution links in the scams ⤵️💸
In that scammer video I shared in the tweet above, they tell kids to click the app links (with the attribution scams) + install the apps + and then "play them and click around for 30 seconds" - this is how you recruit kids to conduct App Install Attribution fraud on your behalf:
These fortnite phishing attacks to support App Attribution Install Fraud - they previously had all these app install scams but they were not encouraging the users to "click around for 30 seconds" - now they need to show real apps to explain this process - way clearer now imo:

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰

ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thezedwards

22 Feb
Everyone in privacy + ad tech + internet regs should read the "News media bargaining code" from Australia (…) - aka the "link tax" - it creates new rules for Facebook (& other tech orgs). It's legislation birthed from an antitrust report - it's big crap🧵
I've been following all the antitrust reports about Facebook & Google - I've read all the major reports cover to cover & even helped a little on one. These entities need to be held accountable - Google should be forced to spin off their ad tech, FB banned from new acquisitions.
First, Australia is not proposing a "link tax" - they are proposing deeply nuanced "bargaining" rules for specific types of tech companies (Facebook & Google are targets) and the rules apply to an extremely broad range of "news websites" - they try to "even the playing field" 🥶
Read 11 tweets
21 Feb
There is an alarming trend w/ smart home devices (mostly TVs) who have "App Ecosystems" -- their "smart microphones..." have data associated w/ IP addresses + device-specific IDs & the TVs let apps ingest that consumer audio under **the apps own TOS**…⚖️
Smart TVs are made w/ a data supply architecture bolted on where the consumer is agreeing to layered Terms of Service...

The TV *Apps* can get *very* valuable data - and consumers are not being properly warned that they need to be *very careful* about which TV apps they install.
Samsung TVs (& many other TVs) run on the Open Source Tizen Platform (…)- just like Chromium they use W3c guidelines & API standards- but unlike Google, Samsung & TV makers are hoping regulators don't catch-wise to these non-compliant data flows for ad tech.
Read 6 tweets
15 Feb
Are there any proposals to sandbox the mobile address book via iOS or Android so wild mobile apps like Clubhouse can't "go viral" and then encourage millions of Americans to share their personal user graphs and personally harvested contact information of friends/colleagues? ⚖️🧵
There are odd legal exposure issues related to a For-Profit Business requesting access to a Personal Contact Book from a non-business / person -- here's the flow imo:

Data Controller requests consent + marketing purpose to ingest Contact Address Book from non-covered entity
a Data Controller requesting 100% access to a personal Address Book, has ingested *user data, without consent from the users who the data belongs, to process it*

imo the phone APIs from iOS / Android that ingest + share address books violate Data Controller Frameworks
Read 17 tweets
14 Feb
Congress rarely provides justice or reform. It's a bastion of conflicts & procedural rules.

But for 18 months after a Presidential election, an agenda can be set.

& Congress can't chew gum and walk - they fuck that up bad. We could get 1 trial, or debates on a bunch of issues.
If President Biden had demanded Congress hold a trial, with witnesses and tons of subcommittee hearings, he could have easily done that. And he could have put so much pressure that today could have easily been a different outcome. Now, why didn't Biden put all his chips on this?
A U.S. President has about 18 months after a Presidential Election to get something important done. From 1990's healthcare reform attempts, Bush tax cuts, Obamacare, Trump's tax efforts -- and Biden *could have chosen* to spend his time/political capital on a trial.
Read 6 tweets
11 Feb
Imagine you are in charge of security for the Pentagon web portals - you've got a specific website to control where both external contractors + internal staff access it.

One day, you wake up & a Chrome Extension claims to "support your users" w/ XYZ features you didn't make 🧵
To make matters worse, you've discovered that dozens of your users have installed the extension within days of the extension being released - & you find out that extension developer has been paying the extension store to promote this dangerous extension on search & video sites.
Now, what do you do? Do you initiate an internal meeting to audit the extensions in order to try and break the features that are unsafe? Do you contact the extension store to demand the extension be taken down? Contact the dev? Do you warn your users or disable their accounts?
Read 9 tweets
29 Oct 20
This is some of the worst ad tech research I’ve ever seen. The markup doesn’t have access to the actual bidding details of either campaign - they don’t have exclusion data either.

A few FB buying facts:

1) Exclusion audiences save money when high-bid pages are in an audience.
2) custom audiences cost less than native FB targeting of page interests/likes

3) lookalikes cost less than custom audiences, and less than native FB targeting

4) campaigns bid against each other - hugely popular states like Florida has tons of competition
5) it’s possible to attack the CPM rates by buying ads against XYZ fan page. Take 40 ads accounts you control, bid on only fan pages (Obama/Biden,hrc) & bid very high. Biden’s optimization choices for a campaign could then be used to push his CPM rates in some markets sky-high.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!