What you need to know

• Former Upstream CEO Guy Krief couldn't believe his luck when his digital marketing drove 100,000 subscriptions in a single day. He was right to be sceptical. His company, Upstream, was a victim of fraud.
• And his experience triggered a multi-year journey culminating in the launch of Unclickable, a documentary about how Krief and a small team of developers built a working ad fraud operation in five weeks to steal money from the marketing budgets of the Democrat and Republican parties
• They proved their point, but for legal reasons, never collected the money.
• From small merchants in Johannesburg to SMEs in the US, the film reveals that the victims are not only well-resourced multinational brands. Ordinary people are financially harmed, losing significant income to inflated data charges or fake ad traffic.
• It also exposes Big Tech complicity. Facebook, Google, telcos and phone manufacturers come under fire in the film for failing to act, or worse, for profiting from the fraud, while allowing malware and botnets to flourish.
• Krief also claims major advertisers and platforms are ignoring the issue to protect jobs, specifically their own - he says a Door Dash executive admitted as much to him off-camera.
• Even after publishing exposés and offering tools to block fraud, Krief says platforms, app stores and telcos showed little interest in disrupting the revenue streams malware generates.
• The film argues ad fraud persists because it’s rarely prosecuted, and can often be operated ‘legally’ across borders under current laws, meaning massive financial crimes face little real accountability. But the bottom line is that ad fraud is just fraud.
• Unclickable is now streaming via select international festivals, with more territories to follow.

Guy Krief’s journey into the murky underworld of ad fraud began more in confusion than curiosity. As the CEO and chief innovation officer of Upstream, a mobile technology company operating across 45 countries, particularly emerging markets like Nigeria and South Africa, Krief was celebrating what appeared to be an explosive campaign success in Brazil. The company had apparently signed up over 100,000 new paid subscriptions in a single day.

Celebrations were short-lived. “After the initial absolute joy of me being a magician,” Krief says wryly, “we started thinking that that did not make sense.”

Indeed, a deeper dive revealed that the campaign had been hijacked by malware-infected Android devices subscribing users multiple times a day to claim ad network payouts.

Krief was hardly a technology novice. He already had a track record of successfully launching and funding technology businesses such as Persado and Briq. But this was his first exposure to the real scale and sophistication of mobile ad fraud, and the extent to which entire ecosystems, from telecom operators to app stores, were silently profiting from it.

Krief understood that ad fraud was not a victimless crime, nor even mostly a crime where some of the victims might be harder to love. Take Uber for instance. The ride-share company famously lost $200m to ad fraud over a number of years, and it then successfully sued its agencies to recover some of the losses.

Plus, due to his personal experiences with poverty as a young man, along with his exposure to the financial stresses his customers faced in emerging markets, he understood how ad fraud directly hurts and impoverishes already vulnerable people.

The result of Krief's trip down the digital rabbit hole is Unclickable, a three-year passion project inspired by The Big Short, in which Krief and a team of four developers built a functioning ad fraud operation from scratch to prove how trivially easy and unchecked it is to do so. He created the film in collaboration with Babis Makridis.

Too easy

“We actually wasted time trying to make it sophisticated, trying to make it look less like obvious fraud. That’s where we lost a lot of time. We could’ve just done something brute force from the start, like using the same IP, one server, and constantly sending maximum requests. At first, we were trying to use proper IPs, and vary the timing throughout the day. But you don’t need any of that."

The goal wasn’t to profit, but rather to demonstrate and to put on camera the scale, ease, and abject failure of an industry that tolerates billions in losses and human collateral damage, so long as no one has to admit the truth.

Shailin Dhar, who co-founded anti-ad fraud business Mehtod Media Intelligence after having worked for sometime in an ad fraud describes to Krief how lucrative the trade is. "You turn this dial and the money just starts pouring in.” 

"At the end of my first year we had gone from two to 20, to 150 sites. These web sites were about nothing… we kept another 150 sites as backups for when any of these 150 sites got black listed in the exchanges, we would just direct that traffic to one of the backup sites, and keep the money flowing."

Facebook and Google come off particularly badly in the film but are not the only big companies to do so. Telcos and phone manufacturers are also in the crosshairs.

In other words, the very companies meant to protect their customers had become beneficiaries of the theft, were profiting as accomplices and hurting some of the most vulnerable people in the world, Krief suggests.

In Unclickable, he interviews Nomfundo, a small businesswoman and food merchant in Johannesburg. She is one of millions of people in emerging economies to benefit from the rise of smartphones over the last two decades. But as the film makes clear, she is also a victim of a scam made possible by smart mobility. In Unclickable, we learn that she loses 20 per cent of her monthly income of approximately $US350 to mobile data fees artificially inflated by malware that is committing ad fraud. "With the business I'm doing, I rely on that because people make orders via Whatsapp," she says.

For many advertisers all over the world, those losses are often felt very personally. For instance, it's money straight out of the pockets of a husband and wife business like Bluescentric, a music memorabilia company owned by Matt Marshall Hoemann and his partner. In the film, Marshall Hoemann tells Krief he felt sick after he calculated the more than $10k fraudulent losses he suffered from ad fraud on Facebook.

"I could spend $200 a day just on ads, " says Homan. "What was happening was a user would see our ad, click on it, but never actually reach our website. They didn’t visit and leave. They just disappeared somewhere between the click and our site. And we were still getting charged for it."

Homan tells Krief that Facebook claimed they were showing Bluecentric's ads to real people, but all the click-throughs were fake, "just bots designed to take a cut of our ad spend. They were saying, 'You had 10,000 people come through,' but in reality, it was more like 8,000. And we were being charged for the full 10,000. A week before our busy season, we had to shut off all advertising."

In what sounds like a victim impact statement, he says, "What upsets me the most about it is I was able to see this in the Facebook analytics, and it's quite clear, but I'm still getting charged $1 to $10 depending on what they're clicking on. I don't understand why you wouldn't stop fraud like that."

According to Krief, "The perception around ad fraud is that it’s a victimless crime – just stealing money from companies like Coca-Cola and Nestlé, so who cares? But that’s actually very far from the truth. We ended up seeing the most vulnerable people being defrauded, and they didn’t even realise it."

The documentary, which is set just before and after the 2020 US election, dissects the then approximately $70 billion global ad fraud racket from the inside out after Krief and his team built their own fraud operation specifically designed to siphon spending from the Democrat and Republican Parties and operatives via programmatic ad networks. 

At the end of the film, Krief reveals how much money the team was on track to defraud advertisers over a full year with just seven sites, and how easily they could have scaled the fraud to millions. For legal reasons, they never collected the money from the ad networks.

He also declined to name the ad networks, although he tells Mi3, "We can clearly see Google AdSense in the film; we cannot disclose the names of the many others."

Neither Facebook nor Google agreed to speak to Krief.

Speed to market

Unclickable opens with Krief recruiting four average software developers with no ad fraud background and installing them in a basement workspace during the pandemic. Their brief is to build a working ad fraud engine from scratch. They give themselves five weeks.

Ocean's Eleven it's not, and for the first 10 minutes or so, critics wanting to discount their efforts could dismiss the activity as much more of a Made for Advertising play than outright fraud. But that changes once they start paying bots to click ads and generate income. 

They probably over-engineered their solution, Krief tells Mi3.

“We spent more time trying to make it look less fraudulent,” Krief recalls. “We wanted it to be realistic, to use multiple IPs, time requests to mimic user behaviour, that kind of thing. But it turns out, you don’t even need to try. A simple brute-force system — single server, fixed IP, just hammering the ad network — was enough to generate money.” In other words, the most unsophisticated fraud was also the most effective.

Crucially, the experiment didn't just show technical feasibility, it exposed the complacency and blind spots built into the adtech supply chain. Despite their amateur status, the team was able to insert fake inventory, generate fake engagement, and start capturing budget – all without raising red flags. The platforms kept buying, the algorithms kept optimising, the money kept flowing and the size of the take kept growing. 

“We didn’t even touch the infected device networks,” he says. “And those are for rent. Tens of millions of Android phones out there are infected with malware and available on the underground market. If we’d used those, we would have been practically undetectable.”

The stark takeaway from the experiment is that if a handful of novices can fabricate performance metrics and divert real marketing dollars in weeks, what can skilled operators, with access to global botnets, cloaking techniques, and anonymisation layers, pull off at scale?

We already know the answer – billions of dollars are stolen each year, and as fraudsters have shifted higher value video inventory, that take is expanding

According to Augustine Fou, an ad fraud consultant and investigator who features in the film, "The 2020 documentary showed how easy ad fraud was to commit and how scalable it was – just multiply the number of sites to multiply the fraudulent ad revenue. That's exactly what has happened since 2020. The majority of impressions bought and sold in 2025, for example, in CTV, are manufactured fraudulently.

Keep sleepwalking 

Tens of billions of dollars evaporate annually, and most marketers don’t seem to care, Krief tells Mi3. In the ad fraud operation that he set up, the team started receiving a lot of bids from DoorDash, he says.

"We were taking a lot of money from DoorDash. For some reason, they were bidding heavily on the traffic we were stealing from [legitimate sites we scraped], so we ended up doing a lot of DoorDash. I got in touch with someone in their marketing department. He didn’t want to be interviewed or anything formal, but we had an informal chat."

"His point was, 'Look, every quarter we do internal presentations showing that we're bringing in users for like five cents, and everyone’s happy with us. We've been doing that for years. If we come back now and say, ‘You know what, the real cost isn’t five cents, it’s actually two and a half dollars, and we've been fooled,’ we’re going to lose our jobs,” says Krief. "He said, 'At some point, we thought it was better to go with clean traffic, but that ended up costing about ten times more, and we had no explanation for anyone.'"

It's career preservation over commercial integrity, Krief argues – and marketers and agencies have privately been saying the same thing for more than a decade.

Unholy alliances

After his own ad fraud experience at Upstream, Krief had his team build tools to detect and block fraudulent subscriptions.

"All of the malware on these devices was going after our campaigns, and they were trying to subscribe people to get the payout. We built a platform that will block that. And by building this platform, we started seeing the scale of the malware-infected devices for the purpose of ad fraud in emerging markets. And we're talking about tens of millions of devices."

Armed with the data collected by Upstream, the team looked for allies to help them fight back against the fraud, but they quickly ran into a wall of quiet resistance, and not from the fraudsters. “We went to the telcos and showed them what was happening to their users,” he recalls. “And their response was: 'Thanks for blocking the fraud on premium services, that’s enough. Because the malware consumes a lot of data, and that’s money for us.' ”

App platforms and ad networks don’t come out clean either. Krief singles out Vidmate, a video app with over a billion installs, which was tied to extensive malware distribution. “We did three separate exposés," he says, each picked up by major media like The Wall Street Journal, “and nothing happened.”

Even Google, which occasionally removes malicious apps from the Play Store, offers little more than theatre, he argues. “They’ll celebrate removing one app with 20 million installs,” Krief says, “but the average infected device has four or five malware payloads. Removing one is like scooping a teacup out of the ocean.”

“It’s an ecosystem and it works because everyone benefits except the person holding the phone.”

Pre-installed malware

In Unclickable Krief lays out a portrait of an ecosystem where businesses profit, directly or indirectly, from fraud, including mobile operators, ad networks, and app stores like Google Play. Part of the problem is that it is a legal grey area, tolerated under a fog of plausible deniability, or just ignorance.

“We saw phones being sold brand new, in the box, with pre-installed malware,” he says, giving Mi3 the example of devices manufactured by PCL. "The first case was about PCL, a large Korean conglomerate. They had the license to produce and sell Alcatel phones, and they were selling devices with pre-installed malware. There was a weather app included, I don’t think they did it on purpose. They were using an SDK and weren’t very careful. But suddenly, they were selling new phones in countries like Malaysia, Brazil, and South Africa, where the phones came with malware pre-installed right out of the box."

Operating with impunity

Part of the problem is that ad fraud isn’t prosecuted like financial crime, even though, in any analogous context, it probably would be.

There are other problems too.

"The first thing is, it's a very small crime at the individual level, so who’s going to complain? And who would they even complain to? We’re talking about entities with offices in China, distributing their apps through the App Store, and affecting a user in Brazil."

Per Krief, "But now we're talking about the infection, the distribution of malware. When you're committing ad fraud, you're basically renting these guys. You're saying, 'I want good quality fake traffic on my website, and here's how much I'm paying,' or something like that. In the programmatic world, when you're doing that, you have about 15 ad networks bidding on your website for dozens of clients across multiple jurisdictions."

"The legal framework is based on geographical jurisdiction. I’m pretty confident – and this was something that was bothering me before making the documentary – that with the right setup, you could run a very legal ad fraud operation and make money from it."

For clarity, he means that as a warning, not an invitation.

Unclickable is currently available for streaming in Greece, and in the US via the Seattle International Film Festival, with new territories in the pipeline.