How to protect yourself from click fraud
A large portion of online advertisements are run on a per-click basis. Advertisers only pay for banner or text ads on search engines (Search Engine Advertising, SEA) when a potential customer actually clicks on the ad. This is at least how operators of large advertising networks like Google AdWords or Bing Ads sell this business model. Time and again those placing advertisements realise that their ads often don’t achieve their desired results despite the fact that they seem to indicate a high click rate. One potential reason for this could be click fraud.
What is click fraud? And what does it achieve?
Click fraud refers to the targeted manipulation of the billing systems used by online advertisers. Artificially generated clicks on banner and text advertisements or affiliate links are the main means of deceit that this scheme relies on. Here, fraudsters generally exploit the ‘pay-per-click’ billing system, which only generates revenue when the user actively clicks on the advertisements. Depending on the fraudster’s intentions, artificial clicks that indicate no real interest in the ad in question may bear consequences for the advertiser or the publisher whose website the ad is running on. While those running the ads ‘only’ lose money due to the useless clicks they’ve purchased, advertising platforms appear to profit from click fraud, at least at first glance when the slogan ‘more clicks equals higher commission’ is understood. But publishers who’ve had instances of click fraud registered on their sites run the risk of being banned by advertising partners. Here are some incentives for simulating clicks:
- To obtain a service by means of fraud
- To gain a competitive edge
When, instead of being victims, publishers are responsible for the click fraud themselves, it usually means that this is an attempt to generate additional income. To this end, the click rates of ads posted on their own websites are artificially increased; this is either carried out manually or done with the help of software-supported measures. Furthermore, click fraud is also often used as a means of adding clicks to advertisements with certain keywords, increasing its sale price in the process. In both of these cases, the fraud comes at the expense of the advertising client. But the clients’ frustration is also shared by the likes of advertising networks, like Google AdWords or Bing ads. This is due to the fact that manipulating their billing system results in lasting damage to their clients’ trust. What makes matters worse, at least as far as the publishers are concerned, is that they’re faced with sanctions if it can be proven that they were responsible for the click fraud themselves.
For this reason, it’s often the case that cases of click rate manipulation can be traced back to competitors seeking an advantage. Other advertising operators may engage in click fraud in order to drain or completely exhaust the advertising budget of the competition. The goal of this method is to displace the competitors’ advertisements out of the search engine or any relevant websites. Publishers also sometimes try to manipulate competing sites through artificially generated clicks. The goal here is to incite the advertising network to ban the competition.
A special form of click fraud doesn’t focus on paid advertisements, and instead seeks to rake in artificial views on video portals, like YouTube, Vimeo, or Dailymotion. The aim of this method is to generate more coverage in order to increase ad revenue. Social networks like Facebook or Twitter have also experienced cases of click fraud; here, purchased Likes are at the center of the fraudsters’ attention.
Click fraud techniques
Click fraud is either carried out manually or it’s automated through corresponding software. Common methods include:
- Manual clicks: click fraudsters generally can’t cause as much damage by manually clicking on advertisements. Here, the offender does the clicking on their own or enlists their friends, acquaintances, or fellow employees to do so.
- Click farming: this involves outsourcing the clicking of advertising banners, text advertisements, videos, and posts in social networks to poorly paid workers. Such large quantities of clicks are able to deal enormous damage to their targets’ advertising budgets and/or reputations.
- Click robots: click robots refer to a type of software that was programmed in order to automatically generate clicks thereby making clicks generated by human users superfluous.
- Bot nets: A bot net refers to cases in which multiple click robots are hosted on hijacked servers. This allows a large number of clicks to be generated through various IP addresses.
Additionally, clicks on advertisements or social media posts are sometimes generated through campaigns in social networks or forums. Here, the placed links incite users to contribute to click fraud in order to push content or bring about unnecessary costs.
Counter measures
Mechanisms designed to counteract click fraud can be found on all of the largest advertising platforms. Operators like Google or Microsoft aren’t only investing in their client’s trust; they’re also protecting themselves from potential lawsuits from frustrated advertisers that seek to call large invoices into question.
Click fraud filter
In order to prevent click fraud, both automatic as well as manual, test steps come into play. To this end, Google relies on an online filter that checks all the clicks on ads and automatically intercepts them whenever suspicious times, dates, or IP addresses are noticed. These are then manually inspected by Google employees during the next step. AdWords users also have the option of reporting suspicious click behaviour. If, after inspection, it turns out that it was indeed click fraud that was responsible for the loss of ad revenue, then the client is reimbursed.
Manually checking suspicious clicks
In order to track down invalid clicks, web operators generally employ the same tracking mechanisms that advertisements’ success monitoring tools are based on. For example, Google Analytics offers a server-side implementation that makes it possible to monitor the success and variations of a web campaign in terms of click rates. Click patterns featuring strong increases in visitor numbers with no conversions are a strong indication for abuse. In such cases, it’s recommended to compare suspicious clicks with those that are stored in the web server’s log files. Relevant information includes:
- The IP address
- Time stamp of the click
- Time stamp of an action on the website
- The user agent
While a site visitor’s IP address displays the exit server of a suspected instance of click fraud, comparing time stamps helps locate clicks that lead to websites that don’t yield any conversions; this is a tell-tale sign of click fraud. Taking a look at user agents allows advertisers to determine whether clicks can be traced back to the same device or originate via a certain IP address from multiple users. Advertisers should investigate to see whether clicks that have been registered through a certain IP address may belong to a proxy server or not. Such communication interfaces are often used by public networks, such as those provided free-of-charge in cafés, universities, or airports. Click fraud is sometimes camouflaged with the help of proxy servers. Here, it may be useful to carry out a user behavior analysis on the website that’s connected to the advertisement. Repetitive patterns may indicated instances of click fraud.
IP addresses that are revealed to be the starting points of click fraud can be blocked by advertising network operators. Ads are no longer displayed to such users, eliminating fraudulent clicks in the process. A safe way to avoid click fraud is to start a remarketing campaign. These efforts only display ads to users that have already visited a given website and carried out a particular action there.