“If you’d told me two years ago that I’d be talking about click fraud daily,” says a security analyst from one of the major search engines, “I’d have laughed at you, now it’s the major focus of my job.”
It’s not that click fraud didn’t exist two years ago. In one form or another, click fraud has been a part of the PPC advertising scene since the earliest days of the Internet. The sheer scope of the problem has exploded in the past few years thanks in large part to the success of Google’s AdSense program.
The most common motivation behind click fraud is monetary gain – whether through defrauding Google and advertisers directly and collecting payment for bogus clicks, gaining competitive advantage by driving up a competitor’s advertising budget and driving their ad off the web with phony impressions. There are other motives, though, including revenge and malicious mischief. Likewise, there are several different types of click fraud, though they all have the same basic intent and effect: by repeatedly clicking on a PPC ad, they either pad their own earnings from the PPC provider or deplete the advertising budget of a competitor
The simplest type of click fraud happens when a publisher accepts PPC ads on his site, then clicks on them himself or has others do the dirty work. This can be one of the hardest types of ‘insincere clicks’ to spot, especially if it’s kept to low levels. It isn’t always, though. Not long ago, the India Times reported that some entrepreneurs were hiring Indian housewives and students to sit in a room and repeatedly click on PPC ads on websites, and paying them about $200 a month.
A bit further up the ladder of sophistication, some employ ‘bots’, software that can be programmed to crawl through the web much like the search engines’ spiders, clicking on PPC ads. These can be relatively easy to spot, says one of the PPC engines, if the bots are relatively unsophisticated. It’s not difficult to spot a script running from one or a handful of IPs. It becomes more difficult to find when the perpetrators also use proxies and other methods to mask the originating IP and make it seem that the clicks are coming from many different computers and places.
Backdoor Trojans add yet another layer of sophistication to click fraud. Hackers use virus infection methods to insert a program on the computer of an unsuspecting Internet user. Once the Trojan is in, a script can be set to run on it to invisibly surf the net, clicking on certain ads, or loading and reloading pages that carry ads. By using hundreds or even thousands of machines, each only clicking on an ad 10-15 times per day, fraudsters can virtually avoid detection unless a red flag is raised elsewhere in the advertiser’s system.
Botnets, zombie computers and bot armies are just some of the names that are being applied to these computers that are being hacked and used to commit click fraud. In a typical scenario, a webmaster sets up a site with some keyword content on it, and applies for and is accepted into Google’s ad program. Once he’s set up, he sends out the scripts to the computers under his control that tell them the addresses of sites to visit, and the number of times to click on each ad. With ten thousand computers clicking on an ad no more than ten times each, the scammer can easily rake in $10,000 to $15,000 per month without being detected.
One of the more difficult parts of detecting click fraud is that it changes with the growth of technology. It takes advantage of features built into the pay per click advertising model – like devaluing desired keywords by lowering their click through rate and disabling them. One of Google’s features will disable keywords when ads linked to it are viewed often but seldom clicked. An unscrupulous advertiser can launch multiple searches using those keywords without clicking through on the ads, effectively lowering the click through rate. The advertiser can then put in a much lower bid for the devalued keyword and acquire a top spot using for a fraction of what it cost his competitor.
These methods only address the strictest definition of click fraud. There are other methods that are only marginally more ethical – and potentially more harmful, such as link spam, splogs and link farms. Obviously, the misuse of PPC advertising is a complex problem that doesn’t have an easy solution. The most effective solutions all involve community policing and networking with other advertisers to help spot trends that are too subtle to show up when you’re only looking at the stats for one or two sites.
Until this happens, click fraud will continue to grow, despite the assurances by the search click engines that they’ve got it under control. It will only be under control when we all take a hand in bringing it to its knees.
By Jay Stockwell
Click Sentinel Founder
Fighting Click Fraud Together
Join our power packed PPC newsletter and get our FREE 12 part course: 