March 13, 2019 | by Ralph

How Does Click Forensics Work?

In pay-per-click advertising, the truths we hold evident and have to adapt to are the following:

One, Google reigns over digital marketing, pay-per-click included.
Two, here’s no such thing as a “successful campaign” without precisely defined goals.
Three, everyone will deal with invalid or fraudulent clicks.

Google Ads is arguably the best PPC platform there is, so you’re probably already on it. You can easily set a goal for a campaign if you think about the reason why you planned to launch it.

But fraudulent clicks? You can’t just let them be — they hurt campaigns, and yours won’t be an exception. Adapting to them means finding a way to fight back, and you can only do it using click forensics.

What Is Click Forensics?

Click forensics isn’t nearly as exciting as the forensic work you can see on TV. And the forensic work you can see on TV isn’t the most exciting part of police work, either.

But what it lacks in excitement, click forensics more than compensates in usefulness. If you’re well-versed in it, you can look at certain data points and determine the likelihood that a click, or a group of clicks, is fraudulent.

When you know a click is fraudulent, you can ask Google to investigate it and maybe issue a click fraud refund. Even more importantly, you can block the IP the click came from, preventing it from being used to mess with your ads again.

Shouldn’t Google Have Automatic Forensics

Google Ads already does some of the click forensics for you. That’s how it knows not to charge you for invalid clicks, for example.

The problem is that Google Ads isn’t necessarily looking at every possible data point when determining the nature of every click. Some clicks that would otherwise be invalid or fraudulent simply aren’t listed as such.

It’s obvious that this discrepancy can be exploited. Google Ads’ forensic net doesn’t catch every perp, so there’s room for you to get involved if you want better fraud protection for your PPC ads.

Click Forensics in Seven Rock-solid Segments

Ready to learn a thing or two about click forensics? Yes?

How about seven things? You want to be thorough, and to master the field of click forensics you’ll need to understand all seven segments of data you can analyze in a forensic inquiry.

1. The click segment will tell you useful things about the on-site behavior of a person behind a single click.

You can see, for example, how much time they spent on the website, whether they are a repeat visitor, and whether they converted.

Photo: Real users and bots exhibit different behaviors. The image above shows the comparison between the two. Fraudulent visits usually don't trigger our on-page visit timer.

2. The platform segment contains data about browser fingerprints and more detailed data about the device.

If you didn’t know that browsers have fingerprints, now you do. But as opposed to your crime scene variety of forensic work, it’s the absence of fingerprints you use as evidence of click fraud.

Photo: Each device sends a unique fingerprint. It is very suspicious if you are not able to determine the operating system, browser, screen resolution, or any of the many other platform properties. The most common visits that do not have a fingerprint are those coming from data centers.

3. The target segment tracks one of the most important data points, the GCLID, as well as landing page info.

GCLID is a unique value given to every click on your ad. When you see the same GCLID in impressions coming from different IP addresses or devices, there’s a reason to suspect fraud.

4. The ad info segment is where you can see the attribution of the click in the context of the campaign.

For example, you can notice that whoever is clicking your ads is very good at picking the ads triggered by the most expensive keywords you bid on. If that smells fishy to you, it’s for a reason.

5. The visitor segment gives us data about the IP address and the device the visit is coming from.

Determining the IP address behind a click is one of the most basic, and most useful, techniques in click forensics. A large volume of clicks from the same IP address is the textbook example of click fraud.

Photo: A common tactic fraudsters use is to employ IP ranges. If you are able to detect the source, then you could easily set rules to block all clicks within a certain IP range.

6. The threat segment deals with several data points that help determine the level of risk from every single click.

This is where you’ll see if a visit is coming from a proxy server, or if there are bots or crawlers clicking on your ads.

7. The Geo segment contains the information about the geographical origin of the click.

Location is a particularly important piece of info that’s getting increasingly hard to figure out. Clicks coming from outside of the regions you targeted with ads are an important warning signs.

What’s the Next Step?

The segments, and the data points they contain, are parameters you’ll use to search for fraudulent clicks. To be effective, you’ll need to understand patterns that indicate fraud.

You’ve already read about some — a large volume of clicks from a single IP address, and clicks coming from outside of your geo-targeted areas are some of the patterns to be on the lookout for.

You can also notice things like browsers with unrealistic resolutions, the same device clicking on your ads using different IPs, or plenty of extremely short visits on multiple campaigns from the same IP or device.

Photo: "Normal vs suspicious behavior" analysis on the device level. When you have your forensics set up properly, then you can easily spot a device responsible for click fraud. In this case, the user on the right-hand side of the photo was changing IP addresses and clicking on ads from the same device.

When you notice these signs of fraud, you can call on Google Ads to investigate. But more importantly, you can also block the IP, so that it stops putting dents into your budget.

Who’s Got the Time to Do Click Forensics Manually?

The real problem with click forensics isn’t in the limitations of the technology it uses. It’s in the time it takes to do it well by hand.

Blocking IPs is a huge time sink if you want to do it manually. But it’s still a good tool for combating click fraud.

ClickGUARD will detect and block fraudulent activity for you, minimizing the damage. ClickGUARD will help boost the performance of your campaigns, making it easier for them to reach your goal. And best of all, ClickGUARD will do all of this with minimal input from you, leaving you to spend your time in more productive ways.

Click forensics isn’t nearly as cool or interesting as it sounds. Still, it’s something that needs to be done.

So why don’t you let ClickGUARD do it for you?