What is Click Fraud and How To Stop and Prevent It

The ultimate guide to understanding and stopping click fraud.

An estimated 54% of the world’s population now has internet access. And that number is rapidly growing. Research also shows that people from around the planet now spend considerably more time online than they do watching TV. This global phenomenon has opened the floodgates of online marketing. Businesses and advertisers are turning to digital ad platforms to compete for their audience’s attention like never before.

Due to the increased necessity for an online presence and overall market demand, digital advertising spending is projected to reach $237 billion or 44% of all global advertising revenues. This well surpasses television as the single most popular marketing channel used today.

Despite the fact that a large portion of established marketers are flocking to PPC and digital ads as a whole, the challenges that issues like ad click fraud can generate make it increasingly difficult to build a successful online marketing campaign. Click fraud, along with various other forms of undesirable money-wasting clicks, come in different forms and occur for various reasons. However, they all have detrimental effects on any company’s advertising efforts.

Mitigating the negative effects that come with illegitimate traffic is extremely important for the success of any marketing endeavor. Therefore, marketers need to monitor, track, understand the source, and study the specific way each of these various types of money-wasting clicks is generated in order to set up effective protective mechanisms.

Today, false clicks that waste money and don’t generate any kind of meaningful value or revenue are costing advertisers billions of dollars ($6.5 billion in 2017). They are the single biggest challenge PPC marketers have to face.

In this comprehensive guide, you will learn all about what click fraud is, what the sources and signs of click fraud are, and how to prevent it in your marketing campaigns! But, in order to comprehend the basic concept behind this problem, it’s important to first dive into the history and overall objective of the paid online advertising industry. If you’re already familiar with the history behind digital ads, feel free to skip ahead to part 3.

The History of PPC and Rise of AdWords

The idea behind advertising has been around for centuries. But the marketing industry has come a long way since its humble origins. Today, it’s a multi-trillion dollar global phenomenon that has become a necessity for businesses of all sizes.

From local mom-and-pop shops up to the biggest manufacturers in the world, almost all businesses invest part of their annual budget into marketing. Moreover, there are dozens of different platforms to choose from and a myriad of applicable strategies. But the main goal remains the same – to reel in more customers and become a profitable company initiative.

Many marketers still rely on traditional advertising channels such as television, billboards, radio, and print media. These forms of advertising are characterized as being static or linear, except for a few unique scenarios. They suffer from limited control, delayed feedback and the fact that consumers can’t really interact with them.

However, most marketers see the value of online and digital advertising, and invest in it heavily.

The Early Beginnings of Digital Marketing

The development and widespread popularity of online technology has been critical to the evolution of the marketing industry. Inventions like computers and the internet are responsible for transforming the advertising landscape, laying the foundations for what it would become today.

For decades, marketers invested millions of dollars into traditional marketing based on educated guesses, making these campaigns somewhat unpredictable. Even when their advertising campaigns were successful, most companies couldn’t maintain a steady performance. Advertisers were incapable of quantifying or identifying the specific reason why certain ads performed better than others. They could take guesses, and talk to focus groups, but there was no data to back up the assumptions.

The last decade of the 20th century marked a huge shift in the world of advertising. In 1991, the internet became publicly available to everyone that had a computer. But it wasn’t until four years later that the concept of online advertising was introduced to the world.

In October of 1994, the online subsidiary of Wired Magazine, HotWired, dramatically revolutionized the concept of advertising. They implemented the first known banner ad, one of the earliest examples of digital marketing. The ad, which bore the simple words “Have you ever clicked your mouse right here? You will” in a bright, minimalistic font, was designed as a way to generate revenue for the online publication.

HotWired charged advertisers upfront to occupy a section of the site for a specific period of time. This mimicked the traditional advertising model still found in magazine and billboard ads. The main difference was that, for the very first time, marketers could collect statistics that showed how consumers engaged with each ad.

Back then, click-through-rate (CTR) was the most important statistic available to advertisers. Some banner ads reaching as high as a 44% CTR. But, as we know now, they lost a lot of momentum in the years that followed.

The Beginning of Targeted Ads and the PPC Model

After they were introduced, banner ads became an internet-wide occurrence. They enticed practically all major online publications to join the digital advertising bandwagon. Soon, many merchants started to realize and quantify their efforts by targeting specific demographics in order to make their advertising campaigns more effective. The first instances of targeted advertising lacked the complexity and predictability of the tools available today. In most cases, companies simply identified the platform that catered to the preferred demographic and placed ads on those websites. Since many users stopped noticing an ad after seeing it too many times, certain tools also allowed companies to limit the number of times an ad was served to an individual.

By the time content and demographic targeting features became a norm, the internet was already rich with prominent websites. Businesses that had adequate resources launched campaigns across multiple sites. But they still lacked a centralized system that allowed analysis, management, and performance evaluation across all platforms.

This need for control led to the emergence of various ROI-measuring tools. They allowed merchants to track and better calibrate the performance of their campaigns on multiple websites. At the same time, advertisers also gained the ability to modify their marketing campaigns on the fly once they were live. This meant that – for the first time ever in the history of advertising – businesses could now almost instantly quantify their advertising investments. And if needed, take down underperforming ads and replace them.

By 1998, the internet was inundated with banners, pop-ups, and many other types of ads. In that same year, an up-and-coming website by the name of GoTo.com launched the pay-for-placement search engine service.

Advertisers now had the chance to bid on keywords that related to their industries, competing against other companies for the opportunity to show their ad. Pay-for-placement advertising eventually transformed into the pay-per-click (PPC) model as we know it today, in which companies bid for the opportunity to show an ad and pay only if their link was clicked on.

The Rise of Google Ads

GoTo.com’s model had a fundamental flaw: it determined search results based on the amount of money that was paid for each ad, ignoring the quality of the site. It wasn’t until the year 2000 that Google, a relatively small search engine at the time, introduced AdWords to the world. Back then, AdWords operated within the rules of the pay-for-placement model, but it also focused on delivering the best experience to consumers. The company introduced the Quality Score, which factored in the total CTR when deciding where a paid ad would be positioned within the search results. Advertisers that had the highest Quality Scores would be awarded the top rankings, even when their competitors’ bids were higher. Since then, Google has become the most popular search engine in the world, which also transformed AdWords into the largest advertising network on the planet. The platform still employs an enhanced version of the Quality Score function. This allows Google to determine the position of the ads based on an array of different factors beyond just the amount of money the advertiser spends.

The Modern World Of Online Advertising

Paid online advertising has become a norm for companies of all sizes. More than half of the world’s companies already have a well-established digital marketing strategy. The competition for the top PPC placements is fierce. Unlike the early days of digital marketing, advertisers today have a huge collection of tools that allow them to launch, calibrate, and optimize ultra-engaging campaigns. Many businesses choose to invest in PPC campaigns because they are reasonably easy to build, relatively affordable, and provide near-instant feedback. Not only this, but they also level the playing field to a certain extent. They allow for new, smaller companies to compete with leading brands for the top positions as soon as they enter the market. Modern paid online advertising is also attractive because it allows for the following.

Optimal Integration

Companies can choose to implement a number of digital solutions that help track, edit, and monetize their PPC campaigns. Modern platforms, such as Google Ads, allow complete integration with these tools in order to help advertisers create secure, profitable campaigns.

Different Delivery Formats

Ample networks will also offer the ability to serve ads in different formats. This includes simple text, banners, rich media, native, and many more. Each specific ad type has its own benefits and drawbacks, so most companies usually divide their resources in order to launch multiple campaigns across different delivery formats.

A Variety of Bidding Models

With the rise of new delivery formats, publishers and ad networks have also developed different bidding models that marketers can take advantage of. While PPC may be the most known model, other popular bidding structures include, but are not limited to:

CPM – Cost-per-1000-impressions

CPA – Cost-per-acquisition/sale

CPL – Cost-per-lead

CPI – Cost-per-installation

Quantifiable Metrics

Back in the early days of digital advertising, marketers had very few stats available. Today, advertisers can indulge in an ocean of data that’s available directly through their marketing and analytics tools. Merchants can now instantly access meaningful stats like the amount of money each lead cost or the number of conversions received from a particular campaign initiative.

Addressing the Elephant in the Room

The biggest issue with the digital marketing industry is that it operates under the assumption that most if not all traffic comes from “legitimate” sources. Marketers automatically adopt the belief that all digital interactions such as clicks and views from ad vendors like Google and Bing come from humans that have some type of marketing value. However, it’s a fact that more than half of all internet traffic is generated by software scripts called robot, or bots. Bots are designed to visit websites for a variety of reasons. But regardless of what those may be, they generate a huge amount of traffic that is reflected in PPC campaigns. This means that even if a website receives a large number of visitors, there is an equally large chance that many users don’t hold any value whatsoever.

click fraud, ad fraud, elephant in the room, google ads

Besides robots, marketers may realize that there are different sources of illegitimate ad traffic, which may result in worthless interactions. These non-revenue generating clicks hold no value to advertisers, but they are still intertwined with relevant ad traffic and therefore have a huge impact on the performance of a company’s digital marketing campaign. A realistic estimation of the percentage of internet traffic that actually holds marketing value doesn’t exist, so it’s impossible to accurately gauge the full scope of illegitimate clicks. We know that about one-third of ad clicks come from click fraud. But plenty of clicks from real people won’t end of converting either. This is just a fact of doing business. Ad vendors should dedicate resources to protect advertisers’ budgets. However, considering that these ad networks reap tremendous financial benefits from the inflated traffic, that’s just wishful thinking. Google and other ads networks have pledged to combat Illegitimate clicks in one way or another. However, in most instances, the mechanisms put in place fail to effectively identify or stop illegitimate traffic. What’s more, the model under which these large platforms operate actually encourages the proliferation of illegitimate clicks. Although it’s frowned upon, almost all companies fall into the trap of purchasing sourced web traffic. As the name indicates, this practice consists of paying for a certain number of unique visitors. They are redirected to a merchant’s site in order to achieve different objectives. Even though this practice may seem sound in theory, it can actually improve the chances of being targeted by illegitimate ad clicks. Even the most powerful companies in the world are not capable of inspecting all or even most of the traffic they purchase from third-parties. This means that web traffic providers can easily generate a huge number of bogus visitors in the form of bots and by other means, combine them with legitimate sources, and charge websites for redirecting visitors that have no real marketing value.

What is Click Fraud?

Click fraud is often used as an umbrella term to describe all the sources of non-revenue generating traffic like robots, competitors, and criminal organizations. However, in its purest form, ad click fraud can be defined as a deceitful interaction between a user and a PPC ad that is taken in order to generate illegitimate charges for marketers. These fraudulent users may be human, robots, or a combination of the two. Unfortunately, illegitimate clicks may ultimately make up a huge portion of most company’s PPC spending. Furthermore, all instances of ad click fraud have a culprit, be it a competitor or organization that somehow benefits from draining a company’s PPC budget. There are also many cases where illegitimate clicks are more complex than just click fraud, making the issue complicated and messy.

Ad Click Fraud Vs. Other Types of Illegitimate Ad Clicks

Ad click fraud and the various forms of illegitimate invalid ad clicks share similar characteristics and both can have very negative effects on a company’s marketing efforts, regardless of their source. Therefore, it’s up to advertisers to learn as much as they can about their clicks, where they come from, and how they are being generated in order to develop effective defensive solutions against pervasive attacks.

The best way to define if an ad click was fraudulent or not is to look at the click source as well as it’s post-click behavior in order to determine if any intent can be assigned to it. Since all illegitimate clicks result in some type of financial loss for marketers, it might be worth it to look into if any parties have a vested interest to engage in malicious clicks.

Fraudulent ad clicks do not always have to come directly from the source that will benefit from the fraud (although they often can). Some parties will hire unethical groups to help them target a certain company.

On the other hand, there are multiple scenarios where illegitimate or invalid ad clicks can occur without any malicious intent. For instance, parties that repeatedly interact with ads due to confusion.

Where Exactly Do These Fraudulent Clicks Come From?

Illegitimate clicks can come from a variety of sources. Many of these clicks are intentionally malicious, but some can be a bit more nebulous. Knowing where to expect click fraud to come from, and knowing what kind your business suffers from, is the first step in mitigating this issue.

Remember that dealing with resource-draining clicks is an ongoing endeavor. Not only are new sources of false clicks a real threat, but just like software exploits or virus coders, dedicated organizations are always motivated to look for a way to exploit weaknesses in order to dismantle the established security standards.

Deciphering the origin of illegitimate clicks will help advertisers identify the patterns these malicious interactions create.

The Most Common Threat Sources:

Threat Source	Description	Motive	Threat Level
Competitors	Very common, and depending on sophistication or tactics can cause massive amounts of damage.	Financial Gain Rivalry Easy Sabotage	High
Bots & Crawlers	More than 50% of all internet traffic is non-human. Billions of these clicks are generated daily across all PPC platforms.	Data Collection Spam Scripting	Medium
Proxies	Anonymous and elusive by nature and often distorts both PPC and analytics data.	Anonymity Geolocation spoofing Network spoofing Accessing restricted content	High
Click Farms	Very sophisticated dark web based business based around social media fake likes, followers, and PPC clicks.	Hired to click Profit	Medium
Methbot Networks	Blackhat ad network exploits.	Profit	Low
Lookie-Loos	Indecisive resource and margin-draining individuals.	Confusion Indecision Boredom Non-malicious	Low
Disgruntled Customers	Varies by business and fairly unlikely to happen.	Sociopathy Revenge	Low
Shady Publishers	Motivated by profits, so it’s never personal.	Quick profit Network exploit	Medium

Threat Source Details

Unethical Competitors

Competitors are the most obvious suspects of click fraud. It’s expected that rivals would always be looking for a way to gain an advantage over other companies, especially in highly competitive spaces. The worst part is that depleting a company’s PPC budget in order to prevent their ads from showing to potential customers is not at all difficult.

A pay-per-click ad will show until its daily budget has been run out. So competitors will run through your ads quickly to prevent real potential customers from seeing it. You may be able to identify this form of click fraud if you find that all of your ad clicks take place in the first hours that your ad is live each day.

Many small business owners tend to overlook this issue. But competitors that sabotage another company’s PPC campaign may cause thousands of dollars in financial damages. Unlike major corporations, smaller players may not have the funds to cover the additional expenses. This could cripple their entire marketing plan.

Competitor click fraud may come in the form of recurring ad clicks from a single device or hundreds of clicks across multiple devices, depending on the complexity of the methodologies involved. Some unethical businesses may even hire third-parties to click on your ads on their behalf.

Bots and Crawlers

As mentioned before, bots generate more than half of the internet’s total traffic. They are a major source of illegitimate clicks. And, even though many bots are designed to carry out productive tasks, some may still engage in illegitimate interactions on a regular basis.

There is a rather big difference between good bots and bad bots. Robots that have a positive function are employed by search engines and other entities to help monitor a website’s health, make sure it’s included in search engine results, and share its content via social media.

Today, millions of crawlers perform a variety of functions, good and bad. They check for broken links, capture SEO data, scrape content, follow RSS feeds and snoop for security vulnerabilities. They are a significant part of the pay-per-click traffic ecosystem. Sophisticated robots designed to mimic human behavior can spoof their device type, accept and remember cookies, simulate mouse movement, and even fill out conversion forms.

In some cases, even the good bots may go rogue and start clicking on ads while interacting with websites or search engines. This can easily result in wasteful spending, even if the bot was not designed to have a negative impact on a company’s marketing campaigns.

Proxy Clicks

Growing demand for privacy and ways to bypass internet censorship from certain regions has raised the popularity of proxy services in recent years. Proxies allow internet users to disguise and spoof their IP address, ISP network, and physical location through remote connections.

Most advertisers use geographical targeting in their campaigns. Because proxy servers deceive the location detection of these ad networks, by definition most proxy clicks generated are illegitimate. The generated impression will be based on a false and deceptive location and network data provided by the proxied IP address. You will receive clicks with incorrect data behind them, negatively influencing your marketing data.

Moreover, proxy networks are highly popular with nefarious actors. They are designed for anonymity, hiding, and deceiving both people and detection systems. Marketers experiencing high levels of repetitive proxy service clicks should audit their campaigns to check the impact on their tracking analytics as well as the financial impact to their marketing efforts.

Click Farm Operations

Click fraud can also be carried out in offshore click farm operations. These are strategically set up to produce fraudulent interactions with websites, social platforms, or ad networks. They have the sole purpose of artificially boosting, manipulating, or distorting the status of a product or service.

Operating out of remote locations where they are not likely to get in trouble with the authorities, these for-hire nefarious organizations employ blackhat tactics to generate fake traffic, which may consist of a combination of human and robot interactions.

Methbot Networks

With billions of dollars at play, cyber criminals are highly attracted to and always looking for ways to game the digital advertising and pay-per-click industry.

It’s estimated that methbots are responsible for an estimated 200 to 300 million fraudulent digital ad impressions per day across thousands of domains and networks. Designed to evade detection and fool viewability measurements, these methbot networks use distributed applications and bots to impersonate legitimate websites and users. Through this process, they extract millions of dollars from various ad network ecosystems.

It is the responsibility of marketers to use comprehensive bot fraud detection technology to monitor paid traffic. That way they can assure that they know exactly what kind of click they are buying.

Pesky Lookie-Loos

Pesky lookie-loos tend to be the type of wishy-washy individuals who have no intention of buying but are glad to repeatedly clicks on ads.

These users tend to be intensely curious, but certainly are not buyers. They will often conduct multiple web searches and click on an ad numerous times without ever making a purchase.

Depending on the business product or service margins, failing to manage or eliminate these clicks from campaigns can have a significantly negative effect on profits. This may not be alarming for companies that bid on low cost-per-click campaigns. But advertisers for high cost-per-click campaigns have to look at managing these sources that drain their marketing dollars.

Disgruntled Customers

Unhappy consumers can be another source of wasteful clicks that many marketers fail to identify. All savvy business owners understand that it’s impossible to please all customers. Complaints are a natural part of any business. Although most consumers don’t understand PPC marketing models, disgruntled sociopathic ones that do have been known to pose a considerable threat to marketers. Beyond just writing bad reviews online, an angry customer might repeatedly click on your ads to rack up your costs.

Shady Publishers

Shady ad publishing websites and mobile apps have been known to implement deceitful methods to superficially bolster the performance of their platforms. Many of these rely on bogus traffic that mimics human behavior. Even big networks like Google Ads are known for turning a blind eye to allow low-quality publishers on their network. These same sites would never make it through Google’s criteria to appear in search.

Shadowy organizations or hackers are often responsible for this type of click fraud and take advantage of the common but false assumption that all clicks come from relevant sources. These groups set up websites and bombard them with huge amounts of bot-generated traffic. Once they have the required statistics, these websites join ad networks as publishers. Then they start monetizing on false clicks at the expense of unsuspecting companies.

At first glance, these websites seem like a great, high-traffic source of ad views. But they will quickly prove themselves to not be a reliable source of conversions. If you check your traffic analytics and notice a lot of strange-sounding domains, you may want to do some more research. Check some of these high-traffic websites and look for the warning signs of a money-hungry publisher. They will include low-effort or copy-and-pasted content and an overabundance of ads on the site. Savvy internet users may be able to immediately identify one of these sites as shady, just by the look of it.

The Challenge of Identifying Illegitimate Clicks

No doubt about it, ad click fraud can be extremely damaging to advertisers. When effectively executed it dangerously blends in with regular traffic. SOme of the most obvious ways to identify it is through network grading, behavioral analysis, and device signature tracking. Bots, competitors, and other sources of invalid traffic often originate from low quality networks. These can behave differently when compared with legitimate users.

Unfortunately, most marketers will remain vulnerable to these money-wasting interactions unless they learn how to identify the signs. Not only that, marketers must also take into account the fact that criminal organizations and competitors will be motivated to overcome new detection measures, so safe-keeping their budget will require ongoing efforts.

Besides the fact that click fraud is hard to identify, the lack of standardization and overall quality control in the PPC industry also plays an influential role in the ubiquitous expansion of increasingly more expensive but useless traffic. Marketers need to make it their responsibility to continuously invest in security plans designed to protect their campaigns. But this also means that they need to overcome specific setbacks in order to adequately safeguard their budgets.

Despite these challenges, it is possible to identify and prevent click fraud. But, it is very important to realize what lies in your way.

Some of these challenges include:

Creative Fraudsters

Criminal organizations are aware that advertisers are trying to protect their campaigns against illegitimate clicks. These illicit groups actively seek to break down any security measure put in place by marketers. And most of the time, they are successful in one way or another.

A great example is the evolution of malicious bots. In their early days, criminal rings employed simple bots that only had the ability to run a query and click on an ad. At the same time, click farms and malicious bots often operated from a single source that was relatively easy to identify. So setting up a few filters was enough to keep them at bay.

However, nefarious parties are continuously investing copious amounts of resources into developing complex bots that can hijack devices in order to use them to generate invalid traffic without the owner’s consent or knowledge. These bots can also click on ads and interact with landing pages similarly to a human. It is more and more difficult to tell robots and real users apart.

No Unified Guidelines

Considering the fact that digital advertising is not even three decades old, it’s impressive how quickly it has transformed into the most popular advertising channel in the world. Regrettably, the fact that online advertising spread so quickly also means that there was little-to-no standardization on the multitude of platforms that emerged.

Some organizations such as the Association of National Advertisers (ANA), the Internet Advertising Bureau (AIB), and the American Association of Advertising Agencies (4As) are working to establish better standards across the PPC industry. But the truth is that most publishers and ad networks only adhere to their own internal standards.

Together, these three organizations have created the Trustworthy Accountability Group (TAG), which aims to certify legitimate ad sources and place them on a whitelist that is accessible to all companies looking to advertise online. Nonetheless, not all ad networks are keen on joining this accountability program, which has led to the diversification of standards across the industry. As for 2018, only about 100 companies are registered. Besides creating a massive problem with compatibility, this also represents a huge issue for marketers because they have to learn the kinks and specific details of each ad network they work with.

The establishment of unified guidelines hopes to improve security standards and force networks to inspect sourced traffic from third-parties in order to meet quality requirements. Advertisers need to pressure publishers to participate in accountability programs like TAG to guarantee a safe advertising ecosystem.

Lack of Reliable Default Security Features

Another reason why illegitimate clicks represent such a notable threat is that publishers and ad networks fail to implement effective mechanisms that actually help advertisers. In many cases, it seems relatively easy for ad vendors to make these options available. This has led many marketers to believe that ad networks and publishers should also be held accountable for illegitimate clicks.

Merchants believe that platforms like Google Ads should give them the ability to block and control traffic to really put advertisers in the driver’s seat. After all, businesses tend to invest a substantial amount of money into PPC ads. Giving them the ability to place restrictions on certain IPs and implement other effective filters seems like an obvious choice.

The typical filters and traffic-management mechanisms provided by Google often leave a lot to be desired. It’s true that the platform features geo-targeting and keyword filters, but many advertisers still see clicks that come from untargeted locations or for irrelevant search terms. To overcome this particular setback, marketers are forced to turn to third-party security systems. These actually set strict parameters that must be met in order for an ad to be displayed.

How to Identify Illegitimate Clicks

There are some ways to manually check whether your ads are the victim of click fraud. This will depend greatly on what kind of fraud you are suffering from. Some forms will be less obvious than others.

Identifying Competitor Clicks

Clicks from competitors could be fairly obvious. Unfortunately, Google does not give IP addresses of users who have clicked on your ads. But by downloading your site visitor analytics, you can sort by IP address and identify IPs that have visited your website multiple times within a month. Checking some of these IP addresses to see if they are blacklisted by anyone will tell you whether you should exclude these addresses on future ad campaigns. You need to use some discretion here, and it will be a lot of work, but there is no tried-and-true way to do this manually in an effective way.

If competitors visit your site from their own offices, a geographic or IP address breakdown may show a high concentration of visits in the cities their offices are located in. You won’t know for sure because IP address can only identify the approximate area of the user, but it can give you an idea if you suspect competitor clicks.

Another sign pointing toward competitor click fraud may be that your ads receive a high volume of clicks right when they go live for the day, or around the start of the work day. To prevent your ad from showing at relevant times, competitors will click on your ads earlier in the day, thus maximizing their sabotage.

Identifying Shady Publishers

Simply look in the Placements section of Google Ads, which shows any websites in which your ad received an impression. Check some of the top-traffic websites, and see if they seem legitimate. If the website doesn’t look familiar to you, dig deeper. You may find that the site lacks substance, is full of ads, or that the domain was registered just days before! While some of these signs will be fairly obvious, having a bit of internet know-how, and being able to identify a potentially fake website, will be a valuable skill. If you notice a lot of these websites costing you money, you should consider investing in PPC fraud protection.

Identifying Other Forms of Click Fraud

Unfortunately, other forms of click fraud are less obvious, because they aim to mimic human behavior. Knowing your customer journey and keeping an eye out for anomalies can help, but having a click fraud detection software will be the most useful tool for identifying and stopping these smarter forms of fraud.

Why The Need to Monitor and Audit Ad Clicks?

Illegitimate and fake clicks present an intangible threat. A lot of marketers and business owners have trouble visualizing their detrimental effects. However, that doesn’t mean that these interactions are to be taken lightly given the fact that click fraud can completely drain a company’s budget or fully derail their digital marketing strategies.

What’s even more worrisome is that a lot of marketers simply choose to accept and coexist with these erroneous clicks, even with obvious and negative effects. Most continue to accept the nuisance and keep throwing money away because they’ve come to accept click fraud as just part of the cost of doing business. But when $1 of every $3 spent on ads comes from fraudulent clicks, this cannot be ignored!

Proactively monitoring, auditing, and protecting a campaign’s paid clicks can significantly improve both the short and long-term profitability of the overall marketing efforts. Advertisers who think ahead and invest time and resources into deciphering ways to reduce, prevent, and eliminate fraudulent clicks may discover that large swaths of their advertising efforts are subjected to these invalid interactions.

In other words, proactively looking to eradicate illegitimate clicks can liberate a large part of a marketing budget, which can be reinvested into improving operations across the board. Investing in fraud protection can greatly increase ROI. With a significant ad budget, the price of a protection plan will be nothing compared to the amount of ad spend saved.

Combating non-revenue generating clicks is also important because of the following:

The Majority of Internet Traffic is Not Human

As already mentioned, most internet traffic is not generated by humans, but by bots. And even though some aspects of websites are built specifically for robot traffic, of course companies want to advertise their services to people rather than software.

Companies that use the CPM bidding model should always try to implement preventive measures against undesirable, fraudulent click sources, as their campaigns are much more vulnerable to bot-based interactions when compared to PPC ventures.

Because CPM relies on impressions, even good bots can increase a campaign’s overall costs by simply running the same query multiple times.

False Clicks Consume Valuable Resources

Illegitimate and fraudulent clicks are a known problem, but their full scope is yet to be fully understood. Recent studies have found that in some cases, false clicks can account for up to 90% of the total registered interactions. This creates a huge paradox for advertisers, seeing as they often assume that their campaign failed because the marketing plan didn’t have the right structure or budget. Nonetheless, the reality is that many advertising campaigns fail to produce results simply because they are victims of fraudulent clicks. Having a protective system in place that automatically filters out worthless traffic gives advertisers more control over their clicks and budget which should also boost the performance of their campaigns.

Illegitimate Clicks Raise Conversion Costs

A lot of companies focus on relatively superficial metrics like CTR, but seasoned marketers turn to meaningful statistics that prove the profitability of their efforts. Invalid clicks may improve cosmetic numbers for those looking to boost traffic, but they also have a warping effect on important figures meant to give a true indication of the effectiveness of marketing campaigns.

The reason behind this is that intricate statistics tend to take into account more than one action or piece of information. For instance, CTR calculates the percentage of times a user clicked on an ad, while stats like conversion rates contemplate actions that are taken after the initial click. Even when nefarious sources are working on developing bots that imitate human behavior, there is a limit as to how convincing these may be. For example, a robot will never make a real purchase.

While illegitimate clicks can saturate CTR and other superficial figures, they also increase the cost for each legitimate conversion. If you are not happy with your customer acquisition cost (CAC), you will want to identify if click fraud is impacting your ability to find leads.

Misleading Data Distorts Campaign Metrics

One of the many reasons why digital ads revolutionized the marketing industry as a whole is that they allowed advertisers to closely monitor and track the performance of their campaigns in near real time. If significant amounts of the clicks and overall traffic data marketers are analyzing does not come from legitimate sources, then the statistics being used to set performance metrics are essentially worthless.

Campaigns that are optimized with erroneous data have a very low chance of actually becoming profitable. Even when these marketing endeavors produce results, the optimization process is driven by illegitimate data, which simply distorts the information collected. There is so much more potential out there!

Image a world in which illegitimate clicks and impressions are not a part of doing business, and marketing models can be created assuming that an ad is being interacted with by sources who are actually interested in it.

Entices Spending On Fruitless Activities

Besides misleading statistics, a surge in clicks that actually hold no marketing significance can encourage companies to spend valuable resources and efforts on non-revenue generating activities. A lot of small businesses rely on compact teams that usually share responsibilities. They outsource a portion of their operations, and spend a significant amount of time developing strategies.

Advertising and sales teams may invest large chunks of their time pursuing bogus prospects acquired through click bot traffic that is designed to mimic user behavior by filling out lead forms, rather than focusing on landing real customers. Therefore, a sudden rise in clicks and leads due to non-revenue generating bot sources can actually divert attention from legitimate prospects. This is highly detrimental to small teams and companies with minimal budgets. They will find it difficult to pivot out of the situation.

In addition to their workers’ time being wasted, deceptive bot clicks may encourage businesses to waste valuable resources on optimizing high-traffic, low-performance campaigns in hopes of improving conversion rates. Operating under the assumption that click fraud doesn’t exist is almost as dangerous as click fraud itself!

Advertisers and Consumers Suffer the Consequences

The two parties that suffer due to illegitimate clicks are advertisers and consumers. Getting these clicks may sabotage an advertiser’s entire campaign and burn through their marketing budget in a heartbeat. From a consumer’s perspective, the problem is less evident but also destructive.

Consumers suffer because the costs of click fraud could be passed down to the products and services they are buying. The bigger the problem of click fraud, the higher the customer acquisition cost is. What this means is that to increase profit margins, a company may need to raise prices.

This puts the negative effects of click fraud onto the consumer.

How Much Much Money is Being Wasted?

Fraudulent and illegitimate clicks as a whole can cost marketers a serious amount of money. Recent estimates suggest that ad fraud alone could cost an astounding $19 billion in 2018. Some pundits expect that number to rise to a monumental $50 billion by 2025.

Putting the right mechanisms in place can diminish financial losses due to wasteful clicks. Investing in these security systems should find its place on every company’s immediate and future business plans.

It’s important to know that these estimates cover all major types of digital ad fraud, so it includes advertisers that work under different bidding models and employ various ad formats. The different types of malicious clicks include, but are not limited to:

Ad click fraud
Data fraud
Impression fraud
Conversion fraud

Ad click fraud encompasses a huge spectrum of ad formats and industries. And unfortunately, there are different challenges emerging on a regular basis. Complex robots that mimic human interactions like scrolling and clicking are just the tip of the iceberg. It would be wise for marketers to prepare their campaigns for the impending dangers brought on by these threats.

Marketers need to take precautions and effectively engage in the problem in order to protect against the potentially devastating effects of click fraud. Despite the fact that manual revisions are a possibility, they are also time-consuming and require a certain level of technical knowledge.

Therefore, the most effective way to defend against the wasteful clicks is by employing specialized security tools. These integrate with the marketing platform to audit, detect and stop them before they have a chance of interacting with an ad.

Are Ads Networks and Publishers Doing Enough?

Many advertising platforms have attempted to develop their own mechanisms to help identify and prevent false clicks. They have the aim of protecting merchants that use their network. Many of these systems rely on artificial intelligence while others employ automated filters that trigger manual reviews.

The main problem is that these systems are very ineffective and barely cover a microscopic portion of the illegitimate clicks out there. Considering the amount of money that is lost and the number of illegitimate clicks generated across the web, most marketers agree that the dubious security mechanisms that are included as a default feature within ad networks are simply not enough.

Take Google’s Ad Traffic Quality Control Center, the security system in charge of identifying illegitimate clicks and providing refunds to the companies that are targeted by these interactions.

Hypothetically, the Quality Control Center should detect false clicks and extrapolate where they come from, automatically establishing prevention measures that should stop that user from clicking on that ad again.

Yet, the system, which is partly automated, is not perfect. Many speculate that existing security systems fail because unscrupulous parties are using innovative techniques. But the truth is that ad platforms are not motivated to invest the necessary resources to find a solution that gives marketers full control of their advertising budget. After all, the more clicks you get on your ads, the more money ad platforms make!

Google and the other big networks claim to be committed to combating what they refer to as “invalid clicks” or “invalid interactions”. But their failed efforts and poor attention to the issue only serves to give advertisers a false sense of confidence. Illegitimate clicks continue to plague these platforms while generating massive profits.

Advertisers pay for most of these fraudulent clicks and will continue to do so unless they take matters into their own hands and start demanding better controls, validation, and auditing features. Existing detection methods are simply not enough. They don’t protect vulnerable small and medium-sized businesses with limited resources. These companies stand to lose the most from these illegitimate interactions.

The Silent Beneficiaries

Regardless of if they are malicious or unintentional illegitimate clicks, ad networks and publishers are the silent benefactors from these undetected interactions. Publishers get paid every time a PPC ad is clicked. It doesn’t matter whether the click was from a human or a robot.

Many believe that this is the reason why publishers and networks don’t make it a priority to address the problem. Any effective and significantly improved solution designed to reduce invalid clicks would only undercut their profits.

Shouldn’t Click Fraud Be Illegal?

It’s safe to say that most types of fraud are illegal in the vast majority of countries around the world.

Punishment ranging from a mild fine to lengthy prison time, depending on the location and the crime. Malicious clicks are a type of fraud, so it’s natural to think that they are just as punishable as any other type of scam or illegal activity.

However, this is not the case. There are numerous organizations and individuals that operate with impunity because click fraud is a gray area. That being said, no fraudster is operating with impunity. The arrest of Estonian cyber criminal Vladamir Tsastsin proves this fact.

In-Depth Knowledge

Even the most egregious of cyber crimes are often grossly underreported. This is partly because people know that local law enforcement agencies do not have the interest or resources to investigate complex cyber-crimes. At best, ad click fraud is perceived as being a hard-to-prove malicious act or technical nuisance. It requires significant investigative efforts only a select few with in-depth knowledge possess. Click fraud is usually only investigated by the FBI (in the US), because it is so complex.

Technological Resources

Additionally, some countries are simply not very technologically developed. This means they don’t have the laws or regulating entities needed to keep a close eye on illegitimate clicks. Of course, this makes these countries more vulnerable to all types of fraudulent activity carried out online, which can directly disrupt local and regional economies. Click fraud is one of many security issues these countries can face online.

Human Capital

Authorities don’t have the human capital to respond to every single threat or suspicious activity. Especially for relatively obscure crimes like click fraud. Individual instances of fraud happen on a daily basis, all of which add up to a massive amount of money. Not only are non-revenue generating clicks hard to detect, but the required expertise makes it so that there are not enough agencies equipped to effectively track down all of these cybercriminals.

Jurisdiction

Shady organizations that specialize in finding loopholes are notorious for setting up and running click fraud operations from abroad. This is a tactic used to avoid dealing with local law enforcement agencies that may actually have the necessary resources to effectively combat the problem. Simply setting up and running an illicit operation out of the jurisdiction of the pertinent authorities can buy fraudsters enough time and opportunity to extract millions of dollars from their operations before getting into trouble (if they ever do). Finally, implementing proper tools, developing training programs, and establishing a click-fraud defense protocol might also spark an intense political debate that could be slow to resolve.

The Impact of Click Fraud on Different Industries

Practically all companies that run PPC campaigns are affected by some form of illegitimate clicks or otherwise useless traffic. Yet, there are some businesses that are hit by false interactions much harder than others because of the nature of the industries they operate within. Determining which verticals are affected the most by illegitimate clicks comes down to two factors, which are the amount of traffic that a particular industry generates and the cost-per-click of the keywords that are relevant to it. The higher the cost-per-click, the more damage that can be done, with less resources. Companies that bid on high-value keywords are more likely to have a monumental marketing budget. This increases the chances of attracting unscrupulous organizations and unethical competitors that are willing to do anything to gain an advantage. A study conducted by Bloomberg in 2015 confirms this claim, declaring that the industries that are hit hardest by click fraud are:

Finance (22% bot traffic)
Family (18% bot traffic)
Food (16% bot traffic)

The three verticals above encompass a huge collection of topics and sub-industries that include private consultants, banks, hotels, restaurants, bars, hospitals, food manufacturers, spas, healthcare clinics, and lenders, just to name a few. Because of the way these are intertwined with other industries, the negative effects caused by illegitimate clicks have the potential to shift regional financial landscapes as a whole. Bloomberg’s report covers a total of 18 verticals, so it’s also worth noting that the three industries that are affected the least relate to entertainment and educational activities. These industries may generate a huge number of searches on a daily basis. But they have a low price tag because most users that run these queries have little to no purchase intent. The three industries that are affected the least by click fraud are:

Sport (3% bot traffic)
Science (3% bot traffic)
Info (2% bot traffic)

Besides the fact that these keywords have a low CPC, these industries lack true marketing potential because they are extremely broad. That said, some of these verticals go through seasonal peaks. Large events like the football World Cup or a revolutionary scientific breakthrough could change traffic patterns.

Combating Fraudulent Clicks: What Are The Options?

Illegitimate clicks and ad fraud are a harsh reality that marketers need to face. However, a lot of companies even refuse to accept or acknowledge that invalid interactions are a part of the marketing ecosystem. These organizations are destined to waste a significant percentage of their budget.

Ignoring illegitimate clicks will only bring about financial woes. Wise companies need to protect their investment and find ways to change the current environment. Bot suppliers and the parties that employ them have no incentive to change their behavior. So it’s left to advertisers to look into how to overcome this obstacle through their own means.

To abate the instances of illegitimate clicks, companies must learn everything they possibly can about this harmful practice. But they also need to remember to:

Hold the Right Party Accountable

Illegitimate clicks come from a variety of sources, but it’s very easy to blame the ad networks and publishers for the bulk of the problem. Ad placement suppliers don’t always participate in illegitimate click schemes on purpose. In some cases, these platforms just let it happen because it is good for profits. But they are not directly causing the problem.

By the time illegitimate interactions hit advertisers, they have taken their toll on the rest of the digital supply chain, so merchants, publishers, and ad networks need to work together to develop an effective solution against these money-wasting interactions.

Gain Full Understanding Of the Buyer’s Journey

Besides the fact that illegitimate clicks can occur for different reasons, all industries have unique requirements that make it impossible to create a silver-bullet solution for false clicks. Advertisers need to take a number of factors into consideration before implementing any concrete actions. The first one should always be studying all of the elements involved.

Picking out and stopping click fraud is becoming more important. But the key to discovering the bulk of these invalid interactions may actually lay with the advertisers. Bots and other sources of illegitimate traffic share a behavioral pattern. Which also means that legitimate users tend to act a certain way.

Advertisers who invest the time to gain a full understanding of their normal buyer’s journey often develop the ability to distinguish real users by their behavioral patterns and have an easier time developing protective methodologies against fraudulent clicks and interactions. For example, if most of your customers fill out a form one week after being shown an initial ad, you may want to take a closer look if there is an influx of forms submitted by users who were shown the ad just moments before the submission. Learn the patterns, and learn to identify anomalies.

Implement Third-Party Traffic Validation and Monitoring Tools

Third-party surveillance software can help advertisers combat invalid click interactions. Businesses should find platforms that allow integration with their favorite monitoring tools. In addition to providing intricate information about each ad click or interaction, some of these surveillance applications even feature automatic illegitimate click detection systems. But, businesses should beware of monitoring tools that promise to completely filter out invalid traffic through artificial intelligence (AI). Illegitimate clicks camouflage so well that generic AI-powered solutions struggle to deliver reliable results. That said, artificial intelligence can prompt manual reviews and work as a first-level filter that alerts advertisers in case a user displays suspicious behavior.

Support Entities that Seek Transparency in Paid Online Advertising

The ANA, AIB, and 4As are actively spearheading the fight against ad fraud through the creation of TAG. Advertisers have the responsibility of supporting networks and publishers that are part of these organizations, abide by the standards they propose, and endorse these entities whenever possible.

Besides creating a whitelist of reliable ad networks and publishers, TAG is looking to establish an all-around healthy and transparent marketing ecosystem. But even the biggest companies know that this objective is only achievable if the entire industry works together to tackle the root of the problem.

Unfortunately, just over 100 companies have the TAG seal of approval in 2018. So there is a long way to go in order for this to be a standard.

Create Awareness Internally

Marketers need to shine a light on illegitimate clicks and inform their peers, superiors, and stakeholders of the possible setbacks false ad interactions can cause. Regardless of size, businesses that invest in PPC should take the time to educate themselves about click fraud. Besides creating awareness of the issue in general, those engaged and involved in the advertising process can help formulate alternative solutions to effectively diminish irrelevant traffic volumes. As stated earlier, not knowing about the existence of click fraud is almost as dangerous as click fraud itself.

Run Daytime Campaigns

A study carried out by the ANA and White Ops suggests that a large portion of illegitimate traffic occurs between midnight and 7 in the morning, since this is outside of normal business hours for the unfortunate targets. These hours were determined using IP geolocation data provided by a third party.

Advertisers can significantly reduce the instances of click fraud on their campaign by only running day-time campaigns. This solution is not ideal if a business’ audience is online after midnight, but there are hundreds of industries that would benefit greatly from this practice.

Additionally, running predominantly daytime ads can give merchants valuable insight into their audience’s preferences. Advertisers can learn how to identify legitimate traffic sources and potentially set up a nocturnal campaign that is protected against wasteful interactions.

Implement Micro-Blacklisting, or Micro-Whitelisting

Depending on the ad network, advertisers may have the ability to exclude traffic sources they suspect are producing illegitimate traffic. Nevertheless, it’s a strategy that needs to be executed with careful planning in order to be successful.

Organization is an important factor when it comes to successfully excluding certain display ads publishers. Depending on traffic, merchants might need to update their exclusion list at least once per day. They need to look to gauge the true value of potentially illegitimate sources. These platforms promise and deliver thousands of visitors per day. But they may be bot-generated or otherwise useless for marketing purposes.

In very specific cases, different pages on a publishing platform may provide different types of traffic. Micro-blacklisting is the practice of excluding very specific URLs. This can help advertisers block individual pages that don’t provide profitable traffic.

The main downside to this is that your ads could be gaining impressions from thousands of sites. It will take so long to manually blacklist these domains, that just as many new fake sites will rise up in their place. Instead of excluding certain domains, you could come up with a list of several hundred domains that you trust and would like your ads to be placed on. You can manage these in the Placements settings on Google Ads. Employing this strategy could reduce your fraudulent clicks by up to to 90%, but does require a lot of manual work

Include Ad Click Fraud Protection in the Annual Budget

Advertisers should set up effective click fraud protection mechanisms. These can prevent and reduce instances of fraud in order to gain full control of their advertising platform. Most businesses already have an information security plan in place and are constantly working on constructing a safe environment. Incorporating illegitimate click protection is the next natural step in the process of developing security policies. Protecting against fraudulent ad traffic should be included in every company’s marketing budget. And it should be an important bullet point in business planning because it helps establish roles, set expectations, and determine measurements for the overall progress brought forth by those responsible for improvement and growth. A small investment in click fraud protection will result in better marketing ROI and more efficient ad budgets. Moreover, implementing ad fraud protection into a company’s marketing priorities creates awareness within the business about its internal marketing processes and sets expectations in regards to how digital advertising dollars are accounted for.

Block Specific IPs and ISP Network Ranges

It’s not uncommon for malicious sources to hijack specific ranges within an internet service provider (ISP)’s network. Skilled groups can generate thousands of fraudulent clicks from a single network. Seasoned marketers should be able to easily find information about the associated IP addresses in order to block the ISP’s network range.

In these cases, blocking individual IP addresses or entire network ranges might help advertisers avoid some click fraud. Similarly to IP or publisher exclusions, blocking low-quality ISP network ranges is risky. But if done properly, it can produce worthwhile results.

It is the marketer’s responsibility to stay alert and to know how to recognize the signs. A sudden influx of clicks from the same IP address or disproportionate amounts of ad traffic from a certain ISP might be suspicious. Its a marketer’s job to identify them as a source of malicious clicks and prevent them from damaging their campaign.

Understanding What You’re Paying For

Illegitimate traffic from fraudulent clicks can occur for numerous reasons. But the bottom line is that advertisers are exclusively responsible for understanding exactly what it is they are paying for. Regularly auditing paid clicks with the right forensic tools will help advertisers quickly spot false traffic patterns. Then they can build a truly effective defense around their marketing campaign.

Marketers need to study their audience. They should learn about every step in their buyer’s journey, and implement the technologies that allow them to quickly detect and flag traffic anomalies in order to prevent fraudulent clicks.

Great marketers can differentiate between fake and legitimate ad traffic behaviors. They can implement the right methodologies to protect against most instances of ad click fraud, thus saving their campaigns from waste in order to generate better results from their marketing efforts.

The Real Solutions to Click Fraud

Click fraud is an ever-evolving issue that plagues millions of marketers and advertisers each day. With Google not even doing everything they can to help prevent fraudulent clicks, marketers need to go out of their way to keep their ad campaigns safe.

As fraudsters have gotten craftier and craftier, advertisers have also learned. PPC fraud protection software can identify the IP address, device type, and other parameters, and check these against existing databases of known fraud. These services are also able to identify patterns and behaviors that click fraud bots exhibit, and stops them in their tracks. With wide feature-sets, these software solutions can automatically determine users that aren’t bringing value to your company, and make sure they don’t see your ads.

Here at ClickGUARD, we know all about click fraud, because we’ve experienced it. We’ve lost far too many dollars to the threat of click fraud. We don’t want anyone else to have to go through that. So we have learned how to tell the signs of click fraud, and created a software that fights against the latest forms of it.

ClickGUARD offers a proven and tested click fraud prevention service. It will increase your profit margin by 22% and increase your conversion rates by 38%. Most importantly, it will eradicate 100% of your illegitimate clicks! ClickGUARD has built a Google Ads plugin that takes into account all of the methods listed in this document. If you’ve gotten this far, then you know that click fraud is a serious risk. Contact ClickGUARD today to start your free trial, and find the perfect plan for you.