Ever since the mechanics behind ad tech (and digital marketing in general) became effective enough to be considered a reliable source of revenue, there was an issue of shady people getting into it with malicious intent and trying to make use of it the other way around.
Every year, various types of ad fraud eat up large chunks of profits. While the resistance against ad fraud is pushing back, fraudsters are keen to up the game and stakes, and it seems unlikely that ad fraud will ever go away completely. But it gets a hell of a fight.
One type of ad fraud is more common than the rest: click fraud. And while there are many click fraud software options that prevent harm, it's better to keep ourselves informed on the matter.
Click fraud is a type of ad fraud that exploits the pay-per-click revenue model by accumulating the number of clicks on ad content in a variety of ways in order to extort additional monetary benefits from advertisers.
Click fraud is one of the most basic types of ad fraud that is commonly used throughout various segments of the industry. Companies that spend upwards of $10,000 per month on Google Ads are estimated to be losing around $15,000 each year to click fraud.
The reason behind click fraud is simple – the pay-per-click model is widely used in the advertising industry, and it is relatively easy to manipulate. It's seen that on paid search campaigns, an average of 14% of clicks are attributed to click fraud.
In a pay-per-click model, advertisers pay publishers for clicks on their ads. The cost-per-click ratio (the price of the click) depends on the overall performance of an ad's content on a particular ad space calculated through a click-through rate.
Overall, it is an excellent and simple way of generating revenue. Advertisers find publishers through ad networks like Google, whose platforms are relevant to advertisers' target audiences, and put their ads there, expecting the audiences' reactions in the form of clicks. That’s where the click fraud comes in. The key is in the very model itself – it is based on easy-to-rig metrics built around clicks.
Unlike conversions or other on-site actions, clicks are abstract signifiers of an action on a particular piece of content that happened and may or may not lead to further developments regarding conversions. Because of that, clicks are easy to simulate.
It is worth noting that click fraud is much more common on mobile than on desktop environments.
There are usually two types of people behind click fraud: competitors and publishers/affiliates.
Competitors are driven by a desire to make ad tech marketing campaigns go south and lose as much money as possible. Competitor click fraud is specifically designed to derail your operation.
Usually, competitor click fraud is more of a blunt instrument than a sophisticated system. It can be sneak sabotage or a thunderous statement. Either way, its goal is more about inflicting damage than squeezing money out of the campaign’s budget.
Publisher/affiliate click fraud is a much more complicated beast. In this case, the fraudsters are parasitizing the working system. Their purpose is to siphon as much money as possible without being noticed and blocked out.
Because publishers and affiliates are paid for clicks on an ad, they are interested in keeping the number of clicks high. This is achieved by mixing the actual click flow with the simulated one.
Publisher-related click fraud usually operates at a different scale – which is smaller action-wise, but much more significant in terms of losses, due to being aimed at long-term operation.
The difference from the other types is that this type is aimed at publishers and designed to discredit their platforms. The end purpose of competitor publisher click fraud is to kick the competitor off the ad service due to bad bot traffic.
Overall, there are two big categories of click fraud: manual and automated.
Manual click fraud is simple. It usually involves the fraudulent party hiring real people to perform clicks on specific ads to bloat the performance figures and receive a bigger revenue cut. It can bring certain results but is nowhere near as efficient as an automated operation.
The extreme form of manual click fraud is so-called click farms that involve big numbers of people clicking on ads all day long.
This type of click fraud might also be well-intentioned, as many publishers use a tactic known as, “Support our website by clicking on ads.” However, these clicks are still ineffectual to a campaign's cause and must be dismissed.
Another type of manual click fraud is forced clicks, where the users are forced to click on ads because they will otherwise be unable to proceed on-site.
Automatic click fraud involves the creation and maintenance of networks of bots designed to perform certain sequences of actions that result in clicks being registered by the systems as legitimate events.
Bots are automated scripts acting as users. In order to maintain a legitimate presence and unique IP address, bot activity comes from devices infected with malware viruses. The infection comes from sneaking malicious software into devices by deception and obfuscation under the guise of legitimate software applications. In the meantime, users are blissfully unaware of what is going on.
Automatic click fraud can be further specified with the following subcategories:
The following list of techniques can be helpful in identifying and fighting against click fraud.
Ad Verification is one of the primary tools in keeping ad fraud (click fraud in particular) out of the gate. In a way, it is something of a double fail-safe tool. Basically, it helps to identify cracks in your anti-ad fraud armor.
Ad verification vendors provide performance insights with a variety of metrics, such as viewability and invalid traffic. (The nature of the metrics depends on the specification of the particular campaign.)
With assistance from these tools, you can shut down low-quality publishers and suspicious websites and perform a thorough campaign audit, which can be used in the optimization of a campaign.
The other way of avoiding the threat of getting under the click fraud attack is through cooperation with trusted advertising platforms with a good track record for being nice and clean in ad tech operations.
In essence, this approach limits the operation to big and established companies like Google, Facebook, Bing, and DoubleClick. However, it adds more certainty about where your ad budget is going and much more confidence in the fact that your ad campaign performance results are plausible and depict real situations.
Honeypots are one of the most effective ways of neutering click bots and exposing the networks behind them.
Here’s how they work. Ad servers use special ads that are not actually ads, but bluffs indistinguishable from the human user.
If a bot happens upon them and takes action, the honeypot sticks with it and does its thing, exposing the bot, and leading to its IP being blocked.
Keeping an assorted collection of blacklisted IP addresses seems to be a natural reaction toward detected click fraud activity. Maintaining a Blacklist is one of the most consistent ways to contribute to the click fraud neutering cause. It works for suspicious IP addresses, device IDs, and spotted bot signatures.
Blacklists may contain websites, IPs, and device IDs that are considered discredited with various types of fraud spotted.
While this technique works after the fact, it helps to prevent further damage from the exposed IPs and IDs.
Metrics are tricky. In order to depict the actual state of things, you need to constantly check metric accuracy and compare the results with several sources. It is never a bad thing to double-check.
When things are put into perspective, it is easier to identify where the trouble starts and take action before lasting damage is done.
Here’s a list of common suspicious activity. These patterns are definite signs of something wrong going on:
Let’s face it – the pay-per-click model is not the most efficient way of doing digital advertising.
While it provides a clear-cut revenue scheme, this model is very fraud-prone. The thing is, clicks are merely abstract signifiers of a particular type of event happening on a specific piece of ad content. On their own, they don’t mean much. What really matters is what happens after the click – whether the conversion occurs, the product is purchased, or an application is downloaded.
Because of that, instead of constantly fighting off various threats and diving deep into stats in order to recognize the bad stuff, it's more reasonable to switch from a pay-per-click to a more tangible model.
The most viable option is cost-per-action. This model takes things a step further. Instead of paying for clicks, advertisers pay for actions that occur on an advertiser's platform after the click (i.e. registering, downloading something, or filling out a form).
While no models are fraud-proof, cost-per-action provides more tangible metrics that keep fraudulent activity out of the equation and pay only for relevant results.
If click fraud episodes occur frequently and there are clear tendencies regarding which elements of ad content are affected, it means you need to take more strategic action. You need to readjust your targeting and shift focus to more reliable audience segments.
One of the reasons why click fraud is enabled is insufficient targeting that includes suspicious and unreliable audience segments from problematic geographic regions where click farms are usually situated.
In order to take them out of the equation, make a couple of tweaks in your campaign settings and exclude certain regions and languages from the targeting operation. This can go as far as to block specific cities and zip codes.
Targeting adjustment is often combined with maintaining the IP, ID, and bot blacklists previously covered.
So we know that detecting and preventing click fraud is crucial to cut losses. But how do we label software as click fraud software?
To qualify for inclusion in the Click Fraud category, a product must:
* Below are the top five leading click fraud software solutions from G2’s Fall 2022 Grid® Report. Some reviews may be edited for clarity.
AppsFlyer is the top-voted choice for professionals who are seeking innovative, privacy-preserving fraud protection. It aims to provide exceptional experiences to its customers while upholding their privacy.
What users like:
"The USP of Appsflyer is that it is very user-friendly for the Marketeers and affiliates. Regarding the data, the reports and dispositions are very apt and easy to understand. Another plus point is the support system of Appsflyer. It is very swift and helpful."
- AppsFlyer review, Bharat M.
What users dislike:
"They usually charge an additional cost for tracking web data, whereas GA is free for both app and web. Hence, I would recommend AppsFlyer to sell this in one package only."
- AppsFlyer review, Rakesh Loutan R.
CHEQ ClickCease is a click fraud detection, prevention, and protection service software. ClickCease offers real-time campaign monitoring to make sure the bad bots don't bite.
What users like:
"We highly value ClickCease as a tool for our agency's clients. Especially the clients that face very high CPCs and great competition save a lot of money by filtering out clicks from irrelevant traffic sources. We as an agency also value the personal support and assistance from the ClickCease team"
- CHEQ ClickCease review, Andreas B.
What users dislike:
"I would love to see an option to apply settings across the whole account as well as individually per campaign. Also, if the average CPC could be pulled in automatically from Google Ads, that would be a great time saver. The option to block/allow certain regions/counties, as well as countries, would be fantastic."
- CHEQ ClickCease Review, Mike C.
CHEQ Paradome helps you recognize and fight fake traffic, and protects your CPCs from wrecking your budget. Paradome is designed as a cybersecurity platform specifically for marketers.
What users like:
"Real-time click fraud and spam blocker protection. Great if you do a lot of paid campaigns on various platforms such as Google Ads/Display/Bing. It also monitors organic fraudulent traffic as well."
- CHEQ Paradome review, Teerawat T.
What users dislike:
"It's kinda tricky to get an exact measurement of the software's ROI, but through careful planning, you can obtain a solid signal."
- CHEQ Paradome review, Tony M.
You can monitor click fraud and traffic activity in real time with Lunio. This software is great for filtering out click fraud activity based on the data it collects.
What users like:
"Lunio helps manage click fraud for our clients' Google Ads accounts and is effective. Clients love the added benefits that our agency is able to provide by using Lunio and the customer service is top tier with our answers being addressed quickly."
- Lunio review, Jacob W.
What users dislike:
"The ability to pull data from the platform can still be improved. Account managers are helpful with this data if needed, but I'd rather be able to pull it directly."
- Lunio review, James P.
Singular provides marketers with a birds-eye view of marketing ROI and traffic data, along with amazing fraud protection.
What users like:
"The experience with Singular has been excellent. Starting from their customer support which has been very helpful during the onboarding process to the perfect integration they have with all services and all these at a correct price. If you are looking for a partner that delivers high-quality attribution and a complete view of all your ad data, look no more."
- Singular review, Vlad A.
What users dislike:
"That raw data cannot be exported after a 3 months window. Moreover, the total number of events that can be tracked by singular is less. They need to increase the count."
- Singular review, Nalin J
Click fraud is one of the more elaborate types of ad fraud out there. It exploits unsuspecting users and, as a result, manages to wreak havoc on marketing campaigns with significant losses.
One of the key things to remember about click fraud is that it isn’t going away. It is one of those things that will always turn up one way or another, but that doesn’t mean you have to kneel before it. Quite the opposite, actually.
If you apply a set of the aforementioned techniques, the impact of click fraud on you will be significantly lessened and, in some cases, even neutered.
Want to know more about keeping your organization's data safe? Read more on how encryption is a must-have in today's digital landscape.
This article was originally published in 2019. It has been updated with new information.
Keep phishing attempts at bay with email anti-spam software.
Volodymyr Bilyk is a content marketing manager at The APP Solutions. He likes to explore and explain the hows, whats, and whys of the world of technology, and he can't live without challenging himself to know more. He moonlights as a fiction writer and explorer of the further regions of language. His most recent book is entitled, "Roadrage."
Keep phishing attempts at bay with email anti-spam software.
Mobile advertising is at an all-time high and shows no signs of slowing down.
by Jagmeet Singh
Online advertising is huge. And so are ad frauds.
by Volodymyr Bilyk
Remarketing is the reason you end up seeing so many relevant ads on random pages after paying...
by Ricky Wang
Mobile advertising is at an all-time high and shows no signs of slowing down.
by Jagmeet Singh
Online advertising is huge. And so are ad frauds.
by Volodymyr Bilyk
Never miss a post.
Subscribe to keep your fingers on the tech pulse.
