Click fraud is a massive problem, and is costing many advertisers up to 80% of their ad budgets. In this article we explain what is click fraud, how criminals earn money from click fraud, and then discuss two strategies for preventing fake clicks on your ads.
What is click fraud?
There are three main players when it comes to online advertising: the advertisers, the publishers, and the ad networks. Advertisers pay money to have their ads displayed online, publishers earn money from displaying other people's ads on their websites, and ad networks sit in the middle, taking money from the advertisers and sharing it with the publishers.
Advertisers usually have to pay a small amount of money to an ad network every time someone clicks on one of their ads. For example, a flower store in New York might pay Google Ads $5 every time someone clicks on their "Buy Flowers Online In New York" ad. If the click happens on a website run by a publisher, Google Ads will share the $5 with them, typically in a 60/40 split, with the majority going to the publisher.
This business model has caught the attention of criminals, and they've realised they can make thousands of dollars per day by posing as legitimate publishers and repeatedly clicking on the ads displayed on their websites. These fake clicks are known as click fraud (or ad fraud), and they're costing advertisers billions of dollars every year.
You can read more about click fraud in our in-depth article What is click fraud?
How do criminals earn money from click fraud?
Criminals open publisher accounts at the ad networks, and use those accounts to display other people's ads on their websites. They then click on the ads to earn income. If the criminal repeatedly clicked on the ads using their home computers, the ad networks would detect this, and their account might be closed, so instead they use technology and trickery to make the clicks appear as if they come from real website visitors.
There are a number of ways to generate fake clicks, but a common one is to use bots (computer programs posing as humans) to visit the criminals' websites and click on the ads. Typically the bots will be running on a server, but their traffic will be routed through "residential proxies" (innocent people's computers) to make the clicks look like they come from real people. This may sound complicated, but it's easy to find bot creators and residential proxy services using a google search.
The bots visit the criminals' websites tens of thousands of times per day, and occasionally click on the ads. By keeping the number of clicks low (roughly 5% of visits will result in a click), they maintain the facade that these are real people visiting the website.
Every time there is a click on an ad, the ad network charges the advertiser, and transfers a portion of the money to the criminal.
Click fraudsters usually have multiple websites displaying ads, so the amount of money being stolen from advertisers is huge.
Why aren't ad networks detecting click fraud?
Most ad networks do a poor job at detecting click fraud. A cynical person might say this is because they aren't incentivised to do anything about it, as they get paid for every click, real or fake. To quantify the extent of the problem, below are the click fraud rates for the main ad networks in early February 2024:
- LinkedIn: 48%
- Facebook: 36%
- Bing: 29%
- Twitter: 26%
- Google: 12%
Polygraph reverse engineers click fraud bots, researches and develops novel click fraud techniques and how to detect them, monitors the activities of click fraud gangs, and interviews current and former scammers to understand the state of the industry. We're a small cybersecurity company, yet we're magnitudes better at detecting click fraud compared to the ad networks.
A simple way to prevent click fraud
This method isn't foolproof, but it'll get your click fraud rate down to single digits. Limit your advertising to search ads only, turn off the display network and search partners, and ensure your target audience have known genders and ages. These changes prevent your ads from being shown on click fraud websites, and reduces the risk of bots clicking on your ads. You'll still have an issue with retargeting click fraud, which can be prevented using Polygraph.
The best way to prevent click fraud
As stated in "A simple way to prevent click fraud" above, limiting your online marketing to search ads will greatly reduce your exposure to click fraud, but you'll still get clicks from bots trying to force - via retargeting - your ads onto scam display websites.
Polygraph detects the fake clicks on your search ads, and helps you see which search terms the bots are using to trigger your ad keywords. By adding these nefarious search terms as negatives, the bots can't see your ads anymore, which means no more click fraud.
Additionally, Polygraph shows you which scam websites are clicking on your ads, which ad networks are ripping you off, and also gives granular details of every fake click, including why it was flagged as fraudulent. This data can be used to get refunds from the ad networks.
Conclusion
Click fraud is costing you money, and it's a mistake to rely on the ad networks to protect you. If you limit your advertising to search results only (exclude publisher websites and search partners from displaying your ads), you will greatly reduce the amount of click fraud you receive. However, you'll still get retargeting click fraud, which can be a significant problem.
The best solution is to use a click fraud detection service like Polygraph to ensure your risk is minimized. Polygraph helps you avoid click fraud by giving you insights into which of your ad keywords are being targeted by criminals, and prevents bots from seeing or clicking on your ads.