What is click fraud?

March 17, 2022 ∙ 5 minute read

You've probably heard of click fraud, but aren't really sure how it works, who's doing it, or why they're doing it. This article will answer those questions, and clear up some myths and misconceptions about modern day click fraud.

The basics of pay-per-click (PPC) advertising

Before explaining click fraud, we need to be sure we understand how PPC advertising works. We'll use a fairly simple example to get the main points across.

Tom owns a website which sells luxury shoes. He wants to attract more visitors, so he registers an account at Google Ads, creates an advert for his website, and asks Google to display his ad across the internet. Tom will have to pay up to $50 every time someone clicks on the ad, as the luxury shoes ad space is very competitive, with a lot of advertisers competing for our attention.

Jerry runs a popular fashion blog and wants to earn money through advertising. She registers an account at Google Ads, but instead of creating an advertiser account she creates a publisher account. That means she can display other people's ads on her website, and will earn money every time an ad gets clicked. For example, if a person goes to Jerry's blog and searches for "luxury shoes", Tom's ad might appear. If the visitor clicks on the ad, Tom will be charged $50. This $50 is split between the ad network and publisher: Google Ads keeps around 40%, and the rest goes to Jerry.

The problem with PPC advertising

PPC advertising works very well, but there's a problem with fake clicks, otherwise known as click fraud.

Organized criminals are creating publisher websites, sending large amounts of traffic to those websites, and using technology and trickery to generate fake clicks on the ads. This is costing advertisers at least USD 100B every year, and making the criminals (and ad networks!) very rich.

The anatomy of a click fraud gang

Click fraud gangs consist of the leaders, software engineers, account managers, and digital marketers. The leaders are criminals, usually with ties to organized crime. Their role is to come up with the overall fraud, and to manage the various team members. The software engineers create websites, research and develop click fraud techniques, and manage the server infrastructure. The account managers are responsible for the relationships with the various ad networks. This includes opening the publisher accounts and handling all communications. The digital marketers research which ad keywords should be targeted.

The click fraud process

When the criminal gang have a publisher account and a website to display ads, they can begin the click fraud process.

  1. The software engineers create click fraud bots, typically using a bot framework like puppeteer-extra and its stealth plugin, and sign up to residential proxy services so the bots can change their IP addresses every time they click on an ad.
  2. The digital marketers generate huge lists of search terms the bots will target.
  3. The bots go to the gang's websites and click on the ads.
  4. The bots occasionally submit fake leads at the advertisers' websites, as this makes the traffic seem real.

The gang's bots generate hundreds of thousands of fake clicks every day, and at the end of the month the fraudsters receive a pay check from the ad network. Most fraudsters have hundreds of publisher websites, so their profits are enormous.

Click fraud targets specific keywords

The ad keywords targeted by cybercriminals aren't random, and almost always have a high cost per click (CPC). The industries targeted are broad, and include finance, travel, education, technology, home services, insurance, online shopping, and many more.

Why click fraud remains undetected

This is the 100 billion dollar question. It's certainly peculiar that a small cybersecurity company like Polygraph is magnitudes better at detecting and preventing click fraud compared to the advertising networks. In fact, most advertising networks have little to no click fraud detection at all.

A possible explanation, albeit cynical, is the ad networks get paid for every click, real or fake, so they have no incentive to do anything about it.

How to stop click fraud

Polygraph are experts at detecting and stopping click fraud. We monitor click fraud gangs, so we understand the techniques they use, and we know how to detect and block them. As a Polygraph customer you can see which of your ad keywords are being targeted by criminals, how much fraud you're receiving from each ad network, and the details of every fake click so you can apply for refunds from your ad network. We also research and develop novel click fraud techniques, including how they can be detected, so our service is able to stay one step ahead of the fraudsters.

Polygraph's most powerful weapon is re-training the ad networks to send you real traffic and high quality leads. We do this by detecting the bot clicks on your ads, and blocking those bots from submitting fake leads or generating other no-cost conversions. The ad networks' algoritms are trained using your website's conversion signals, so if you don't block the fake leads, you're training the algorithms to continue sending you bots and fake leads. Polygraph blocks the fake conversion signals so the ad networks are trained using real data only. This greatly reduces the number of fake clicks on your ads, increases the number of real leads, and reduces your customer acquisition cost (CAC).

Learn more about why click fraud bots submit fake leads and why you should care about it.

Other types of click fraud

There are a few other types of click fraud worth mentioning, although they account for a small percentage of the click fraud you are likely to experience. Competitors sometimes click on each other's ads, with the goal of draining each other's ad budgets. This type of fraud is sometimes detected by the ad networks, and some of the clicks may be automatically refunded. Another type of fraud which is sometimes discussed in the media is "click farms" which consists of dozens of phones and laptops connected to the internet, and a team of people clicking on various ads throughout the day. In reality, this type of setup is rare, and has been replaced by the type of fraud discussed in "The click fraud process" section above.

Another type of click fraud, which accounts for a significant number of fake clicks, is retargeting click fraud.

Conclusion

Click fraud is a sophisticated crime, with teams of marketers, software engineers, and account managers working together to defraud advertisers. Most fraud happens on publisher websites, as that is how criminals profit from fake clicks, however retargeting click fraud continues to grow, and it affects both search ads and display ads.

Polygraph can help you detect and prevent click fraud.