What is the difference between click fraud and low quality visitors?

April 20, 2022 ∙ 3 minute read

In this article we explain the basics of online advertising, take a deep dive into click fraud and provide examples of two click fraud techniques, explain what a low quality visitor is, and finally summarize the difference between click fraud and low quality traffic.

The basics of online advertising

Let's imagine you open a pizza delivery restaurant in Brooklyn, New York. You do some research and discover 25% of your potential customers do a Google search for "pizza delivery brooklyn" before ordering a pizza.

You go online, search for "pizza delivery brooklyn", and notice your website appears on page 11 of Google's search results, making it virtually invisible to potential customers. To get around this, you decide to buy your way onto the first page by advertising your restaurant using Google Ads.

Google Ads is an online advertising network. The basic idea is you choose which keywords you want to target, and agree to pay a certain amount of money every time someone clicks on your ad.

You go to the Google Ads website, open an advertiser account, and create an advert. You target the keywords "pizza delivery brooklyn", "brooklyn food delivery", and "brooklyn best pizza", and agree to pay Google Ads up to $3 every time someone clicks on your ad.

Your ad will appear on Google's search results, and on what's called the "Google Display Network". The Google Display Network are websites which display advertisements from Google Ads. For example, your favorite news website is probably part of the Google Display Network, and shows ads every time you read an article.

Publishers can join the Google Display Network by going to the Google Ads website, opening a publisher account, and asking Google for permission to display other people's ads on their websites. Once approved, they're given a small piece of code they add to their webpages. This code fetches ads and displays them to visitors.

Publishers earn money every time someone clicks on an ad. For example, if the pizza delivery advert you created earlier is displayed on a publisher website, and the visitor clicks on the ad, Google Ads will charge you around $3, and will transfer around $1.80 to the publisher.

As you can see, there are three parties involved in the online advertising process: the advertisers who pay money to have their ads displayed online, the publishers who earn money by displaying other people's ads on websites, and the ad networks who sit in the middle, keeping around half of the advertisers money for themselves.

What is click fraud?

Corrupt publishers have realised it's pretty easy to earn money by clicking on the ads on their websites. These worthless clicks are known as click fraud, and they cost advertisers at least one hundred billion dollars every year. Click fraud is a massively lucrative crime, and there are lots of people getting away with it.

If the publisher simply clicked on the ads using his own computer, he would get caught by the ad networks, as there would be too many clicks coming from his browser and IP address. Therefore the publisher will try to make every click appear to come from different computers and different IP addresses.

A simple way to do this is to go to friends and family and use their computers to click on the ads, but this requires a lot of effort and would not be profitable. Therefore a common technique is to use "bots" - software imitating humans - to click on the ads.

The publisher pays a programmer to make a bot which will visit his website, click on an ad, and then browse around the advertiser's website. To make the clicks seem genuine, the bot visits the publisher's website every few seconds, but only clicks on the ads every now and then. Additionally, the bot routes its traffic through random residential proxies (other people's home IP addresses) to ensure a different IP address is used for each visit. The bot would be configured to randomly change its appearance so every click looks like it's coming from a different computer.

This may sound complicated, but it's actually quite easy. Google has built and maintains software called Puppeteer which is perfect for simulating human visitors, and there's a plugin called puppeteer-extra-plugin-stealth which makes it difficult to detect a bot is being used. There are many companies advertising residential proxy services on Google, often with prices as low as $300 which is enough for tens of thousands of fake clicks.

The programmer builds the bot, puts it on a server, routes its traffic through residential proxies, and it visits the publisher's website to engage in click fraud.

Another common click fraud technique is to send real visitors to the publisher's website, and use technology and trickery to force an ad click.

The advantage of this technique is no bots are used, so the fraud bypasses all bot detection systems. The disadvantage is its cost: the criminal needs to send real traffic to his website, which is more expensive than building a bot and using residential proxies.

The publisher buys website traffic and sends the visitors to his website. The ads on his website display as normal, however there is a secret ad hidden in an invisible iframe. This ad follows the visitor's mouse, so if the visitor clicks anywhere on the website, he will inadvertently click on the ad.

For this technique to work, the website must trick the visitor into clicking somewhere on the webpage. For example, an image might appear on screen saying a virus is downloading, and the visitor can stop the download at any time by clicking a cancel button. When the visitor clicks cancel, he unwittingly clicks on the ad. The advertiser's website is then displayed in the invisible iframe.

Polygraph is able to detect the two click fraud techniques described above.

Do the ad networks detect click fraud?

Most ad networks do a bad job at detecting click fraud. An argument could be made that the ad networks have a conflict of interest - they get paid for every click, real or fraudulent - so what's their incentive to prevent click fraud? Certainly it's peculiar a small cybersecurity company like Polygraph is significantly better at detecting click fraud compared to the ad networks.

What is a low quality visitor?

A low quality visitor is a real click which won't convert into a sale. This includes:

  • A person who accidently clicks on your ad.
  • A person who clicks on your ad, but after visiting your website realizes your service or product isn't what he's looking for.
  • A person who clicks on your ad, but gets distracted and doesn't proceed past the landing page.
  • A person who clicks on an advert which has been misconfigured, and as a result is being shown to irrelevant visitors. For example, showing your pizza restaurant ad to people outside the US.

As you can see, these are real people clicking on the ad, however they are low quality clicks and waste your ad budget.

You can improve click quality by ensuring your ads are configured correctly, and by creating a pleasant, relevant, well designed, and well written landing page.

Conclusion

Click fraud consists of fake clicks on online ads, and the visitors will never convert into a sale as they're either bots or people who don't even realize they've clicked on your ad. To protect yourself against click fraud, you need to use a click fraud detection and prevention service like Polygraph. It's a mistake to rely on the ad networks, as most do a poor job at preventing click fraud.

Low quality clicks are real clicks by real people, but they will never convert into a sale. The clicks are valid, so the only control you have over them is to ensure your ads are configured correctly, and provide a positive landing page experience for the visitor.