In this short article we explain what is click fraud, give an example of a typical click fraud process, and reveal why click fraud is causing marketing e-mails to be opened by bots.
What is click fraud?
Click fraud is an online scam which steals billions of dollars from advertisers every year. Criminals create websites and monetize the content using advertisements, but instead of waiting for people to visit their websites and click on the ads, they program bots to simulate real visitors. These fake clicks, if they're done properly, are considered valid by the advertising networks, which means for every fake click, the advertisers pay money to the ad networks, and the money is then shared with the scammers.
A typical click fraud process is as follows:
- A criminal creates a website which displays unoriginal content such as blog posts copied from other websites. The website contains a search box, so visitors can search for content.
- The criminal contacts an advertising network, and opens a publisher advertising account. The publisher advertising account allows him to place advertisements on his website.
- The criminal places advertisements on his website's search results page, so if a visitor searches for a phrase such as "luxury shoes", advertisements related to luxury shoes are displayed.
- The criminal hires a programmer to create a click fraud bot. To ensure the bot appears like a real visitor, its traffic is routed through random residential proxies, and bot software such as Puppeteer Extra is used. Residential proxies ensure the bot has a unique IP address every time it clicks on an ad, and Puppeteer Extra, combined with its stealth plugin, makes the bot closely simulate a real person.
- The bot goes to the criminal’s website, searches for keywords which will display high value adverts (e.g. New York lawyer), and clicks on the ads.
- The bot attempts to create a fake conversion, such as submitting a leads form, creating an account, or adding items to a shopping cart.
Step (5) in the above process is repeated thousands of times per day, resulting in income for the criminal - and losses to the advertisers - of hundreds of thousands of dollars each month.
The reason why bots create fake conversions
A problem faced by the scammers is the fact their bots never purchase anything at the advertisers' websites. This may eventually cause their traffic to get flagged as low quality by the advertising networks. Although this rarely results in negative consequences for the scammers, it draws attention to their traffic, which is something they wish to avoid.
To get around this issue, the bots create fake conversions at the advertisers' websites, such as submitting leads forms. The idea here is many advertisers add conversion tracking code to their leads forms, so if a bot submits a lead, the advertising network is fooled into thinking the traffic is high quality.
Why are scammers receiving marketing e-mails?
A common fake conversion is to create an account at an advertiser’s website. Typically when an account is created, a confirmation e-mail is sent to the account's e-mail address, which must be opened and clicked on to prove the account's e-mail address is real.
The criminals use bots to open these e-mails, usually programming them to open every e-mail and click on the links. This brute force method ensures every confirmation e-mail is processed.
Why are bots opening marketing e-mails?
A side effect of opening and clicking on confirmation e-mails is the account gets signed up to the advertisers' mailing lists, which causes the scammers to receive marketing e-mails.
Since the scammers' bots are programmed to open whatever e-mails are received, this causes the marketing e-mails to be opened and clicked on.
To the advertisers, it appears as if their marketing e-mails are a success, but in reality, based on Polygraph's own studies, around 5% of marketing e-mails are being opened by bots.
Conclusion
Scammers are programming bots to generate fake clicks on ads, and create accounts at advertisers’ websites. Since the advertisers believe these accounts are real, they send marketing e-mails to the scammers' e-mail addresses, which are then opened and clicked on by bots.
Polygraph can protect your ads from click fraud, and reduce the number of bots clicking on your marketing e-mails.