Skip to Main Content

Nov 21, 2019 | 5 minute read

Common click fraud tactics and how to prevent them

written by Meaton

We know that click fraud is a costly threat source facing advertisers. The question we’re left to ask, though, is “why?”

What is the motivation behind these fraudsters’ actions? How do they translate clicks into cash? And, most importantly, what can we do to insulate the market against risk in the face of ever-increasing numbers of attacks?

How & Why Online Advertising Works

Simply put, fraudsters target online advertisers because it’s highly lucrative. To see why, it’s helpful to understand a few ins-and-outs about these ads.

There are many different models of online advertising. For instance, advertisers can pay for their ads to appear as part of Google’s search results. Advertisers can also publish ads on social media sites like Facebook and Twitter, targeting users with relevant interests based on their social media activity.

Another popular method, though, is to advertise with an ad network. These entities pool opportunities to resell ads, then coordinate the sale of those opportunities to advertisers.

The digital affiliates who run ads are generally paid on a pay-per-click (PPC) method. Their ad revenue is based on the amount of traffic they can drive to the advertiser’s site. While it’s not totally reliable, it’s at least a reasonable method of determining an ad’s effectiveness.

The average cost per click (CPC) in Google Ads is $0.63 on the display network. That may seem cheap, but the costs can mount quickly. That said, the average business will earn $2 in revenue for every $1 spent on advertising, making online ad campaigns an expensive, but ultimately lucrative method of earning new customers.

The Incentive to Commit Fraud

Fraudsters manipulate clicks to achieve a variety of goals. For instance, a cybercriminal might create a phishing site, then artificially inflate the site’s click numbers to push it up to the first page of search results. It could also be used to manipulate public sentiment by making some pages seem more popular than they are. For our purposes, we’ll focus on the impact of click fraud on digital advertising.

Digital ad spending reached a projected $111 billion in 2018. But of course, with any market of that size, you’re going to see some bad actors attracted by the opportunity to make a quick buck. There’s an incentive for publishers and affiliates to produce as many clicks as possible...even if they’re not real.

The term “click fraud” describes a practice by which outlets generate false clicks to artificially inflate the amount of traffic driven to the advertiser’s site. Because these ads are paid-per-click, the fraudsters collect unearned ad revenue with each fake visitor. Alternately, companies might engage in underhanded tactics like click fraud to hurt their competitors.

This problem is growing at a rate of 50% every year. And, given that retailers already lost nearly 20% of their digital ad spend to click fraud abuse back in 2016, it’s now more of a problem than ever. 

Advertisers pay a heavy initial price for these incidents. But, like most other forms of online fraud, the costs eventually diffuse and impact other parties, too. For instance, with more of advertisers’ budgets eaten up by fraud, they will have less money to spend with legitimate outlets and affiliates. People might even lose faith in the long-term viability and effectiveness of online advertising.

Common Click Fraud Tactics

If we’re going to stop click fraud from spreading any further, we need to delve into the details of how this practice works.

As I mentioned in another article on this topic, there are several avenues through which a fraudster could pull-off a click fraud attack. One could, for instance, set up a click farm for collaborators to manually-rack up clicks. This is less common for the purpose of ecommerce click fraud than it is when looking to artificially inflate users’ social media followings.

While resource- and time-intensive, click farm attacks are still plausible. A much more common tactic, though, is to initiate an attack by spreading malware to unsuspecting users. Malware attacks targeting smartphones and other mobile devices were up by 50% in the first half of 2019 compared to the same time the previous year. Many of these attacks were likely to spread bots, which then passively click ads without the user’s knowledge.

The publishers are generally the culprits behind click fraud incidents, while advertisers and ad networks lose billions due to their publishers’ actions. The publishers collect commissions for driving fake, junk traffic to advertisers’ sites. And here’s the rub: without the know-how to identify bot and other click-based attacks, you could inadvertently hire bad actors who only want to steal from you.

Potential Solutions for the Click Fraud Problem

With the technology currently available, you must be cognizant of the warning signs of bot activity. For instance, your click-through rate should be within a reasonable range; abnormally high numbers suggest something is wrong. Other warning signs, such as high bounce rates and dramatic changes in velocity should be investigated, too.

These and other strategies provide some cover, but are not reliable bulwarks against click fraud. However, new developments present a potential solution in the form of blockchain technology. Blockchain technology should definitely be viewed as a potential game-changer in the mitigation of click fraud risk.

Ad buys are usually conducted using a fairly opaque process. There’s little transparency, so the advertiser rarely knows anything about who ultimately gets served an ad, and who clicks on it. This is what makes bot-enabled click fraud so common: it’s easy to get away with.

Conducting ad purchases with a blockchain, though, would offer brands the insight to know exactly where their money goes. This is because the blockchain works like an open ledger, accessible to anyone, at any time, and from any device with the right software. Such a system allows for transparency and accuracy, while its decentralized and consensus-based nature prevents any one party from manipulating the record.

With a blockchain, advertisers could go back and verify both transactions and the publisher attached to them. This would make it easier to spot abuse and suspicious activity.

While we may still be far from a universal solution to contend with click fraud, new technologies offer the prospect of mitigating our risk.