In today’s online marketing landscape, it can be a daunting task to get a grasp of what is being measured and how. After all, do we really know where the reported numbers come from?
A simple Google search shows that it is possible to buy 1,000 Instagram followers for $12.95, 1,000 SoundCloud plays for $9.15, or 250 Facebook shares for $10.00. It is also possible to buy 1000 clicks on specific ads for anywhere between $1 and $50. There are even vending machines in Russian malls selling fake Instagram likes ($17 for 1000 likes).
The fake engagement is also used to hurt competitor campaigns. This can involve competitors using nefarious tactics to drive up prices for specific keywords (branded, for instance). Or this tactic is used simply to reduce the effectiveness of competitors’ campaigns. I witnessed some of this myself when I was working with South African lead generation aggregators for car insurance companies. They came to me (as I was their Google representative), asking if it was possible that they were being subjected to click fraud. I was surprised! I did not consider this a possibility at the time. I ended up looking deeper into the issue and realized that there was a massive fraud going on: companies were on cyberwar with one another, competing for the leads in a profitable vertical like car insurance.
How do click farms work?
So, what exactly is this type of practice outlined that is used to artificially boost engagement or drain competitors advertising budgets? It is often called a “Click Farm”. Strictly, a click farm is any kind of operation intended to fraudulently interact with a website. In order to appear more legitimate, the clicks come from real people using mostly mobile devices (cheaper, smaller in size, easier to arrange). You will have seen images like this.
They are usually located in low-cost regions like SEA or India, where the authorities have run crackdowns on click farm operations, sometimes recovering hundreds of thousands of SIM cards used to validate accounts.
Former click farms workers have reported working 12-hour shifts for very little money, and even some form of PTSD related to hearing an incessant clicking sound for hours on end. Many advertisers pay by the click (CPC/PPC) or by the 1,000 impressions (CPM) so it’s in the unethical interest of some publishers to commit fraud to gain bigger performance payouts. Likewise, it’s incredibly difficult to sell products online without good reviews so often companies or their partners plant fake reviews to boost their products rankings and thus sales, inevitably. For instance, Amazon’s subsidiary, Kindle Direct Published took court action against a British book publisher who breached Amazon’s terms by using clickfarms to manipulate their rankings.
Farming out clicks
Click farms are usually composed of a stack of electronic devices in a layout that allows easy access from one user. This is done to reduce costs, so one user can handle several devices at once, occupying their entire workday clicking ads and “liking” pages for fraudulent purposes.
Although they violate many social media user policies, it is hard to get convictions. This is not least as these operations involve different legal jurisdictions (for instance, a click farm from Thailand will use US-based IP addresses to negatively affect US-based campaigns). This creates a cat-and-mouse situation where clever users can make new accounts at scale in order to provide fake clicks and artificially boost metrics.
There are two methods to click farming: the first is a ploy to deplete a competitors’ advertising budget so the fraudster can have their ads shown in higher PPC rankings at a lower cost. In this case, the competitor is weakened instead of being outbid. Rather than competing fair and square, the cost of hiring a click farm is much lower.
The second way to use a click farm is used by fraudulent advertising publishers: Hiring a click farm to click on ads shown on the fraudster’s own website. This way, they collect the money from impressions that would have gone to a legitimate publisher.
Why are they so difficult to detect?
It is important to note that bot clicks are different from clicks originating in click farms. The former is entirely computational; the latter comes from a real person clicking on a device. This makes automated filters not as effective in detecting them as it is in detecting computer-generated clicks.
PPC provider platforms like Google, Facebook, or Bing make efforts to prevent bot click fraud, since automated filters remove most clicks at source. But there are bigger challenges to stop clicks originating in click farms, as all it takes for a fraudulent competitor to attack your PPC or paid social media campaigns is to buy fraudulent clicks in bulk from one of the many clicks farms or their resellers. These clicks come from real devices: separate IP addresses, MAC addresses, and platform accounts.
This is where CHEQ for PPC has entered the market. cybersecurity company, CHEQ has launched the first cyber security and AI based advanced anti-click fraud protection for paid search and paid social campaigns. It is the first solution to block invalid clicks across platforms including Google and Facebook, alongside Amazon, Baidu, Bing, Instagram, LinkedIn, Snap, Twitter, Pinterest, Yahoo, and Yandex. The software detects all manner of sophisticated bot clicks (using 700 cybersecurity traps) but also eliminates invalid human clicks. This includes eliminating any clicks which involve “location obfuscation” used in click farms. This involves click farms masking internet users’ locations, through VPNs, or other means deployed by criminals to defraud millions of ad dollars and additional biddable inventory outside of a fraudster’s desired geography. Though it may be purporting to be relevant traffic for key markets such as the UK, US, and Japan, this traffic is actually from countries including Pakistan, India, and Bangladesh. In fact, CHEQ has found that 17% of invalid clicks involve misrepresenting their real location.
Fighting the Fake Clicks
Illegal competition using click farms is sadly a growing trend, one that can significantly affect your performance or your client’s performance (as I experienced firsthand with my clients in insurance lead generation campaigns). The quickest and most cost-effective way to address it is by getting a trusted partner with the right technology to help you block suspicious users and stop the threat before it even happens.
Luis Pinto is a former Google employee with nearly a decade of Google Ads experience, having optimized hundreds of Google Ads campaigns. As CEO of Kaching Media, Luis manages campaigns for clients including Audi, GoDaddy and Airbnb.
Want to protect your sites and ads? Click here to Request A Demo.