The Main Methods of Click Fraud
Cyber Risks & Threats | May 20, 2023
When is a click not a click? When it’s click fraud.
The issue of fake clicks and invalid traffic (IVT) is becoming more prominent, with marketers increasingly aware that they need to avoid click fraud on their PPC campaigns. And with more than $40 billion lost to click fraud every year, it’s no surprise.
If you’re running a digital marketing campaign, knowing how your spend is affected by click fraud and ad fraud is one of the best ways to help you combat it effectively.
In this article, we’ll take a look at the main methods of click fraud and how your ad money is siphoned off by non-legitimate traffic.
This blatant source of ad fraud isn’t even visible to the human eye. An ad is placed in a 1×1 pixel on a fraudulent site, and traffic is then sent through it.
Your ad can’t even be seen by genuine visitors but can easily be clicked by bots.
To add insult to injury, a genuine visitor still counts as an impression even if they can’t see it. And, of course, with a 1×1 pixel ad, you can cram loads of these ads onto a page, hence the term pixel stuffing.
There are numerous ways to collect the payout from impressions or clicks on ads without displaying the ad properly. So, although your ad might be displayed on a site, chances are it isn’t visible to the human eye.
Common methods of placement fraud include:
- Stacking multiple banner ads in a single ad slot so only the top one is visible, but they still collect the payout on an impression.
- The 1×1 pixel fraud we mentioned above.
- Ads displayed outside of the visible website area, often just off-screen.
This complex process involves publishers of high-traffic sites with illegal or dubious content channeling adverts via an authentic site. The advertiser would only see that their ad was displayed on a ‘trusted’ or relevant site, but in fact, using a bit of smoke and mirrors, the publisher has managed to divert the ad onto their site and collect the payout for impressions (usually with CPM campaigns).
This clever process is similar to the smoke and mirrors approach with impression laundering. By using malware, the fraudulent advertiser gains access to an advertising slot on a genuine publisher’s site. The fraudulent advertiser then places their ad on the genuine site but collects the payout for impressions or click-throughs.
Click Hijacking (clickjacking)
Instead of hijacking ad space, fraudulent advertisers can just hijack the clicks on ads using a similar process. So if a user clicks on an ad on a genuine publisher’s site they can be funnelled through another (fraudulent) website, which collects the payout on the click before being led to the advertiser’s site.
The pop-ups’ shy cousin. These ads appear behind your browser window and register as ad impressions. Although this doesn’t always register as click fraud, it is a method used by sneaky publishers to inflate their CPM payout.
And as web users, they’re also pretty annoying and unlikely to draw a genuine click from a potential customer.
There are so many bots and crawlers on the web that, by some estimates, around half of internet traffic is non-human. This means that if you’re running a PPC ad campaign, you’re very likely to receive some fake clicks on your ads.
Some bots are simple information-gathering tools used by various organisations. Others have slightly more sinister backgrounds.
One of the best-known fraudulent bot operations, Methbot, is thought to be a Russian-based criminal network collecting around $5 million a day from fraudulent video ad views.
As a highly sophisticated program, Methbot simulates human behaviour, switches IP addresses, and uses proxy servers to disguise its location.
This complex and clever network was shut down in late 2018 but is indicative of the processes involved in bot-related ad fraud.
By infecting data centers with malware, the team behind 3ve was able to create millions of fake websites, fraudulently install ads on them, and then channel bot and genuine human traffic to those sites. It’s estimated that 3ve cost advertisers around $29 million during its lifetime.
You may have heard this term banded around and thought it was an urban myth, but click farms are very real. Although the image of warehouses full of people clicking on ads isn’t too far from the truth, in reality, it’s more likely to be thousands of phones and tablets networked to run repetitive clicking tasks. These can be used to inflate popularity on social media posts or click on website ads.
Competitor Click Fraud
After all these complex and technological processes, this one is a bit more down to earth. Your competitor (or someone who wants to damage your ad spend) sets out to maliciously click on your ad as often as possible.
Clicking on a competitor’s ads and instantly depleting their ad spend is easy. It’s not a fair business and morally wrong, but it is a phenomenon that happens in every industry.
A good example of this is, well…thousands of our clients.
Incentivized and Crowdsourced Clicks
Although this isn’t directly fraud, it encourages people to click on ads so that they get a payout. For example, calls to ‘click on these ads to support our page’ can create clicks where the user has no intention of buying or using a service.
Publishers might also offer discounts, upgrades, or other incentives for site users who interact with ads on their site. So the advertiser has to pay for that click (or view) but receive no leads or sales.
This simple summary of the main sources of click fraud is just the tip of the iceberg. For advertisers and publishers, click fraud and ad fraud can be a costly and damaging problem.
CHEQ Essentials is the most effective way to minimise your exposure to most of the biggest forms of click fraud and ad fraud.
The best way to see if your ads are impacted by click fraud is to run a diagnostic with our free trial.