Click Fraud 101: Common Types of Invalid Clicks

Click Fraud is becoming an increasingly large problem for PPC advertisers. A recent study conducted by Professor Roberto Cavazos of the University of Baltimore, found that 14% of all ad-clicks are completely invalid. Many of these invalid clicks are generated by deliberate click fraud schemes with varying degrees of scale and sophistication. Other invalid clicks are driven unintentionally by web crawlers and scrapers tasked with collection and indexing data. In this blog post, the CHEQ cybersecurity research teams details the most prevalent forms of invalid clicks, explaining their origins and mechanisms.

1. Web Crawlers & Scrapers

What are these? Non-malicious scripts (bots) designed to crawl and scrape websites, with the objective of collecting, indexing and cataloging data.

Why & How does this occur? Legitimate websites like search engines, travel aggregators, shopping sites and price comparison sites will deploy bots to scrape competing or affiliated sites for the purpose of data collection, real-time price adjustment and many other reasons. These bots are then added to the advertiser’s remarketing audience and start getting retargeted, causing additional ad-spend loss. Some of the legitimate scrapers will mark themselves as such, but unless the advertiser takes proactive action, then they will continue to eat up ad spend.

2. Malicious Bots (Automated Click Fraud)

What are these? Hacker generated scripts (bots) designed to mimic legitimate human traffic and perform actions which are tied to ad-spend (views, clicks, form-fills, purchases).

Why & How does this occur? The party getting paid for the action is looking to increase their revenue by fraudulently inflating their traffic. The perpetrator could be a publisher, an ad network, an affiliate network or any other party interested in inflating their numbers. These bots are generally divided into two types – GIVT (General Invalid Traffic), which is a more simplistic type of bot / scheme and SIVT (Sophisticated Invalid Traffic) which utilizes very advanced methodologies and require cybersecurity technology to catch and remove.

3. Malicious Human Visitors (Manual Click Fraud)

What are these? Disingenuous human generated clicks designed to inflate traffic, drain-ad spend or achieve some other kind of malicious goal. This can be performed by a large-scale click farm or by an individual user.

Why & How does this occur? This is a less sophisticated alternative to botnets used to generate fake activity on specific ads / campaigns. This can be deployed by a publisher / affiliate looking to inflate traffic, by a business looking to drain a competitor’s ad-budget or by someone looking to commit numerous other types of fraud.

4. Proxies

What are these? Users who are masking their identity for various reasons, using some form of proxy server.

Why & How does this occur? People have many reasons to mask themselves online. It could be someone using a VPN to consume out-of-geo content or it be a far more malicious form of cyber-attack using sophisticated web proxy servers. In any case, even if the goal of the proxy users isn’t to defraud the advertiser, they end up reaching landing pages and sites via online ads, costing advertisers big time.