Click Fraud: What It Is and How To Prevent It

Published: March 3, 2019  by 
Hand placed on mouse

Over the years, more clients than I can count have come to me – BigWing’s director of paid search – and asked this very same question: “What keeps people from running up my costs and me from throwing all my money down the drain?” In other words, how do you keep click fraud from happening?

Now, click fraud isn’t just for paid search (think: Google ads or Bing ads); it occurs across the internet with display and programmatic display ads as well. Over the last 14 years, lots of advances have been made in the detection and prevention of click fraud. Google’s paid ad platform takes lots of precautions to prevent and then back out click fraud or “invalid clicks.”

Some legitimate clicks actually appear as click fraud, but the behavior makes it seem legitimate. This is because someone is researching your company. Either the competitor clicked on your ad to see what products and services you’re offering, or a student working on a report or science fair project clicked your ad. While they’re clicking on your ads, they’re probably not singling you out and are clicking on other competitors’ ads as well. There really isn’t much you can do about these clicks, as they act like regular, valid traffic. Another is returning visitors. You might want these, as people tend to visit a site multiple times through different channels before they actually purchase or convert.

The most commonly thought of click fraud is in paid search. Here’s what that means: Someone (usually a competitor) clicks on an ad to “run up the cost” and make a competitor’s ads stop showing so yours can show at a lower price. Pre-2009, the practice of “bid jamming” was very popular among affiliates because quality score wasn’t really in force then. This practice was rampant on high profit margin terms that have a high CPC due to competitiveness. Huge battles for clicks and traffic were going on with the fallout being that everyone was paying too much for clicks. The problem was, it was working! Google started introducing quality score and making sure that the ads, the keywords, search terms, and landing pages “lined up” and had a common theme. Quality score has come a long way since then and is now a robust measure of how well a search on a keyword or phrase triggers an ad to show to a searcher. Bid jamming is a dead technique now because of the cost per click penalty that’s inflicted on non-relevant ads and landing pages. It’s just not profitable to do this practice anymore. In many cases, if the quality score is too low, the ads won’t show at all.

Quality Score is just one way that Google discourages invalid clicks or fraud. Google is very good at seeing that a computer or internet device is clicking on an ad. There are ways that Google can identify that device and see what it’s doing on Google.com. It doesn’t mean it knows you are “Bob Smith,” but it does know you are a Windows device at IP xxx.xx.xxx.xxx and your CPU id is xxxxxx. If that device starts to act squirrely, it raises a red flag for that activity. Basically, it’s a pattern recognition software looking for behavior that mimics fraudulent activity. Some activity is automatically retracted and credited to an advertiser’s account. Other activity is flagged for review and manually backed out up to 48 hours later. Google’s sophistication in this area is far more advanced than I can discuss in this short blog. It is constantly being upgraded and tweaked to combat invalid activity.

I asked a Google rep one time on how effective this process was and got into a pretty serious discussion a few years ago. At that time, they were very confident they were detecting and stopping 99 percent of click fraud. No one can stop everything all the time, but their system is very, very good.

Manual clicks on a website using AdSense or display ads on Google. These ads appear on the Google network on third-party websites owned by webmasters other than Google (aka most of the internet). Here, when ads are clicked on, the website gets a percentage of the amount paid to Google for that click or impression. Some webmasters will contract bots or even humans to go through and click on some ads. This a violation of Google policies.

Google partners with many different websites and applications that provide data to Google on website behavior, how ads are served there, and traffic trends. Odd placements of ads, making it so that ads must be clicked on to see content, and other violations, are strictly checked out. Sites are re-evaluated at regular intervals to see if changes have been made to fall out of validation. Penalties including temporary suspension and continued violation can result in a site being banned from the program. So, it’s very risky to try to make an extra buck here or there by nefarious means. Google will likely find out and take action.

Automated Clicks, Accidental Clicks, Bots, or Deceptive Software is a more sophisticated way of performing click fraud. Some are run straight off of servers, others are malware-like and fun on hijacked browsers and toolbars to create large numbers of clicks and impressions and are made to look more like a real user.

Accidental clicks commonly happen on mobile and we’ve all done it. You’re getting on a weather app or ordering pizza and you click on that ad at the bottom of the screen when you really wanted to click “process my order” just above it. Or a late second click of a double click could also be unintentional. Usually these are easy to filter out because people bounce right back and have no engagement after the ad click. Also, look at how users interact with your website on a mobile device. Maybe you need to move some things around to make it easier for a person to convert without clicking accidentally on an ad.

Google automatically filters out traffic from your reported clicks and impressions, so you aren’t billed for any of those invalid activities. There is nothing you have to do; it’s happening all the time. If there is some odd activity, Google humans are notified, and the online activity is reviewed. If you think your sudden increase in clicks on a given day is false and not filtered out, you can give Google a call and ask for it to be investigated. Be prepared for the default rebuttal from the front-line staff that will tell you that “Google detects click fraud and deletes it from your traffic reports.” So, you should come with some other evidence that lets Google know they might have missed this traffic. Google has good reason to have faith in its fraud detection.

On the flip side, just because you see an unusual spike in traffic doesn’t mean its fraudulent! Dive into your analytics and see what was happening in that time frame to see if there is another explanation for the traffic or impression bump. In my experience, another contributing factor is usually at play. It can be weather, a news article, some national event, and many other items.