Click Fraud
What is Click Fraud?
Click fraud is a form of marketing fraud that occurs when pay-per-click (PPC) online ads are illegally clicked to increase site revenue or exhaust a company's budget. It is often intentional, malicious, and has no potential for clicks to result in a sale.
PPC ads generate revenue for publishers or exhaust client budgets for an advertiser based on how much a customer clicks on them (and how many of those clicks are converted to sales). Clicks become fraudulent when those doing the clicking are a computer program (ex. bots), an automated script mimicking a legitimate user or a human with no actual interest in the ad’s target. It is considered a “black hat”, or violating computer security for personal profit or malice.
Sometimes click fraud can be carried out by a site owner to artificially boost ad revenue for their business. It may be carried out by a publisher or ad agency to artificially inflate their click rate making them more appealing to companies looking to market themselves, without actually having such an audience.
Here are several different types:
Non-contracting party click fraud
Between advertisers
One advertiser attempts to use up another advertiser’s budget by engaging in click fraud. Once the latter advertiser’s budget and space are used up on irrelevant clicks, the former becomes the sole advertiser and takes up the space and visibility.
Between publishers
Another version of this occurs when an attacker maliciously attempts to frame a publisher by making it look like they click on their own ads. This would cause an advertiser to mistrust the publisher and end their relationship with them. Because PPC revenue is often the primary source of income, this practice can destroy a publisher’s business.
Vandalism
It is often difficult to track down the culprit of click fraud motivated by vandalism. Often, fraudsters target publishers or advertisers for political or personal vendettas.
Friends and Family
Click fraud can also occur when a publisher is supported by their friends or family clicking on ads to generate revenue. Sometimes the publisher conspires with their personal relationships to commit this type of click fraud, or it is truly just patronage on the part of the friends and family.
Classic click fraud
Site owners (publishers) publish ads using an advertising network like Google AdWords, and click on ads placed on their own sites to increase ad revenue. The advertiser (company creating and placing the ad via advertising network) has their budget exhausted or is defrauded by the actions of the publisher.
Click Farming
Some companies will outsource to low-cost employees to manually click ads all day and generate ad revenue, as part of “click farms”.
Automated Script
A computer program mimics a user and clicks an ad. It does so by translating existing user traffic into clicks and impressions. Another method is to bombard a large number of computers with viruses and have those viruses make the computers click ads.
Hit Inflation
Some advertising publishers use this method to drive traffic from a dishonest site to a dishonest publisher, generating clicks and thus revenue. This occurs when the dishonest site contains a script that converts website interaction on it to clicks for the publisher. The user interacts with the initial site and interacts, not knowing that their interaction is generating clicks for a secondary publisher that they do not directly interact with or are not aware of.
Search Result Manipulation
This iteration of click fraud occurs with the click-through rate of a website rather than PPC ads. Ranking of sites increases when search results generate clicks to those sites - for example, if you were to search “fraud.net” up, the highest clicked site would be listed at the top of search results (that’s us!). In this version, fraudsters generate false clicks on results they want to promote and avoid results they want to demote. The businesses with the higher clicks will have improved rankings while those avoided will not - many malicious publishers or companies will use this to put their competitors at a disadvantage.
The Cost of Click Fraud
According to PPC Protect’s Global PPC Click Fraud Report, 11% of all search clicks are fraudulent, with 17% on connected TV campaigns and 36% on display ad campaigns.
How to Combat Click Fraud
Despite the many ways click fraud can manifest for your business, there are some key things to look out for to check if you’ve been victimized:
- Unusual rises in impressions
- Unusual peaks in clicks
- No corresponding increase in conversions with a click or impression peak
- Page views decrease during click or impression peaks
- High bounce rate during click or impression peaks.
If you suspect you’ve been targeted by click fraud, contact your advertising network running your PPC ads and report your findings. This way, fraudulent clicks can be credited back to your account or budget.
However, the best protection is prevention.
Fraud Prevention with Fraud.net
Fraud.net offers a wide range of products to combat various types of marketing fraud, including click fraud. Contact us for a free demo and product recommendations to protect your business.
Clickjacking
What is Clickjacking?
In summary, clickjacking is when a fraudster targets someone to click a link, either to get them to install malware or to try to 'phish' them, a related term that involves getting a user to enter personal information via a fake website.
Clickjacking is done by sharing captivating content that misleads the user. Once people click back to the source of the content, the fraudster then tries to attack them.
What Is There to Gain?
A fraudster has multiple ways to use these clicks for their own gain. With clickjacking, fraudsters can gain access to passwords, credit card numbers and any other valuable data that can be exploited. Clickjacking can also turn features in your devices system on and off when malware is installed. This malware has a lot of capabilities, ranging from enabling microphone and camera access or pulling location data from your device. In short, these clicks can cause strife in the moment, and can make crimes easier in the future.
Clickjacking Examples
A common example of clickjacking involves fraudsters creating a mirror login page to capture user information on a website. With this method, the user assumes that they're entering information into a usual form on a website they visit. In reality, the users can actually be entering that valuable information into an overlaid field controlled by the fraudster. The fraudster gets access without the user ever knowing there was something wrong.
An attacker can also redirect clicks from social media or emails to download malware or gain access to vital systems. This spells trouble for any organizations that rely on protecting sensitive data and intellectual property.
Additionally, links can be hidden under media and trigger a particular action, such as liking a Facebook page or ordering a product on Amazon.
How can Clickjacking be Prevented?
Clickjacking is an intrusive and damaging attack that can lead to serious consequences for you, your customers, and your business. Your company needs a way to proactively stop this attack from turning your website or content into a dangerous environment for users.
A cybersecurity solution like Fraud.net, for example, looks into all methods of fraud, including clickjacking, when securing your site and systems.
Turning fraud prevention into a process that covers the entire customer lifecycle is vital. Whether it comes from leaked data, unauthorized access or payments, and error, Fraud.net will help you find and stop fraudsters of all kinds. Contact Fraud.net for a demo of our end-to-end anti-fraud system, or a free fraud analysis. Start protecting your business today.