The Truth About Click Fraud
December 1, 2005
Over the past year, there have been literally hundreds of articles and blog posts written about the topic of click fraud. I’m at the point that I actually get the urge to vomit every time I see a new one. I don’t think I’ve ever read so much about a topic and yet learned so little.
If you happen to be one of the 17 people on the web who haven’t yet read about click fraud, I’ll save you the pain. Here’s all you need to know:
- 1. Click fraud is the greatest threat facing the Internet.
2. Search advertisers are getting screwed out of hundreds of thousands of dollars.
3. Fraud detection systems operated by PPC engines suck.
4. The PPC engines know they suck, but they don’t really care. They’re making a ton of money.
Those four points are then followed up with a vague reference to some "unofficial" estimate that puts the amount of click fraud taking place anywhere between 15% - 35%. What data is used to come up with these doomsday estimates? That’s a good question. Unfortunately, I can’t answer it because none of the articles ever mention who came up with the estimates or what data they used top arrive at those numbers.
So what’s the truth? Is the average Mom & Pop risking bankruptcy if they decide to open a PPC account? Are the engines really only concerned with keeping their shareholders happy?
Or is it really all a bunch of crap being shoveled at the web community by those who just happen to offer some type of click fraud auditing product or service?
I have no idea.
Is it really possible to come up with an accurate number regarding the total amount of click fraud actually taking place?
I doubt it.
Anecdotal evidence from a handful of sites in highly competitive spaces works great for generating the type of mass hysteria needed to keep everyone talking about click fraud, but it doesn’t help at all in determining if there really is a problem.
The only practical thing to do would be to try and collect some objective data that would shed some light on how big of a potential problem click fraud may be. By that I mean auditing the performance of the various fraud detection systems being used by each of the PPC engines.
And that’s exactly what we are going to do.
If the accusation that the major PPC engines do not have adequate click fraud detection systems in place turns out to be true, we’ll publish all the data showing exactly where they are dropping the ball. And I can promise you, I’ll be at the front of the line with a torch and pitchfork demanding that they are held accountable.
On the other hand, if it turns out that they actually are doing a solid job catching the majority of bad clicks then we’ll publish that as well. And we can then all collectively tell all the click fraud "chicken littles" to shut the hell up.
Fair enough?
So here’s the plan.
Step 1. Build a Click Bot -I’m not going to get into the specifics of how the tool will work as I have no intention of teaching everyone how to commit click fraud. But what I will say is that the tool will be built in such a way that the audit we will conduct will be objective and fair.
Step 2. Select Some Sample Sites - This is an important step. In order to get an accurate assessment of how well each system may or may not work, I think you need to work with sites that are in spaces where the potential for click fraud is quite low. We need to establish a baseline of click volume and cost before we can begin tracking the amount of fraudulent clicks that might be getting through. If the test site is in a very volatile market, that will be hard to do. (Any volunteers? I’ll foot the bill)
Step 3. Develop Several Different Click Models - Some will be blatantly obvious, while others will be a bit more discrete. All models will be applied to each PPC engine equally.
Step 4. Include Partner Sites - It’s not enough to stand up and tell the world that you’re doing a great job defending the mother ship. We’re going to find out once and for all if PPC engines are looking the other way when it comes to traffic being passed through their partner sites. If you are a big player who makes money displaying PPC ads, we’re going to put you through the test.
Step 5. Press the Start Button and Collect the Data - That’s about it. By the middle of next month, we’ll be able to come back and let everyone know whether or not we really have anything to talk about.
Comments
43 Responses to “The Truth About Click Fraud”
Before You Reply, Please Read My Comment Policy
I believe you are correct, there is no such thing a click fraud really. Great post!
You could also have the bot click on your own AdSence ads until they shut you down. This should tell you what the pain tolerance is when the shoe is on the other foot. Good luck.
yeah…i agree with you.:)
Won’t this open you up to HUGE legal liability?
Um… don’t perform your tests on my website. What if you cause somebody to get banned? How are you going to compensate them?
Great idea and good luck - let me know if you need any help building the bot
Good plan. Good luck.
http://gotads.blogspot.com/2005/12/greg-bosers-plan-for-click-fraud.html
Let me clarify. We will only be clicking on ads I paid for. When I said we would click on partner sites, I wasn’t really talking about general Adsense sites. I’m talking primarily about AOL, meta search engines, domain parkers, etc.
Besides, I already know how many clicks it takes to get an Adsense account torched.
As far as the legal liability goes, the bot will only bee seeking out and clicking ads I’m paying for. I might possibly be violating a TOS or two, but I’m certainly not committing fraud.
I’m a paying customer. And I think I should be able to test whether or not the engines are actually providing me with the level of service they claim.
“Any volunteers? I’ll foot the bill”
I think this would be the weakest part of what you’re proposing. Given the demographic of your blog, allowing self-selection could skew things so much that it renders the numbers meaningless.
http://en.wikipedia.org/wiki/Self-selection
Self-selection? Come on Matt. Are you saying that using a client’s site or a site that belongs to somone who reads my blog will have an impact on whether or not fraudulent clicks get through an automated detection system?
Surely a real click-fraud perpetrator would be using an army of virus-compromised home computers spread over the world, like spammers and other slime do. I don’t see how you could simulate that in a way that would reflect the true response of the fraud detectors without using one of those illegal zombie networks yourself.
I certainly won’t argue that distributed networks don’t exist, but I’m fairly certain, at least at this point, that’s not how most click fraud is attempted.
What I’m interested in is the huge space that exists between the moron sitting in front of his computer all day clicking on his ex-employer’s ad, and a sophisticated zombie network.
>Self-selection? Come on Matt.
Yes that was pretty weak, Matt. You didn’t elaborate how exactly that would skew the results, and in this case, I’m not going to give you the benefit of the doubt, since your statement flies in the face of logic.
A site in google’s network = a site in google’s network.
Those zombie networks exist. I’ve been attacked by them a few times. Clicks would come in at precise intervals (every 40 seconds was the norm) from different IP addresses, most of which were back to proxy servers that were being used to perpetrate the problem. Actually, that probably wasn’t a zombie network per se, because of the regularity of the clicks, more like one computer going through a bunch of proxies. Either way, it was annoying.
I recommend that anyone reading this thread check out MarketingExperiments study from a few months ago. I find it to be the most interesting to date. It confirms that fraud activity is confined to where it matters most - expensive terms.
At one point they published a decent podcast discussing the results. I recommend listening to that also if it’s still around. It rambles a bit (well, it’s a podcast after all) but provides the data that we all ache for. That stated, I appreciate the tone of this entry. I am also tired of the rhetoric.
Matt may not have highlighted self-selection properly, but selection bias is certainly a confounding factor for this “study”. You’ll need high numbers to get past it, and when you go for that volume, other skewing factors will almost certainly come into play.
It also sounds like there’s an assumption of linearity here. Are click fraud algos applied uniformly across the web, or are certain sites/niches/keywords/IP blocks scrutinized more aggresively than others? I am sure you have thought about this, so perhaps you have a normalized experimental design/model that will still deliver useful experimental data.
No matter what you do, if you are not going to completely expose it for review (open source style) than will it really accomplish more than adding more hype and rumor to the issue? As you note, that would require you to provide your tools for click fraud…
The bark of this project may be worse than the bite. Unfortunately it is easier to discredit the plan (silence that bark) than adress the issue. I can think of 43things that highlight how this could be smart for an SEO consultant to propose, aside from actually quantifying click fraud.
[...] The WG has his doubts about click fraud. He is setting up a test to find if fraud detection systems really are in place and how well they work. [...]
That is a legitimate question. I think we can publish a great deal of valuable information without disclosing all the specifics of how exactly the bot functioned. But I also understand that it might be necessary to disclose that information in order for it all to make sense.
Now that’s a great question. Matt’s comments that the sites we select will somehow skew the results certainly makes me think that might be the case. But should it be? I can’t ever remember hearing a search engine speak about their proprietary click fraud tools being reserved only for those who meet a minimum spend requirement.
MATT was simply trying to tell you gently that SEOs and clients of SEOs are not a fair and representative sample of the entire population of AdSense signups. These could include very small/independent sites, large reputable sites, as well as many many spammers and scrapers and bottom feeders (which you see all the time in SERPs). There is going to be a Huge Huge variation in click traffic patterns, and CPCs of the ads shown.
And of course, OTOH, click fraud is also not uniformly distributed and is likely to follow the money to make it worthwhile, so high-volume or high-CPC-ad sites will have more fraud associated. If you only generate $50 per month in AdSense revenue, who cares if you sneak in $5 more? those are as good as accidental clicks.
[...] So Greg’s looking for some volunteers/partners (where he foots the bill) where he’ll: Step 1. Buld a Click Bot Step 2. Select Some Sample Sites Step 3. Develop Several Different Click Models Step 4. Include Partner SitesStep 5. Press the Start Button and Collect the Data (see more info on Greg’s Post) [...]
>click fraud is also not uniformly distributed and is likely to follow the money to make it worthwhile
I don’t think uniform study matters so much as what is going on where the action is…I think self selection could do well to approximate how certain industries perform. That data is probably more important than some across the board average which would be darn hard to take a stab at.
And I’m trying to tell you gently that Adsense has nothing to do with this. I’m not going to be trolling the web randomly searching for scraper sites who happen to be displaying my ads. I’m talking about search distribution partners like AOL, Netscape, Iwon, MSN, Dogpile, etc. You know, the partners that collectively make up 50% of your ppc spend, yet never seem to show up when you track your conversion data.
OK then, for a sample that you think fits your needs, do you think AOL, Netscape, Iwon, MSN, Dogpile are going to be checking on this Blog Entry and will then take you up on your offer for getting you the sample that you need?
Moreover, do you think that the sample that fits your PPC spending is going to be representative of any AdWords or Overture advertiser?
If you do not take samples in a fair manner from the entire population relevant to your study, then you have most certainly skewed it, no?
I’m definitely interest in what you are doing and the results, my current view is that Overture is more generous to its advertisers in refunding dubious clicks and that ‘dubious’ clicks in less competitive areas are not that prevalent.
[...] I find myself scrambling to find information on click fraud but am not having much luck. Anyhoo, here is Greg’s new Idea and is that the real Matt Cutts I see posting in there? Pretty cool, will have to keep an eye on this one now that I have access to his blog. He seems to been having issues with registration, I tried so many times I had to enter the blog from a different IP, register and call myself “HAMMER”. Looks like anyone can now post so go over there and join the fun! [...]
Jason Lee Miller from webpronews.com speaks of ClickTracks offering click fraud stats in an attempt to deflate analytics? Damn it’s gettin’ hot in here.
It isn’t, though - it’s just the biggest threat to current PPC models. Or, more specifically, the widest distribution PPC vendors.
Curious - I presume you are looking at different verticals? I see interestingly different activity between markets as a PPC publisher - to be honest, I thinking compiling data from multiple large publishers serving multiple markets is going to be a better angle for exploring clickfraud, rather than create a bot.
2c.
[...] He is also introduced one action plan and you can have a look of it here. [...]
I’d be interested in what your numbers show.
I’ve conducted many click fraud experiments, and have read data on quite a few others.
I think by only averaging out the top quality experiments (most of them use just stupid methods) will one realize the real numbers. Every system is going to give a bit high or low on the actual stats - it’s about averages.
There is definitely a curve, the higher the average CPC, the higher the fraud.
The issue is it’s easy to detect an influx of clicks from one site, one term, one account, one anything.
The difficult fraud to detect is just a few extra clicks a day across hundreds of sites. This doesn’t show a spike that’s outside of the normal amount of volume, it’s just a steady daily increase.
Everything in moderation.
Here’s my two cents.
If I run an ad on Google or anywhere else and do not make Money I will stop running that ad. For some Mom & Pop store to run an ad’s until they bankrupt themselves World make them just stupid.
If people were not making money I’m sure they would not continue to run the ads. To say that there is click fraud or that click fraud is a problem is one thing but to say that it is doomsday or the biggest Internet problem is not correct.
I will run my ads on any site and take the hit for 15% - 35% or even higher for click fraud as long as it turns a profit at the end of the day. At the same time if I run my ads and there is 0% click fraud but I loose money I will remove my ads.
“I will run my ads on any site and take the hit for 15% - 35% or even higher for click fraud as long as it turns a profit at the end of the day.”
That’s like saying, “I don’t care if my employees are stealing from me as long as I’m still profitable”
Bottom line is that it’s a bigger problem for some sites more than others. I’ve found that sites with high dollar terms tend to get higher rates of fraud. This is pretty much common sense. This is one factor of many that need to be taken into consideration.
Click fraud can’t be detected by solving for X. There simply isn’t an X in the equation. The best detection system is one that looks for many behaviors based on technical, behavioral and market metrics.
Greg, I am interested to hear what models you are planning to work on as far as the clicking goes. There are so many different ones that should be detected ranging from the 100 clicks a minute blitzes to the 1 click a day from a jerk competitor.
Do you plan to discuss what types of click attacks trigured a refund, tracking re-count, ad stopping from showing etc? Or are you going to just say that out of the 10 attacks google passed 5?
This is an inspired idea. I just hope the execution of it works. Learning about the real rates of click fraud eventually comes down to one thing: data (including the quality of it).
I agree totally with Janeth’s comment that advertisers (or agencies) need to bear some responsibility for monitoring click fraud.
However I’ve definitely got some serious problems with the way search engines handle this issue. I personally have experienced seemingly very obvious click fraud, reported it to the SEs, and their responses were woeful. I would like to believe that they are fighting click fraud as hard as their marketing material claims. In my personal experience, they certainly didn’t “walk the talk” of the “anti click fraud” marketing material on their websites.
I think the idea is a good one and I certainly agree that the scope of the problem has no reliable stats.
Figuring out the logistics of how to do this however, is something I don’t envy you.
Good luck with it.
[...] I think G has realized that some things that seem detrimental may have certain benefits associated with them as well. I’m sure the web spam team doesn’t like scrapers (and I agree with them), but if they investors (or board for that matter) knew about them would they really care, or would it be seen as a nice added short term revenue stream? I won’t add fuel to the tin hat fire, but I don’t think scrapers are all that different than click fraud, when left to the eyes of someone outside the search space (especially if they see THEIR ad on a sh*t site). It’s going to take a long time for the ROI of advertisers to dip low enough for them to realize all the trash that they don’t need to be paying for shouldn’t be considered a cost of doing business. [...]
I agree with what Janeth says - that it is not a doomsday yet. Click froud seems to me a modern version of throwing away the junk mail. There is so much waste in every marketing strategy.
Several factors are forefront when detecting potential fraudulent Clicks:
– The abundance of specific IP Address during a given time period…
– The Abundance of same CLASS C IP addresses during a given time…
– The length of time an IP Address Stayed on the page…
– Did the IP Address - RETURN back to Google, and re-clicked?
– The Referrer Logs indicating the specific KEYWORDED SERPs the Click Came from…
Many tracking/ stats software can certainly, successfully offer this information - and allow ALL Website owners to evaluate any suspicions!
Greg, drop me an email. I’ve talked with you at SES a few times and would love to do a panel showing the results we can collectively gather. I would be willing to try just about anything to see what turns up.
Doing the Shopping Search Tactics panels isn’t as exciting as it was the first time. A panel on clickfraud, that could be fun.
Anyway, get in touch and we’ll work something out.
The acid test has to be how does tracking CPC URL conversion performance compare against the general home page URL conversion per Xn clicks.
If the site is or was ( before it’s owners started paying cpc) reasonably embedded in the SEs and the conversion rates per thousand clicks are significantly different time after time then the case is made, and the crime is fraud.
I can’t think of any other area of business in the world where the supplier has such uncontrolled opportunity to abuse the consumer and supplier alike, a fairytale cash flow model. This arrogance and stupidity is the thing that will kill internet commerce not tricks or clicks by competitors. That sort of thing has always been fair in love and war.!
If you hold your nerve you will be bound to make a significant contribution to the future of e commerce.
Good on yer
Geoff
Having worked on pay per click campaigns for one of the big poker sites, I’ve seen first hand how prevalent click fraud is… especially when it comes to competitive keywords. On these keywords, competitors have become very sophisticated at creating false clicks and charges.
The problem is one of transparency. The big PPC companies don’t give you enough insight in to the fraud they catch and block, and exactly what they’re doing to stop fraud. If the PPC companies became more transparent, and helped PPC managers fight fraud themselves, its effect would be reduced.
If the estimates are correct… what would happen to Google and Yahoo’s stocks if they completely eradicated click fraud? If their revenues went down by 30%? I’m no conspiracy theorist, but I don’t expect the click fraud issue to be addressed any time soon. I wonder if the market has factored “click fraud� in to Google and Yahoo’s stock price yet? Since I own stock in both… I better keep my mouth shut.
I find this discussion to be very interesting. I am new to the whole PPC scene, but as an advertiser AND a publisher I find that there may be a serious problem at hand. I personally think the 20% stat is totally fabricated. I am interested in conducting my own experiment, but I lack the know-how. Actually, all I lack is the click bot, but I have no idea how to get one. Does anyone here actually know how to design one of those?
If anyone has any info that might prove this whole click fraud theory true or false…I would definately be interested in hearing about it. Good luck WebGuerrilla!
boser,
ABC’s of Google …the “C” is for click fraud.
Is Google Out of Steam?
Downgrading its stock to sell, S&P’s Scott Kessler explains why the search giant is vulnerable on several fronts. Key among them: click fraud
http://www.businessweek.com/investor/content/jan2006/pi20060119_9734_pi044.htm
Hmmm … Sounds interesting, although I don’t know if your study will unearth anything not already known. Or even if it does, if that will cause the SEs and ad networks to change their practices.
I don’t know how far you’ve gotten with this, but one thing you might consider doing is getting a sizable group of people to buy ads under different accounts, rather than all under the same account. A rise in clicks to the same account (or small number of accounts) is likely to trigger some click fraud thresholds. Another thing you might do is get volunteers to run your bot on their systems (unless you have a fairly large number of systems you can launch your bot from that are on topologically and geographically dispersed ISPs). You might even sprinkle in some conversions to try to simulate advertisers that get business and fraudulent traffic.
In general, I have always thought CPC was a bad business model because it is so easy to defraud. It has always struck me as odd that Google, being a center for technological excellence, would have even implemented CPC in the first place. When the idea was first presented to do CPC at Google, I wonder if the issue of click fraud ever came up, and what things were said in response (and who said them)? I used to work for a search engine, and complained quite vigorously about the dangers of relying on CPC revenue due to click fraud, but they went ahead and implemented it anyway.