If you’ve ever worked with pay per click ads, or any form of online marketing, you’ve probably heard of click fraud. It’s the sort of thing that marketers mention, usually with a shrug of the shoulders as if to say, ‘What can you do about it anyway?’
Data suggests that one in four clicks on every paid ad is from a fraudulent source, normally from bots. However click fraud covers quite a broad spectrum, including vindictive competitors, organised criminal networks and shady app developers. In short, there are many ways that people can harness technology to steal the marketing budget of business owners across the world. But, is click fraud really that big a deal? And is there even anything you can do to stop it?
The click fraud industry
Click fraud is in fact a huge industry, with estimates putting its impact at over $20 billion in 2019 alone. And, it’s forecast to grow to over $30 billion in the next few years.
If you work with Google Ads, you might have seen the term ‘invalid clicks’. This is Google’s catch all term for any non-genuine click on a paid link. Anyone paying for traffic on Facebook, Bing, Twitter, Taboola, Outbrain or any of the content promotion networks will also be at risk of these invalid clicks, aka click fraud.
How do fraudsters make money from click fraud? The most common way is to set up a spoof website, fill it with ads and then direct fake traffic to it (think bots or click farms). With this fake traffic, they can then collect the payout on ad clicks or impressions.
It used to be easy to just pay for bulk clicks on Fiverr (you may have seen the ‘buy 10,000 visitors from the USA’ traffic packages), or even hire click services online. But more and more platforms are starting to realise that this kind of traffic is both worthless and ultimately damaging. As such, platforms like Google and Facebook are making it harder for these high volume bot traffic to be effective.
In recent years, as loopholes have closed, those committing the fraud have had to become more resourceful. One of the main ways this has happened has been through malware, usually on Android apps.
These apps can be anything from games to random utilities apps (such as torch or calculator software) and are normally bug free on download. But they’ll usually have a backdoor where malicious code is side loaded, often as an update. A recent example of this is the DrainerBot malware, which was discovered in early 2019.
DrainerBot was distributed via a software development package which was then used by many different coders around the world. It’s thought that DrainerBot has been downloaded at least 10 million times.
The name DrainerBot was coined because the bot used massive amounts of battery power on users phones to click on ads in the background while their phones were active. This clicking on ads also used a lot of data, with some users seeing around 10GB a month showing up on their bills.
The growth and evolution of click fraud
As of 2020, we have seen several new malware apps being exposed including Tekya, which is thought to have been downloaded a million times at least. The evolution of click fraud from a relatively simple process to an industry of deceptive apps shows that there is still a lot of money to be made. Even despite setbacks and lockouts, the fraudsters will always be looking to find a way to break in and steal advertising dollars.
Do the ad networks do anything about it? Well, yes, they do. Google has a whole team dedicated to beating click fraud (or invalid clicks) and Facebook have even sued several app developers for click fraud scams on their network.
But, is this enough? Many in the marketing industry feel that the ad platforms do just enough to be seen to be doing something, but could definitely do more.
Although the fraud itself is illegal, it’s very hard to pin it onto anyone. For example, the DrainerBot code was distributed from a Dutch software company who denied any knowledge of it. And, as we see with the recent Tekya example, there are plenty of ways to sneak code into apps and through the back door.
How to prevent click fraud on your ads?
There are several ways you can minimise your exposure to click fraud, although some are trickier than others.
The first step is to be very careful with your ad targeting when setting up PPC campaigns. Limit your geographic spread, keep an eye on peaks and surges in your clicks and watch for anomalies in your bounce rates or conversion rates.
Using long tail keywords can be a good way to prevent click fraud activity on your Google or Facebook Ads, although this will limit your exposure. If you don’t want to do this, at least choose solid search terms and make sure to use negative keywords to limit random clicks.
For example, if you sell sneakers, target the keywords ‘fashion sneakers’ or ‘sneakers for running’. By then setting the term ‘sneakers’ as a negative keyword, you will be reducing your volume of clicks, but you’ll more likely be targeting people who know what they’re looking for.
Another step to prevent click fraud is to keep an eye on the IP addresses clicking on your ads. This will involve daily monitoring, but if you spot duplicates or suspect activity, take steps to block them.
An easier way to block click fraud is to simply use anti-click fraud software such as ClickCease. It takes just a few minutes to set up and the impact can be quite incredible, especially if you’re targeting high volume or expensive niche keywords. With a free trial it’s also pretty easy to see if you are being affected at all (which, if you’re using Google Ads or Bing Ads, you most likely are).
Pay per click is an excellent tool to get your brand seen, in fact it’s easily one of the best. But be aware of the potential for click fraud and make sure you’re not contributing to that huge pot of defrauded marketing money.