Who commits click fraud, why they do it, and how to stop it.

I recently did a search on Google for 'online marketing tools.'

Here's what came up.

Three ads on Google looking for me to click on their links and take them to their website.

Now if you are the guy at the top you are pretty happy.

Not only did you outbid all of your businesses, you did so on such a competitive keyword like 'online marketing tools.'

What does the top ad rank position reward you with on Google?

It usually results in higher click through rate and more exposure for your products or services.

But if you are guys number 2 and number 3 on Google's paid search results, this can get pretty frustrating.

After all, you did everything Google asked of you.

You put in a large bid, your ad has high CTR. You optimized your landing page and your business is completely relevant to the keyword. You even added ad extensions hoping this could improve your ad copy.

And despite all this, you are relegated to the sorry positions of number two and number three.

So what is a business to do at this point?

The traditional route is to go back to the drawing board. Maybe you need to increase your bid. Maybe you need to rethink the ad copy, or improve the landing page.

But this all requires time and effort and money.

There is a second option though. It's easy, fast and best of all, completely free.

It's called click fraud. And it's a bigger problem than we think.

It's the elephant in the room that no one is talking about. And Google would like to keep it a muted issue, because ultimately Google benefits from it.

A recent eMarketer article decided to take a deep look at the problem of click fraud and estimate how big of a problem it is. We are going to break down their findings here.

What is click fraud?

Click fraud is the practice of repeatedly clicking on an advertisement hosted on a website with the intention of generating revenue for the host website or draining revenue from the advertiser.

Who commits click fraud?

Click fraud can come from a variety of sources, but the main culprits can be broken down into four groups:

1. Competitors

As described in the example above, competitors are the biggest source of click fraud.

With businesses shelling out thousands of dollars to clinch the top spot on Google for certain keywords, it can be pretty disheartening to see your ad show up at number two.

But instead of bidding higher, or changing their ad copy and landing page, businesses can click on their competitors repeatedly and drain their ad budget.

Since lots of businesses run PPC campaigns with daily ad budgets set in place, all a competitor has to do is repeatedly click on an ad until their ad budget is crossed.

Once the ad budget is drained for the day, the ad that was in position one disappears and the business that was in position two becomes the first ad.

2. Webmasters

A second source of click fraud comes from website owners themselves.

Google's display network allows advertisers to place their ads outside of Google's SERP results on third-party websites.

To be eligable, a website owner simply joins Google's AdSense program and receives 68% of revenue from clicks that is paid to Google.

So what does a webmaster do to make more money?

The honest route is increase traffic to their website. More traffic, means more clicks. More clicks means more revenue.

But this would require new content, social media marketing, or creating ads themselves to promote their website.

What's a easier way to do this that is free?

Click fraud.

The website owner simply clicks on the ad themselves and gets 68% of the money paid to Google.

With clicks sometimes going as high as $10 or more in some niche industries, the temptation is there for website owners to make more money.

3. Customers

In a digital world, an angry customer can do significant damage to your brand.

Usually this results in a one-star review on Facebook or Amazon or wherever they can ruin your reputation online.

But an angry customer with even the most limited knowledge of how PPC works will know that if they click on your an ad, you foot the bill.

More and more internet users are pushing back against targeted ads by purposely clicking on them.

The only one who benefits in such a situation is Google who gets their cut of click revenue regardless.

4. Professional Fraudsters

Finally there are professional click fraudsters who make money off of running large scale fraud operations that generate several million clicks per day.

To get a sense of this, just look at a click farm in China.

Click fraudsters operate in the internet underground and their actions can be very hard to track. They use sophisticated technology that takes advantage of the unintegrated internet infrastructure and the distance between supply chains in digital ad space between buyer and seller.

How big of a problem is click fraud?

eMarketer estimated digital fraud overall to range between $6.5 billion and $19 billion. The large range suggests one thing only: nobody actually knows how big of a problem click fraud is.

But despite difficult estimates, eMarketer cited several studies that show advertisers are increasingly worried about the problem.

A study by Integral Ad Services from November 2018 found that 36.8% of brand marketers would make ad fraud a priority in 2019.

Similarly, a study of programmatic advertising by Digiday found that US media buyers were most concerned with 'lack of transparency' and 'ad fraud' when it came to ads in their industry.

Types of Ad Fraud

There are several different types of ad fraud online, with programmic advertisnig most at risk. As eMarketer put it:

Scammers are able to take advantage of the distance between buyer and seller and the automated, intermediated nature of trading in a variety of creative and increasingly sophisticated ways. The result is significant percentages of invalid traffic to programmatic display campaigns. In other words, a lot of programmatic display impressions that never had any possibility of being seen by a human.

Different ad fraud methods include:

Domain spoofing

Domain spoofing is where publishers lie about the nature of their traffic, claiming it mostly consists of high-quality websites. In fact, those high-quality websites are low-quality websites flooded with bots.

Ad stacking

This is where ads are stacked upon each other to generate multiple impressions from a single page view. While only the ad on top can be viewed, each of the underlying ads also count as an impression.

Pixel stuffing

Pixel stuffing involves stuffing an entire ad into a single pixel on screen which makes it invisible to humans. This multiplies the amount of ads that can be hosted on a website.

Ad injection

This occurs when websites include ads on websites without the publisher knowing about it. These ads can sometimes replace existing ads and negatively affect a publishers' brand or viewability score.

Fake websites

Ads that are posted to fake websites are clicked on and viewed by bots instead of humans, and the person who created the website then collects income from CPC and CPM impressions that never existed.

Traffic sourcing

This is where entire networks of bots are sold as fake human traffic to publishers for the cheap. .

What devices are more at risk of click fraud?

According to the measurement and analytics firm Pixalate, 17% of all programmatic digital display advertising impressions in the US went to invalid traffic. That was the fourth highest in the world, following India, Indonesia and Australia.

But ad fraud differed based on device, with some more at risk than others.

Desktop display - 16.1%
Smartphone app display - 15.9%
Smartphone web display - 14.3%
Tablet app display - 10.9%
Tablet web display - 10.8%

For video formats, smartphone and tablet apps were the riskiest places to buy.

Smartphone app video - 22.1%
Tablet app video - 19.1%
Desktop web video - 15.7%
Smartphone web video - 12%
Tablet web video - 9.1%

Integral Ad Science reported that 14.3% of worldwide impressions on desktop programmatic display campaigns that didn't use their anti-fraud optimization service were fake in the first half of 2018. The rate for fake desktop video impressions was 10%.

eMArketer's report notes that those who commit click fraud don't necessarily follow the money. Instead they choose to take advantage of new technologies where adequate fraud protection has yet to develop. Such technologies now include native audio, OTT (over-the-top) or connected TV.

The inventory where digital fraud is most likely to occur in 2019 is mobile in-app advertising and OTT and connected TV advertising, according to eMarkter.

With mobile inventory in particular, fraudsters often falsify app installs. The mobile analytics firm AppsFlyer estimated that over 25% of mobile app installs worldwide were fake. The US rate was 14.7%. As eMarkter put it:

"There’s no universal directory of what those apps should be called. So if you decide to make up fake apps and call them something very similar, it makes it very difficult to tell if that’s invalid or fraudulent or not.” On mobile, these types of IDs have been standardized...even if there’s no fraudulent intent, it still makes it very difficult for a buyer or seller to know what they’re buying on, because of the fragmentation and lack of standardization across those apps in all of those stores."

Solutions to ad fraud

1. The rise of ads.txt

Ads.txt is the latest and most effective innovation to protect against domain spoofing, when fake impressions are generated from a fake URL.

Ads.txt stands for authorized digital sellers. It is a text file that publishers add to their sites to show a list of authorized sellers of their inventory. According to eMarkter, over 75% of major programmatic advertising publishers have implemented ads.txt since its introduction in 2017.

The rise of ads.txt has made it easier for brands to track and measure fraud. A study by MightyHive in 2018 conducted two programmatic advertising campaigns for the Guardian, one which used ads.txt and one which didn't. The results showed that while traditional display units were not very at risk to fraud, with only 1% of display units being affected, the risk was huge for video units, with 72% lost to fraud.

2. Ad Verificators

Another way to prevent digital fraud is to work with ad verification providers that help identify fake impressions and invalid traffic.

An ad verification provider helps identify the fraudulent traffic which can then be shown as evidence to the publisher to solve.

eMarketer cites Integral Ad Sciences whose study found that 1.8% of desktop display ad impressions on campaigns using its anti-fraud service were fraudulent in the first half of 2018, along with 0.8% of mobile impressions. Worldwide ad rates, according to IAS on programmatic desktop and mobile display campaigns that did not use protection were 14.3% and 9.9% respectively. IaS therefore claimed it had eliminated the vast majority of fraud.

It should be kept in mind, however, that these are companies reporting on the effectiveness of their own ad services and their results may be biased or not show the full picture.

3. TAG Certification

Another recommendation eMarketer gives is to use TAG Certification. The TAG Certified Against Fraud Program was launched in 2016 and aims to combat fraudulent, invalid traffic in the digital advertising sphere. Companies receive a seal if they abide by TAG guidelines and implement a set of anti-fraud tools. In this way, they contribute to making the digital advertising supply chain free from invalid traffic.

A study by TAG in November 2018 examined 75 billion US impressions and found that just 1.68% of impressions were fraudulent for TAG certified companies. This was almost 84% lower than the average fraud rate of 10.43%.

4. Clawbacks

Another development in the industry has been a growing expectation among advertisers that they can 'claw back' spending on fraudulent ads if fraud rates exceed an agreed upon threshold, eMarketer reports.

The system is not perfect, as ad verification services need to be involved, the process is time-consuming, and no one is actually sure whether they are getting their money's worth. But because programmatic supply chains are so complex, it is hard to be satisfied with the entire system.

5. Ad management services

While click fraud can occur on any ad, using an effective ad management service that identifies when click fraud is likely draining an ad budget can help save you tons of money by contacting Google in time to report suspected click fraud.

Digital Ad Fraud Trends

eMarketer identified various digital ad fraud trends in its report.

1. Purely technical solutions will not work

As fraud prevention gains ground in mobile apps and OTT, technical solutions will have to work with humans in order to effectively tackle ad fraud. Humans will need to be involved to make sure new stands are being abided to and applied, and these standards will be fluid and subject to change.

2. Valid traffic could be mistaken as fraudulent

With so much focus on what constitutes invalid traffic, often times legitimate site visitors and impressions are being mistaken as bots.

"We see things like corporate proxies and people out on university campuses being classified as invalid traffic...these industry groups could potentially come up with better standards on that, so we don't use our precious resources on sorting out these consistencies," eMarketer reports.

3. The introduction of ads.cert

Updated standards are being drawn up, with OpenRTB 3.0 and ads.cert to launch. ads.cert is supposed to build on the capabilties in ads.txt with the goal of eliminating more fraud. It will help marketers whether the impressions they receive from an ad exchange belong to the intended website. But it's unclear when the new tool will officially be available for use.

4. The need for law enforcement

According to experts interviewed by eMarkter, fraudsters view their activities as low-risk, and without law enforcement getting involved, they will continue to perform their operations. This is particularly true when they use data centers as opposed to hijacked devices to create fake traffic.

5. Marketers will need to get more educated

Marketers are becoming aware of the impact fraud has on their advertising, but there is a knowledge gap about how to measure this fraud. For example, ad verification services may detect 10% of advertising going to fraud, but that doesn't mean that all of that traffic is fraudulent. It may have been simply flagged as suspicious.

The problem is compounded by the fact that verification services compete with each other over who was able to 'flag' more fraud. But this doesn't mean that everything that was flagged as fraud was actually fraud.

Going forward, marketers will have to get more educated in this area, so that ad verification services don't end up misrepresenting the invalid traffic they identified as well.

Overall though, so long as there is risky inventory, digital ad fraud is likely to remain a significant problem for advertisers and publishers in the near term.

Try Aori

Do you suspect click fraud is draining your ad budget? Check out our smart advertising solutions to see how Aori can help prevent click fraud from occurring in your PPC campaigns.