What Are the Types Of Click Fraud?

click fraud types

What is click fraud?

“Click fraud” refers to the practice of abusing pay-per-click ads to generate the appearance that an ad is being viewed by far more users far than it actually is, thus dishonestly generating revenue for the ad service that does not reflect any actual benefit to the company which placed the advertisement.

Click fraud tools

Fruition’s click fraud tool is in private beta. You can get in the queue here to receive an invite.

Basic Overview of the Pay-Per-Click Relationships

Pay-per-click advertising is a common form of online advertisement involving three parties: (1) advertisers, (2) advertising networks, and (3) publishers. An advertiser creates an advertisement or link to their site, which they wish to be displayed on a publisher’s website. Advertising networks locate publishers with websites relevant to the content of the link, whose viewers are thus more likely to be interested and click on it, and place them there. Each time a user clicks on the link, the advertiser pays a fee to the advertising network, which in turn passes a portion of the fee to the publisher.

2 Reasons for Click Fraud

Competitor Click Fraud

Competitive click fraud
In addition to advertising networks and publishers, click fraud is also sometimes carried out by competitors of the company which placed the ad. In that case, the perpetrator’s goal is not to make money themselves, but to deplete the advertisement budget of the company which placed the ads and thereby provide the competitor an advantage. It may also be carried out by unrelated third parties for purely spiteful reasons, such as a personal grudge against the company which placed the ad. This type of click fraud falls into a legal grey area since, unlike click fraud perpetrated by a publisher or advertising network, there is no legal contract or obligation between the user and the advertiser.

Affiliate Click Fraud

Affiliate click fraud
Because the fee is paid regardless of whether the user who follows the link actually proceeds to buy anything or indeed has any legitimate interest in its contents at all, there is a strong financial incentive for both the advertising network and the publisher to see that the link is clicked on as many times as possible. In order to make money, they may try to make it look like the ad is being clicked many more times than it actually is, using methods such as running a computer script which repeatedly clicks on the ad hundreds of times. In this scenario, the advertising network e.g. Google, AOL, Yahoo!, Bing, Outbrain, etc pays the affiliate a percentage of the fee. This is known as click fraud.

There are 5 Primary Types of Click Fraud

The simplest form of click fraud is that which is carried out from a single computer. This can be as simple as a person manually clicking on an ad over and over. More sophisticated users may set up an automated script which carries out the tedious work for them. While primitive, this type of click fraud can nevertheless be damaging if the fraudster is persistent enough to keep it up over a prolonged period of time and the advertiser is lax enough to not notice the high number of suspicious clicks. This is typically the easiest form of click fraud to detect, as it comes from a single source; other forms of click fraud involve distributing the attack across many different IP addresses so as to conceal its nature.

1. Click Fraud Through Crowdsourcing

One method publishers use to increase the clicks on their ads without doing the clicking themselves is “crowdsourcing”. For example, a publisher might include text next to their sponsored links saying “support this page by clicking these ads”, resulting in many clicks by people with no actual interest in the ads’ content. In many cases, the users clicking on the ads may be doing so innocently, only desiring to support a site which they enjoy and unaware that their actions constitute participation in click fraud. The publisher requesting that they carry out the clicking also might not think that what they are doing counts as fraud, rationalizing that since they are encouraging real people to actually view the advertisements, the traffic should count as legitimate. Google’s guidelines for AdSense forbid this type of behavior from publishers, but other advertising networks may not hold their publishers to the same standards.

2. Click Fraud Through Incentivized Traffic

One step shadier than crowdsourcing is “incentivized traffic”, where a site offers some reward to visitors for clicking on the advertisements – for instance, a store giving a discount code to visitors who click on ads, or a video game site asking players to click on ads in exchange for in-game bonuses. This can generate many ad clicks from people who have no actual interest in the advertisement and are simply doing it for the in-game benefit. Unlike crowdsourcing, an actual reward is being offered to those who click the ads, which is likely to result in a higher rate of fraudulent clicks.

3. Click-Fraud Through Click Farms

Incentivized traffic taken to its extreme results in a “click farm”, where people are outright paid money in exchange for clicking on advertisements all day. Using actual humans rather than automated scripts is considered advantageous because the people participating in a click farm can be instructed as to how to make their actions appear more “natural” and thus more likely to evade detection by automated filters; for instance, after following a link to an advertiser’s site, they can subscribe to the company’s newsletter in order to make their interest appear valid. Click farms are most commonly run in developing countries, where there are large numbers of impoverished and unemployed people who can be hired to work for a very low price.

4. Click-Fraud Through Hit Inflation Attacks

Even shadier than employing people to generate false traffic is the practice of redirecting legitimate user traffic, called a “hit inflation attack.” With crowdsourcing and incentivized traffic, users are at least presented the choice of clicking on ads and the opportunity to view their contents. However, some websites utilize redirects to automatically bounce visitors to advertisements and then immediately back to the page they clicked on. The visitor doesn’t actually see the ad, or even notice anything other than a slightly longer than usual load time, but it’s counted as a hit by the advertisement. Visits to the site are converted directly into clicks on the ad; and since the fraudulent clicks are based on the natural flow of web traffic, they don’t look suspicious in the way that repeated clicks from a single source do.

5. Click Fraud Through Bot Nets

Bot Network

Finally, organized criminals can carry out click fraud using “bot nets”, large networks of computers which have been infected with malware and carry out instructions without the owner’s knowledge. The malicious user behind the bot net can instruct the compromised computers to visit certain sites and click the ads, generating many seemingly unrelated clicks from different IP addresses. Larger bot nets can be comprised of millions of compromised computers, and have been used to commit various types of computer crime, including click fraud.

Why a click fraud firewall doesn’t work


It might seem like click fraud could be stopped by identifying the IP addresses from which fraudulent clicks are originating and using a firewall to block them. However, even the simplest click fraud scenario, an automated script running on a single computer which repeatedly clicks on an ad, a simple IP block can be circumvented by using a proxy or an anonymizing service like Tor. Other types of click fraud by their very nature rely on single clicks from a great variety of different IP addresses rather than repeated clicks from a single IP address. With methods such as crowdsourcing, incentivized traffic, click farms, hit inflation attacks, and bot nets, the distributed nature of click fraud makes it difficult to differentiate false visitors from legitimate ones, let alone block them. Further, the ad networks such as Google and Bing do not want to, nor could they effectively, block huge blocks of IP addresses from accessing their services. Ultimately, a firewall cannot stop well-organized click fraud.

Click fraud specific to Google’s AdWords

Adwords click fraud
Google AdWords is one of the largest advertising networks on the Internet. It is also represents a special case with regards to click fraud, because Google is acting as both publisher and advertising network: it not only matches ads to appropriate sites, as the typical advertising network does, but also runs ads on the results pages of searches conducted using the Google search engine, giving it the role of publisher. Some critics claim that this is a conflict of interest because it means that Google stands to profit from click fraud which is committed against the clients which pay it to place ads. Google AdWords uses its own methods to determine fraudulent clicks, which they don’t charge for; however, these methods are also proprietary and therefore unverifiable, requiring the advertiser to trust Google. As a public company whose primary source of revenue is ad clicks; just a percent or two of fraud could represent hundreds of millions of dollars. Google contends that click fraud is ultimately harmful because it lowers the quality and therefore the value of the ad placements it sells.

Google uses a three-tier system to detect click fraud: first, automated filters which filter out suspicious clicks as they occur; second, offline analysis by automated algorithms and human analysts; and third, in-depth investigations of complaints of click fraud presented to Google by advertisers. According to Google, around 10% of clicks on ads placed through AdWords are detected to be fraudulent, which would potentially total hundreds of millions of dollars of wasted payment if they went undetected. Google does not charge AdWords customers for clicks on their ads which it determines to be fraudulent, and claims that only 0.02% of clicks which pass their detection system are fraudulent.

Click Fraud Detection Techniques

In the case of simple click fraud, such as an automatic clicking program running on a single computer, it is extremely easy to identify clicks which cannot possibly be valid; for instance, no human could click on an ad a hundred times in a single second. More sophisticated methods of click fraud, however, are much harder to identify. Fruition uses sophisticated machine learning systems to analysis log files and recorded user behaviors both post and pre ad click to perform an in-depth forensic analysis to determine if there is fraud.

There are some signs which advertisers can look for as basic indicators as to whether click fraud is being perpetrated against them. A high number of clicks in a short period of time from a single IP is highly likely to be the result of fraud. Also suspicious are a high number of repeated clicks from a single user over a longer period of time; for instance, if a pay-per-click link points to a site which updates daily, then it is unlikely that a user will visit it more than 30 times a month. If a single user is using a pay-per-click link to visit that site 500 times a month, those clicks are likely fraudulent. It is also unusual to receive large numbers of clicks from users who have Javascript disabled, as Javascript is enabled by default on most web browsers; one which isn’t using Javascript may be a bot. Other indications of click fraud include large numbers of clicks from users hiding their identities behind proxies, and large numbers of clicks from foreign countries where a company doesn’t do any business.

Perhaps the most basic sign that click fraud is occurring is a large, sudden increase in the amount of money which is being spent on a pay-per-click ad. In such a case, one can hire a company to investigate, and request a refund from the advertising network if evidence of fraud is detected.

Click Fraud Detection