What is Click Fraud and How to Prevent It

Click fraud is a black-hat technique used to inflate the number of clicks on a pay-per-click ad.

Click Fraud

One of our customers asked us to build a report so she could get more detail into our paid search ad tracking – paid search ad tracking enables customers to track visitors through the conversion process from ads running on Google, DoubleClick and other ad networks. This enables attribution to the correct campaign at a future point in time if and when the visitor converts.

The question was, “Why is there such a big difference between my total clicks and my unique clicks?

DailyStory Paid Search Click Tracking

What we found was surprising.

It appeared that some IP addresses were clicking the same paid search ad repeatedly within a 5-10 second window. In some cases spending a significant portion of the daily ad budget in a matter of seconds.

In other words, click fraud.

We built some reporting to help customers identify this, but we also want to share some detail as to why this happens and how to fix it.

There are two primary reasons that click fraud takes place:

1. Click Fraud to Increase Revenue Share

The first and most common type of click fraud is found on websites that are running ads where they are paid-per-click. Fraudulent clicks increase the revenue-share they are paid.

Wikipedia defines this as:

Click fraud is a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising. In this type of advertising, the owners of websites that post the ads are paid an amount of money determined by how many visitors to the sites click on the ads. Fraud occurs when a person, automated script or computer program imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad’s link.

The ads this customer is running were not in Google’s ad network though, they were exclusively ads shown when people searched for specific keywords or phrases.

2. Click Fraud to Spend Ad Budget

Another lesser-known problem is when competitors click your ads repeatedly to either force the cost-per-click up or prematurely spend your daily budget.

DailyStory’s paid search tracking identifies and tracks all visitors through links (tracking templates).

This enables DailyStory to associate a visitor with the ad he or she originated on. Later, when the visitor converts the ad can be attributed to the conversion.

In addition, the paid search link tracking counts total clicks and unique clicks. And while it’s not uncommon for a visitor to click the same ad again or even a related ad, it is unusual for the same ad to be clicked dozens of times within a narrow time window.

To help you identify this type of behavior, DailyStory provides a Paid Search Fraud Report:

Click Fraud Report for Paid Search

Using this report you can identify IP addresses that are behaving suspiciously. DailyStory provides a risk analysis for each of the IPs along with additional detail if it is a known IP.

For example, some requests can appear to be click fraud but are really legitimate clicks going through a known proxy service such as Google.

Clicking on an IP address will bring up additional information about the IP address. This information can help you determine if it is a legitimate IP address or not.

It’s also worth looking at when the potential click fraud took place. For example, if the same IP address visited multiple times on a single day it is more likely click fraud.

How to Eliminate Click Fraud in your Account

Most modern advertising platforms such as Google Ads, DoubleClick, and Bing allow you to create IP address exclusions or location exclusions.

A location exclusion is useful if you want to exclude a particular country or region whereas an IP address allows you to focus on a particular IP address that you want to exclude.

IP Exclusions for Google AdWords

To create an IP Exclusion for a Google AdWords campaign first sign into Google AdWords and select a campaign. Next, select Settings for the campaign.

The screenshots show Google AdWords Beta.

AdWords Campaign Settings

Click Additional Settings and from there you can edit the IP address you wish to exclude.

Exclusions are set up on a per-campaign basis in AdWords. So if you are running multiple campaigns this can be a bit of an effort.

AdWords IP Exclusion

In the report above the IP address, 207.244.82.154 which had 26 clicks in one day, appears to be click fraud. It can be added to the IP exclusions list.

As you can see from the screenshot above, you can also include an entire range of IP addresses.

DailyStory’s click fraud report keeps track of any suspicious IP addresses found on your site or from any other customer’s sites and identifies them for you. You will also find click fraud alerts in your Daily Digest email from DailyStory.