New Breed of Click Fraud Simulates Sale & Empties Your Bank Account

New Breed of Click Fraud Simulates Sale & Empties Your Bank Account

This new click fraud is practically invisible to advertisers. Photo from Deviant Art

Since the inception of Google Adwords in 2000, fraudsters and spyware developers have tried to swindle Google Adwords advertisers out of their money. Traditional click fraud is usually done with the help of automatic click software or a human trying to exhaust the budget of their competitor. Google can easily detect these forms of click fraud and end them end as soon as they start by comparing the number of clicks to the sales generated. If there is a disproportionate amount of clicks compared to sales, Google swiftly fixes the problem. This is how advertisers and Google understood click fraud until Tuesday, January 12th, 2010. That is when Ben Edelman, associate professor at Harvard University and authority on analyzing methods and effects of spyware & click fraud told the world wide web that a new form of click fraud not only simulates a click, but also simulates a purchase. The implications run deep for advertisers large, medium, and small who advertise on Google Adwords and are not aware of this malicious fraud.

How This New Click Fraud Works

How New Click Fraud Works
The image above illustrates just how advanced this new click-fraud has gotten. For the above example, was used. is not a real website. It was used for this example.

This new version of click fraud is especially clever and has the potential to artificially drive up costs for the advertisers. The process starts when spyware is installed on an internet browser’s computer. Over the course of days, weeks, or months, the spyware tracks the browsing and purchasing habits of the internet user. The spyware’s main focus is to track what websites the internet user visits and then proceeds to make purchases from. When the spyware has determined these browsing and purchasing habits, it then decides to fake a click to a real Pay-Per-Click ad of a e-commerce site the internet user has made purchases from or is likely to make a purchase from. This is the main goal of the spyware. What happens next is the internet user proceeds to visit the website that the spyware on their machine has clicked an advertisement for. The user then proceeds to make a purchase on the e-commerce website. After this purchase has occurred, the e-c0mmerce website checks their Google Adwords account and sees a high CTR (click-through rate)on their Pay-Per-Click ads. Normally this would be a red flag that something is wrong. This is not the case though because the e-commerce site sees that while their ads have a high CTR, they have an equally high conversion ratio (Example: E-Commerce site normally gets 100 clicks a day and 8 conversions. With the new click fraud they would get 300 clicks but show 40 conversions.) The e-commerce site is so happy with the great results and decides to increase the amount of money they spend on Pay-Per-Click advertising on Google Adwords.

Why Is This Important?

It is easy to see how this click-fraud can result in a vicious cycle for advertisers. As more internet users’ computers get infected with this spyware, more e-commerce websites are vulnerable. These e-commerce websites will continue to pour more money into their Pay-Per-Click campaigns to try and get new customers that aren’t new at all. The potential cost for advertisers could be hundreds or thousands of dollars before they catch wind of this click-fraud.

How Google is Fighting Click-Fraud

Google has been very proactive in it’s attempts to thwart this click-fraud. In an e-mailed statement to reporters, Google has stated their company policy is “to prohibit [advertising] partners from being associated–whether directly or indirectly, intentionally or unintentionally–with parties who buy traffic in ways that cause a poor user or advertiser experience,” and in addition to this, Google says it reacts quickly to any click fraud or violation. When talking specifically about detecting new forms of click fraud, Google championed its continuing efforts to credit advertisers based on click fraud that the company detects up to 10% of their ad spending. Google did not specifically respond to the specific click-fraud found by Edelman. Instead, a company spokesperson wrote that the company uses “hundreds of data points” to detect fraud, not just clicks.

Dealing With Click-Fraud Going Forward

This click-fraud is just the latest example of how far certain companies and individuals are willing to go to defraud legitimate business and people advertising on the Google Adwords network. While it is great that Google is taking all the necessary steps to prevent and put an end to this fraud, the first line of defense is the internet user. The click-fraud started when the internet user visited a website and became infected with this spyware. Most e-commerce websites will not have much control in the browsing habits of their customers. However, these websites should encourage their customers to keep themselves protected from viruses and spyware. This can be achieved through a blog post on the company website, email to newsletter subscribers, and sending out messages and tweets to fans and followers on their Facebook and Twitter pages. E-commerce websites that stay informed about news in the Pay-Per-Click industry as well as making a concerted effort to alert their customers will give themselves the best chance to hedge against click-fraud going forward. “The Only thing we have to fear is fear itself,” FDR said in his first inaugural address. E-commerce websites that realize this and take the necessary steps will in the end be most successful.