The click fraud rate rose to more than 22 percent during the third quarter of 2010, according to Click Forensics. Security pros offer advice on what to do.
Click fraud is rising, and sophisticated botnets are to blame.
Click fraud is a scheme where a person, automated script or computer
program mimics a legitimate user clicking on an online ad to make money from a
pay-per-click arrangement. According to a new report by Click Forensics, the
click fraud rate was 22.3 percent in the third quarter of 2010, up from 18.6
percent in the previous quarter and 14.1 percent in the third quarter of
It is difficult to estimate how much this costs the industry each year,
explained Steve O'Brien, vice president of marketing for Click Forensics.
"We can't estimate exactly how much this costs the industry each year
because each search engine employs various ways to monitor and filter invalid
traffic and click fraud," he said. "While most third-party
and all major search engines typically apply filters before
charging advertisers, we have seen some advertisers waste as much as 10 percent
of their monthly spend on invalid traffic and fraud."
Much of the click fraud is botnet-driven, though no single botnet can be
blamed, he said.
"Years ago human click farms played a greater role, but now the biggest perpetrators
of fraud generally use botnets, malware and other advanced programs to attempt
click fraud," he said. "Collusion fraud is one example of a botnet scheme we've
seen grow over the past year as well. It's quite sophisticated and difficult
for most to detect."
Top-tier search engines and ad networks have defenses in place to
automatically mark potentially fraudulent clicks invalid, noted Neil Daswani, CTO
of Dasient. However, that is not true of all companies, he noted, and
the quality of defense may vary.
"In some cases, ad networks have the appropriate incentives to fight click
fraud and ensure that ads are more legitimately monetizeable than on
competitive ad networks," Daswani said. "At the same time, that may not always
be the case, and advertisers can work together with click fraud auditors and ad
networks to curb the problem."
Toby Trevarthen, vice president of business development for Anchor
Intelligence, said the emergence of intelligent bots and a hit and move
strategy appear to be the biggest challenge in policing.
"The fraudsters are gone, before you realize you had a problem," he said.
"The biggest shift is what is happening throughout the ecosystem itself-the
move to real-time. Post-click or post-impression analysis is quickly becoming
not good enough as we move forward."
According to Click Forensics, there is a growing volume of click fraud
through a more diverse number of sources, such as mobile proxies.
"We haven't seen a noticeable volume of invalid traffic from mobile devices
and proxies until recently," O'Brien said. "Given that PPC [pay-per-click] is
not the predominant form of advertising for mobile devices, it is unusual to
see any significant volume of paid clicks from mobile proxies. Our suspicion is
that fraudsters are simply using mobile proxies in attempt to mask the true
source of invalid traffic."
To fight click fraud, O'Brien suggested businesses ask third-party
about their detection mechanisms and filtering policies, and
compare reports provided by search engines and other PPC advertising venues
with their own logs. Also, companies should watch for anomalies, such as a big
spike in traffic from a single source, he said.