Google Moves to Combat Click Fraud on Ad Networks
The company's operations teams noticed the emerging threat, and its engineering team worked to quickly release a tool for filtering out the invalid traffic.Google officials said its engineering and operations teams are moving quickly to deal with growing ad fraud activity on its networks that is tied to so-called clickjacking attacks. Clickjacking refers to the practice in which threat actors modify the appearance of a Web page, or part of a Web page, to trick users into clicking on something different from what they assume they are clicking on. In such attacks, also referred to as user-interface redress attacks, users are presented with a Web page, ad or other content that conceals underlying content that the attacker actually wants the user to click on. Google officials said some publishers, in an attempt to commit ad fraud, have been using the technique to trick users into clicking on ads that they otherwise might not have clicked on. "For example, a user may intend to click on a video play button or menu item, but instead, clicks an invisible ad unit," Andres Ferrate, chief advocate, Ad Traffic Quality, Google, wrote in a blog post this week. Ferrate described the issue as a growing threat to the integrity of its cost-per-click display ads program. It is a problem that first got Google's attention earlier this year when the company's operations teams identified clickjacking activity on its display networks.
"They moved swiftly to terminate accounts, removing entities involved in or attempting to use this technique to trick users," Ferrate said, without offering an indication on the scope of the problem. While the operating team worked to weed out publishers using clickjacking to trick users, Google's engineering team worked to quickly release a tool for automatically filtering out the invalid traffic generated by such attacks on its display ad networks, he said.