PPC fraud is a serious crime and comes in many forms. Guest writer Oli Lynch looks at how you can spot them all.
When setting up your PPC campaigns, looking out for fraud might not be the first thing you think of. But, PPC fraud comes in many different guises and is a very real and growing problem.
Of course, the first step to avoid falling victim to any kind of scam or fraud is to understand what it is and how it works.
You might also think that fraud on your PPC ads is something that happens only to the big players out there. In fact, click fraud and ad fraud can affect pretty much any industry that is using PPC to promote their business. And when you consider that paying upwards of $10 per click (or whatever currency you’re using), fraud on your PPC ads can really add up quickly.
What kinds of PPC fraud are there?
Google refers to pretty much any click on your PPC ads that are not genuine as invalid clicks. This broad term covers everything from people accidentally double-clicking on your ads through to full-scale ad fraud.
We’ll explain exactly what these invalid clicks are and what they mean.
When it comes to PPC fraud, pretty much every other practice referenced on this list is a derivative of this. Click fraud, like the term invalid clicks, can apply to a wide variety of fraudulent practices.
So, what exactly is click fraud?
Simply put, it’s the practice of clicking on paid links with the intention of depleting or diverting the marketing budget of the advertiser.
Within this catch-all term, you may have the boss of a company who organises a team of people to click on his competitor’s paid ads. Or, you could also have an app developer who creates a game or utility app which contains malicious code designed to click on ads.
The term click fraud is like the vanilla base flavour, but it can have plenty of added sprinkles and cherries on top to take it from basic to deluxe.
This is click fraud plus, and usually implies a more nefarious intention to steal those advertising funds. How does ad fraud work?
A developer, let’s call them BadDev, creates a series of websites which look similar to other well-known sites. For example, they might create a version of popular news sites, high traffic blogs and other well-known websites, a practice known as spoofing.
These spoofed websites will have names that look familiar, but with a crucial difference. For example:
As a savvy web user and marketer you’ve spotted the discrepancies right away haven’t you? Not everyone would, especially at a glance on a list of URLs where their ad has appeared.
So BadDev has made all these websites which might look the real deal if you visit them, but there’s one crucial difference. They’re stuffed full of display ads, not all of which are visible to the human eye. These ads might include yours.
The fraud is then executed when BadDev sends fake traffic, perhaps bots or click farmers, to click on these display ads (or view for impressions). They then collect the payout for all those clicks and views, even though no human ever saw your ad.
BadDev doesn’t necessarily need to create spoofed sites, they can also just create generic blogs and websites designed to host minimum content but maximum ads. These low-quality sites are easy to set up and cram full of ads – with a whole range of clever ways to squeeze maximum profit out of them.
Click spamming & click injection
Normally associated with mobile apps and websites, this form of click fraud is a little more sophisticated and often hijacks organic traffic.
Our friend BadDev has created an app called Fun Game, which just so happens to have a couple of ads on it. After all, Fun Game is a free app, so users don’t mind a couple of ads.
When a user downloads Fun Game and plays it, BadDev has created a piece of code which clicks away in the background on those ads. So although there is organic activity on the app, with the user playing the game, the fraudster has made it look like there has been genuine interaction on the ads.
This is called click spam as there are lots of clicks made while the app is running, which can seriously distort your analytics. If an app runs in the background, perhaps a battery saver app or something similar, then there can be fake clicks happening constantly.
A more sophisticated version of this is click injection, which happens when a user downloads another app. BadDev has placed a piece of code in Fun Game which detects when the user has gone to download another app and claim this as a referral for them. So, BadDev claims the install and gets a payout even though the install wasn’t done from Fun Game.
The issue with click injection is that it usually happens after lots of spammy clicks, making a mockery of your analytics. Marketers might look at a platform, see lots of clicks and several conversions and assume that they’ve had a successful ad campaign. When in fact the truth is quite the opposite.
Is this a real problem (and how can I spot it)?
In the real world, the chances of falling victim to most forms of crime can be avoided by vigilance. It’s the same online, but the problem is that many people don’t know what to look out for and how to avoid it.
And, like a lot of things, there is a bit of denial involved.
This wouldn’t happen to my small business would it, really?
In fact, there are documented cases where relatively niche, family-owned businesses have been subjected to organised click fraud campaigns. And in reality it’s widely thought that click fraud, on some scale, affects around 90% off all PPC campaigns.
It’s estimated that around 20-25% of all clicks on paid ads are from fraudulent sources. Moreover, PPC fraud is thought to make anything between $30-60 billion every year. Yes, that’s a wide estimate, but the true scale isn’t really known.
So, how can you spot fraud on your PPC ads? Some giveaways are:
- Surges in click volume with low corresponding conversions
- High bounce rates
- Activity from unusual locations
- Multiple clicks from same IP addresses
Often there will be several of these telltale signs together. One on its own might also suggest a poorly optimised PPC campaign, or a bad landing page, so take a critical look at your ads too.
How to prevent PPC fraud
There are methods you can use to minimise your exposure to fraud on your PPC ads. In general, these are also good practice for PPC campaigns anyway, but it’s always good to check.
Using software like Adzooma is an excellent way to automate some of these best-practice methods and can really minimise the time spent optimising your ads.
Running PPC ads 24/7 isn’t for everyone, and restricting the times your ads run can minimise your chances of being visited by some fraudulent parties. Work out your optimal timing and turn off your ads when they are less likely to result in genuine clicks and conversions.
Specific geo locations
In Google Ads (and the other online advertisers), you can target specific areas and exclude others. If you think you’re receiving fraudulent visits from a specific area, you can choose to exclude it. But, bear in mind that things like VPNs can mask their true location, and mobile devices can, of course, go anywhere.
Exclude IP addresses
When analysing your traffic, you might spot an IP address that turns up suspiciously often. You can choose to exclude these IP addresses, but again, the fraudulent party can get around this with VPNs and things like botnets can easily mask and change their IP address.
Use anti-click fraud software
When it comes to preventing click fraud, there is software designed to identify and stop this practice automatically. ClickCease uses algorithms to identify and blacklist bot traffic, makes it easy to spot competitors devices and even helps to identify things like the location of fraudulent traffic and the campaigns most affected. You can try ClickCease for free for 7 days to find out what a difference it can make to your PPC ad campaign.
Whatever your plans for your pay per click ads, we’re pretty sure that handing over a quarter of your marketing budget to fraudsters isn’t part of it. If you’re worried that your PPC ads have been hit by some kind of fraud, take a good look at your analytics and read up on click fraud and ad fraud.