Some StatCounter members have recently shared with us their stories about they used StatCounter
to help identify and prevent Click Fraud. You can read about one case here read about one case here.
As a result of this, we decided to put together this guide to Click Fraud and explain how StatCounter can help you too…
First let’s explain Pay Per Click (PPC) advertising…
PPC advertising is offered by many ad networks. With this type of advertising you pay each time your advert is clicked. The cost of PPC advertising can vary considerably from less than 10 cents to over $25 per click.
Advertisers often have a budget per month for PPC advertising.
For example, if you have a budget of $500 per month for PPC advertising and pay $1 per click, this means that in any month, you can pay for a maximum of 500 clicks on your adverts.
If you get 500 clicks on Day 1, then your budget is spent and your site will not receive any more advertising for the remainder of the month.
What is Click Fraud?
Click Fraud occurs when individuals or automated computers click on an advert without having any interest in the product/service advertised. Click Fraud is performed, instead, simply to generate a cost for the advertiser (without any chance of making a sale) and consume the advertiser’s budget.
Who would commit Click Fraud and who benefits?
Here are some examples of the people who might commit Click Fraud:
The Competitor
-
- It’s possible for your competitors to search for and click your adverts in order to use up your advertising budget.
If you have a budget for 500 clicks per month, for example, one of your competitors can “use up” any number of these clicks. Your competitor is hoping that this will mean less business for you and more for him. The end result is that you pay for 500 clicks per month, but only some of these are valid. The earlier case study case study we mentioned is a prime example of this kind of Click Fraud.
The Publisher
When you sign up with an advertising network, your adverts may be shown on numerous different websites. These websites are known as “publishers” as they “publish” adverts. These publisher websites are often paid more if they can secure more clicks on the adverts they display. This can entice some publishers to (dishonestly) click on the adverts they display on their sites or even employ third parties to click the ads on their behalf. They do this in order to boost the advertising revenue that they, the publishers, earn. The end result is that you are paying for adverts that are NOT going to bring you any sales – instead your hard earned cash is being fraudulently obtained by the publisher.
Disgruntled Employee
Unfortunately, some people who find themselves dissatisfied with their job/working conditions/salary look for ways to “get back” at their employer. One way they can do this is to continuously search for and click your adverts in order to use up your advertising budget. The end result of this is that you are again paying for advertising that can never bring you any sales. You may be paying for 500 clicks per month in the hopes of reaching 500 potential customers… but, taking out the fraudulent clicks, you may only be making contact with a much smaller number of potential clients.
Click Fraud – what YOU can do about it
If you use PPC advertising, it is vital that you monitor the visitors to your website and watch for indicators of suspicious click activity. Otherwise, you may be spending your hard earned cash on advertising that won’t be of any benefit to your business.
The first step in trying to identify Click Fraud is to understand the usual stats that you can expect from your visitors. Get to know the normal level of activity on your site by frequently reviewing your StatCounter stats and watching for patterns and trends. When you know what to expect in general from your stats, it becomes much easier to identify any unusual activity.
Here are some important points to watch if you are worried about Click Fraud, together with examples of how you can use your StatCounter stats to protect yourself from this cybercrime.
-
- Repeat Visits from Same IP Address
This is the FIRST thing to look for if you are trying to identify Click Fraud. Repeated visits from the same IP could be legitimate e.g. several visits from different people in the one organization… but they could also be indicative of suspicious activity e.g. a competitor repeatedly clicking your adverts.Use the Recent Visitor Activity information from your StatCounter stats to identify repeated instances of the same IP hitting your site.
When you review your Recent Visitor Activity, keep the following points in mind.
(1) Look at the Number of Entries for each visitor. This tells you the number of times that this IP appears in your detailed log file. If one visitor regularly takes up an unusually large portion of the slots in your log file, then this may be an indication of suspicious activity.
(2) Look at the number of Returning Visits. An unusually high number of returning visits may indicate suspicious clicks on your site.
(3) Look at the information about the IP Address of your visitors. Depending on their computer/internet set-up, you may be able to identify what corporation or organization your visitors are from. Repeated visits from a competitor may signify Click Fraud.
(4) Use the StatCounter Label IP Address function to label any IP addresses about which you become suspicious. This will help you to keep track of future activity from this same visitor on your site.
- Repeat Visits from Same IP Address
-
- Time Spent on Site
Looking at the time visitors spend on your site can also help you
identify instances of Click Fraud. For example, automated bots designed to commit Click Fraud will generally only spend a very short time on your site. If you establish how long the average visitor spends on your site, then you can identify and monitor suspiciously short visits. Use your StatCounter Visit Length stat to track the time visitors spend on your site.
- Time Spent on Site
- Country Breakdown
As we mentioned earlier, some unscrupulous publishers have outsourced the task of committing Click Fraud
to fraudulently increase their profits at your expense. Many of these third party Click Fraud operations are located in countries such as India, Ghana, Morocco, Nigeria, Romania and Russia. If you get an unexpected number of clicks from any of these countries, this could mean that you are a victim of Click Fraud. Use the StatCounter Recent Visitor Map to identify the geographical breakdown of your visitors.
Click Fraud – The Conclusions
No-one is immune to Click Fraud and, although the advertising networks can and do screen out some instances of this practice, they do not catch all illegal activity. It’s up to all of us who pay for PPC advertising to make sure that we don’t fall victim to this crime.
The methods employed to commit Click Fraud are becoming ever more sophisticated and it probably isn’t even possible to identify all instances of this activity, but using the suggestions in this article you should be able to better protect yourself from this fraudulent practice.
Please feel free to share any other ideas about how to detect and prevent Click Fraud in the comments section below!
UPDATE: How NOT to be a Victim of Click Fraud
Further to some questions posted in the comments below, we want to emphasize that it’s almost impossible to stop people fraudulently clicking your adverts… but it IS possible to minimize your financial loss because of this activity. See the case study we mention in the first paragraph of the article.
You only become a VICTIM of Click Fraud IF it ends up costing you money. If you can identify it and report it to your ad network you can claim a refund. This means that you don’t lose any cash because of this deceitful practice.
Also, if you can identify that a competitor is committing Click Fraud, then make direct contact with them. The possibility of legal action is usually enough to prevent them from engaging in Click Fraud at your expense in the future.
I have already used this system to identify odd visit ratios on clients sites but not only to help identify suspicious activity but also to help clients gain sales leads!
A year or so a client gaine d massive order from a hotel chain after noting they had looked at his products a number of times. A call to that chain resulted in an order!
With regards to click fraud or unwated visits do also remember that most servers allow you to block an ip address or specific IP range!
Thanks for the information. Very informative blog post. Fighting Click Fraud, seems like a near hopeless cause, and the most likely recoursesfor the advertiser is to cut the budget spreading the ad dollars over a longer time period. The advertiser may find alternative offline forms of advertisement or get more involved with sponsorship of other websites, where click through activity will not be used. Thanks again.
I found the article really interesting, probably more so to people who have not experienced click fraud before or who are just starting out. I developed my site from a hobby to quite a busy business today and to the point where we started using our own PPC and inevitably discovered click fraud – without Statcounter we wouldnt have been alerted so quickly. In our case the perpetrator was identified and Google informed which resulted in them being banned from using their network. Statcounter has been invaluable, especially when we were able to locate a nuisance hacker through his IP address – thanks Statcounter for doing a great job!
YourNextGift.com
Make PPC useless..
One question, can google penalize adsense publisher since 1 IP click on the same page/website?
Completely agree!!
In the beginning I don’t have any idea why 2 countries always visiting my site.
And finnaly, ban their IP.
Thanks SC..
And now statcounter, you have actual spam (the b2cshoessale guy) commenting on this post. More proof that as I said your market audience here may involve quite a few people who might discover click fraud as a means to destroy their competition’s profits and drive them out.
With the comments above as proof, and most black-hatters do not bother to comment so keep in mind, if anything commenters are generally white-hat, we can safely say this article is explaining a hard-to-stop black-hat method to many black-hatters, and then explaining WHY it’s beneficial, and even posits the outsourcing possibility. Isn’t it best NOT to mention that to this crowd?
Good intentions, sure, but those pave the way to hell (on earth).
I used click counter to find out something similar I had people clicking my adsense ads like cray. I found out all the fraud was coming form India andblock that country, thus saving my Adsense account form getting closed due to click fraud . So it can happen in a number of ways people trying ot get you kicked out of adsense and people wasting your budget!
I’m using statcounter stats to exclude domains from my Yahoo Search Marketing campaigns
I have noticed that there’s a certain patter of domain ( say xxxlosangeles.com, xxxnewyork.com, xxxtucson.com xxxseattle.com, xxxboise.com etc) that were sending clicks to my ads, and none of them converted into a sale/lead…after some clicks I contact YSM about it and they cound’t do anything about it, so I am manually excluding any domain that has such pattern from the allowed domains in my YSM account
yes, I’m using my statcounter came from page for that 😉
Fed
http://www.tutorialstream.com
Great article and very informative. When I used PPC I was always suspicious of people clicking unnecessarily. I can’t say I had much luck with it so have knocked it on the head now, but this type of fraud must be a real headache for those paying high CPC such as loan companies etc…
Joe
http://www.thefootballcode.com
good post, though I didn’t use the PPC. – -‘
It’s still a good post, maybe it will be great when I start ppc in the future.
And to make the leap for you just in case, people who are all about making a quick buck at the cost of a little integrity (such as whoring their names on comments out), would not be very adverse to click fraud I might think.
Yes, I did notice. You can still link to your site, and seeing as how it is nofollow there is no need for anchor text. Changing your name to spam your product on comment threads is an obvious breach of ethics whether you want to admit it or not.
If you don’t see something wrong with all the comments on blogs having “names” like “free web hosting” and “Get Your Ex Back NOW” etc. etc. then you don’t understand what comments are meant to do.
They’re meant to allow REAL people to comment, not to spam their products.
What set me off on this was “Shop PlayStation 3” who said
“PS. Don’t place your spam urls in StatCounter Comments – read more about nofollow tag)” Yet he himself for some reason put a spam-name instead of a real name.
Anywho, it’s a free world, statcounter is free to leave their comments full of people who might have names like “Get free money here” “buy my crap”, etc. etc. It’s spam all the same.
I wasn’t criticizing THAT part so much as how Statcounter was pointing out click fraud TO THAT GROUP OF PEOPLE who obviously would rather make a buck with a spammy names rather than contribute to a professional and courteous environment.
that was in regards to …
“Oh, and if you didn’t notice, many of the replying people’s “names” to this post are:
“Business Directory”, “free web hosting”, “online calling cards” “get your ex back now”, “CasinoMan” (one willing to delve into a widely considered immoral & illegal practice) etc. etc. So the vast majority are willing to spam their names for a buck… heck your first commenter was “Shop Playstation 3″
With an audience like that, don’t you think it’d do more harm than help to mention the benefits of click frauding?”
<>
Um, you did notice the form below requests website addresses, right?
I had pay per click in yahoo travel and I had my budget spent in two days with clicks from India.
I don’t believe in pay per click, the idea I have is that 80% of the clicks are a lost of money. The other 20%, 1% gives real clients…..
Oh, and if you didn’t notice, many of the replying people’s “names” to this post are:
“Business Directory”, “free web hosting”, “online calling cards” “get your ex back now”, “CasinoMan” (one willing to delve into a widely considered immoral & illegal practice) etc. etc. So the vast majority are willing to spam their names for a buck… heck your first commenter was “Shop Playstation 3”
With an audience like that, don’t you think it’d do more harm than help to mention the benefits of click frauding?
An extremely interesting article. Thanks for sharing this with us.
I only hope that one day Statcounter (or other) will invent a means to block visits from unscrupulous visitors. This could be done by blocking particular IP addresses.
For example, If a person (or entity) visits your website with a known rogue IP address, you could set up a script that flags up a dialog box saying something like “Bugger Off!” 🙂 I’m a dreamer, I know…!
The sad truth is most click fraud is 100% undetectable. It doesn’t JUST hurt the person paying for the ads, it often hurts those whose sites the ads are on, as they get banned from adsense quite often.
If someone with a vendetta is out against your site, there really is no hope, as they can anonymize and proxify their connection to your site. So the main lesson is, don’t earn yourself a vicious opponent if you use a PPC business model.
Or just don’t use a PPC model. I’ve found general affiliate programs that monetize better on the low-payout PPC sites, and for the high-payout PPC sites, there are some high-paying aff programs correspondingly usually. Only a few exceptions exist (such as for local doctors, or other high-paying PPC ads that don’t have an aff program). Usually pay-per-sale programs will be more generous anyways. I’ve found that I made more money from aff sales from many affs were making in their entire company’s profit margin.
Oh, and I gotta say, pointing these things out actually HURTS us more than helps. Most true click frauders spoof their IP and there is nothing you can do to detect it. For those that are detectable, anyone NOT detecting it, is probably so lazy this article will not change their behavior.
On the other hand, you have successfully pointed out to thousands of people who may not have known it, how they can run their competitors out of business. Congratulations.
Some subjects are really better left discussed only in small-specialty white-hat forums where black-hatters are not welcome. Not on mainstream blogs. I understand your intentions, but good as they are, I can only see bad results from discussing this in an open way and EXPLAINING how they can run their competitors out of business.
well, i believe Google makes a good effort to avoid click fraud. each ad has an ID or unique number. let say you search for something in Google; all paid ads shown will have this unique key, only for you based on the ip ur browsing from. you click an ad.
again, you search for the same keyword, you will get ads having the same ID that you got in ur previous search operation, since u are browsing from the same location. you also click the same ad that u’ve clicked in the previous search.
The second click wont be counted, since it came from the same ip, in a specific time frame.
However, malicious ppl still play around it by spoofing ip and other bad practices.
Fred,
Thanks Mookie – i neglected to mention that I also employ a similar technique on my conversion pages so I can track the PPC clicks out to the merchants I deal with. I use a seperate project for that also.
Cheers
Ian