UPDATED
Click Guardian has warned that click fraud is having a serious impact on advertising budgets. It has previously claimed that $16.7 billion was lost to click fraud in 2017. It has now published new figures showing the most likely victims of click fraud and the average cost per click.
According to Roy Dovaston, managing director at click fraud prevention service Click Guardian: “It’s a jungle out there and with cut-throat competition comes some pretty sharp tactics. Click fraud is the weapon of choice for underhand firms because it’s free, it’s quick, it’s effective and click bandits can do it at arm’s length.
“It’s incredible how much advertising spend click fraudsters can eat through, and the more mainstream the search terms, the quicker a marketing budget can be sent down the drain. It’s possible to kill off ad campaigns before they’ve even really begun. The real concern is how much this is costing businesses, and especially those that can ill-afford to see a marketing budget squandered in the first place. It’s crucial businesses use real-time prevention systems that can track and block imposters so real customers get to see your paid ads.”
What is click fraud?
Wikipedia defines click fraud as: “a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising. In this type of advertising, the owners of websites that post the ads are paid an amount of money determined by how many visitors to the sites click on the ads.
“Fraud occurs when a person, automated script or computer program imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad’s link. Click fraud is the subject of some controversy and increasing litigation due to the advertising networks being a key beneficiary of the fraud.”
The use of botnets by unscrupulous website owners is not unknown. This warning, however, is more about click fraud from competitors. Interestingly, the companies at risk are not necessarily those that most people would think about. The research shows that 40% of clicks on ads by Locksmiths are likely to be fraudulent and often from their competition. Cleaning companies (25%) come a distant second. Joint third is occupied by investments and security (16%).
The cost per click also varies. Investment companies pay up to £7.50 per click with Locksmiths, Pest Control and Wrong Fuel companies paying £7.
Click Guardian concludes that the loses to smaller businesses could be over £400 per month. For larger organisations such as financial services, it could amount to over £29,000 per year. These are very small numbers given the previous claim of £16.7 billion wasted in 2017.
What does this mean?
Click fraud is easy to conduct and is one of the reasons why a lot of companies are wary of online advertising. The low cost and easy access to botnets has allowed unscrupulous websites to generate clicks. They are also using click malware to generate fake clicks to earn advertising revenue.
What is different about this case is that the click fraud is being committed by competitors. The goal is to eat up the advertising budget with little effective return. However, how likely is it that a company will have a member of staff look for competitors ads and click on them? We emailed Click Guardian asking how they adjudged a click to come from a competitor and therefore be fraudulent. They have so far declined to respond. If we get a response, we will update this piece.
UPDATE:
After going to press we received a response from Click Guardian via their PR agency. It said:
“In this piece we identify malicious clicks – either by a competitor themselves or a bot hired by the rival – as a certain number of clicks from the same source IP address. We set defaults so that the visitor would have to click through for a fourth time within 24 hours to produce an IP block – and therefore in this research identify as a rival – but ultimately every company is different. They set the sensitivity according to their business and what they’re comfortable with. We do have other algorithms running in the background such as time on site, device type, screen size etc to ensure it’s the same person clicking through, but ultimately they’re not under any control by the client of our system.”
This responses raises further questions. For example, most small businesses will be using dynamic IP addresses. Simply tracing the IP address back is no guarantee of where it came from. Quite why several clicks from a shared IP address could be determined to be a rival is also questionable. There is no evidence that the service resolves the IP address to a company name.
There is also the question of how to persuade customers to set a valid level of sensitivity. An email pushed around a company about an advert might lead several people to legitimately view the advert and click on it. A poorly set sensitivity level would lead to blocks that could lose a company money. This might be overcome by the other algorithms that Click Guardian employs. However, the amount of time and knowledge this assumes on behalf of a small business seems disproportionate to their likely IT security skills level.
