What is this click fraud that is costing Google billions?

Google has methods of detecting click fraud, and it doesn't charge advertisers for clicks it finds to be fraudulent. Find out how click fraud works and view more popular Web site pictures.
HowStuffWorks.com Screenshot

In February 2007, Google revealed its current click-fraud estimates for its advertising program. In recent years, Google has faced criticism and several lawsuits related to its response to click fraud, which is basically a click on an ad that is not the result of any genuine interest in what that ad is offering. Other search engines and Web-marketing companies have the same problem, but Google's prominence in the industry makes it a much larger target for scrutiny. Ninety-nine percent of Google's revenue comes from advertising, and undetected click fraud results in increased ad revenue (at least in the short run -- read on).

Click fraud is one of those seemingly incongruous concepts that sometimes arises with new uses of an existing technology. In this case, we're talking about the expansion of Web advertising, where a click means money, into the realm of search-engine technology, where a click means a click. In the case of Google's search-based advertising, the ads we're talking about here are essentially of two types: the ones that show up on the right side of your Google search results, and the ones you see on the search-results page of countless other Web sites that host Google ads. When you click on any of those ads, Google charges the advertiser a pre-set, per-click fee.

Advertisement

So, when is a click not a click? It can be someone sitting at a computer and mindlessly clicking over and over on a single Google ad, or it can be a computer program or virus doing the same thing. Click fraud, at its most basic, is about the intent of the click. Here's where the concept of click fraud gets hazy. How do you figure out the intent of a click so you know if someone is committing click fraud? And, why would someone do that?

The second question is easier to answer: It's either a case of the same anti-social idiocy that drives virus writers, or it's about money. It's usually about money. See the next page to learn more.

 

 

Search-based Internet marketing is a huge business. It makes search engines money; it makes Web sites hosting search-engine ad results money; and it makes advertisers money when someone finds them through a search. But it's not the old "Put my banner ad here" type of advertising -- it's a web of multi-step transactions. So to understand why click fraud is such a big problem -- it reportedly costs Google about $1 billion in lost revenue annually, and it can run a small-time advertiser out of business -- it's helpful to have a basic understanding of how this type of advertising works.

First, when an ad shows up with Google search results, it's because that advertiser has purchased the word or phrase you typed into the search box. So if you're looking for, say, a new computer, and you type "computer" into Google's search field, the ads that appear at the top and to the right of your search results are paying to be associated with the keyword "computer."

The location and order of the ads is constantly changing. It has to do with a ranking system that uses, among other methods, a comparison between the number of ad impressions (how many times people see an ad) and the number of clicks on that ad to establish its relevance. This is called an ad's click-thru rate (CTR).

If you click on one of those company's ads, Google charges that company for the click. It's a cost-per-click (CPC) system, and some clicks cost more than others. Different keywords sell for different amounts based on their value. "Computer," for instance, is probably a high-value keyword. Lots of people are searching for it, and people who click on an ad associated with "computer" are probably considering a high-cost purchase. A "computer" advertiser could be paying Google, say, $40 per click, whereas a company that purchases the keyword "llama" might only pay 5 cents per click.

That's the basic setup. Things get a little bit more complicated when second-tier publishers enter the picture. The publisher of the ad is the actual Web site where the ad is showing up. Sometimes Google is the publisher; sometimes it's not. HowStuffWorks is a second-tier publisher. When you perform a search using the HowStuffWorks search engine, along with your HowStuffWorks results you also get a few "Sponsored Results" supplied by Google.

The Sponsored Results at the top of the page are provided by Google. All of those advertisers have purchased the keyword "computer."

Google, its advertisers and its second-tier (or even third-tier) publishers make up Google's advertising network. If someone clicks on a Google-provided ad that shows up in the HowStuffWorks search results for "computer," Google pays HowStuffWorks for that click, and the advertiser pays Google for that click.

You may be starting to get an idea of why a person or a company would commit click fraud. Network click fraud is the most common type. When a company commits network click fraud, the idea is to fraudulently increase the money it makes as part of Google's ad network. If a partner publisher were to generate false clicks on an ad, it would get paid a lot more money by Google than if it relied solely on clicks by people actually interested in that ad. And while it may seem like Google would profit from this type of click fraud, too, because the advertiser would be paying Google for each of those fraudulent clicks, the overall results are actually bad for Google. Click fraud degrades the quality of its advertising network. The value of a network ultimately lies not only in its ability to generate ad views and clicks, but also in its ability to generate productive clicks. The more clicks that don't result in a sale or even an inquiry, the lower the quality of the network and the less Google can charge for its keywords. Google has filed at least one lawsuit against a partner publisher for alleged network click fraud.

The other main type of click fraud is more malicious. Competitor click fraud targets a specific company's ads, generating false clicks in order to run up that company's Google marketing bill. The idea is to deplete a competing company's marketing budget. If we go back to our theoretical cost-per-click of $40, just 30 fraudulent clicks in one month -- a single click a day -- adds up to $1,200 flushed down the toilet. None of those clicks even had the potential to result in a sale. For a small business with a limited marketing budget, $1,200 a month in click fraud could mean the end of its advertising ability or the end of the business entirely. If the scheme succeeds, the competing business wins the market by click fraud.

But Google has methods of detecting click fraud, and it doesn't charge advertisers for clicks it finds to be fraudulent. Google reports that it uses a three-step system to detect and neutralize click fraud: First, a set of automated filters looks at each click as it happens, checking for signs of fraud such as time and date patterns and IP address problems; next, a similar analysis happens offline, with both computers and actual people analyzing clicks to make sure they appear to be legitimate; and finally, if an advertiser reports suspected click fraud, Google investigates. According to Google's ad contract, if it finds the complaint to be legitimate, it reimburses the company for the bad clicks.

So how do you know if you're the victim of click fraud? Sometimes it's obvious -- like a Google advertising bill that suddenly goes from $200 a month to $5,000 a month. But other times, it's more subtle. There are actually companies out there dedicated to detecting click fraud. A company can hire one to track all of its ad clicks and look for fraud. In one case in Oregon in 2004, Scott Hendison, who owned a Web-based insurance-consulting firm, suspected he was the victim of click fraud. He investigated on his own and saw that a huge number of his ad clicks were coming from a single IP address. Hendison hired one of these companies to put an end to the abuse, which was costing him hundreds of dollars a month. The company confirmed the suspect IP address, provided data on who was doing the clicking, and set up Hendison's ad so that the next time the person with the offending IP address clicked on it, a Hendison-composed message popped up. It said, "Stop, you weasel! I know who you are and have reported you to the proper authorities." One click later, the problem was solved.

Hendison reported the issue to Google, and he says he was only reimbursed for 50 percent of the fraudulent clicks. The biggest click-fraud complaints against Google are that the company isn't properly reimbursing advertisers and it's not doing enough to identify bad clicks in the first place. A lawsuit in 2005 also accused Google of hiding its click-fraud numbers from the public -- thus, perhaps, the increasing attempts at transparency. In a February 28 entry in its AdWords blog, the company reported that less than 10 percent of its advertising clicks were fraudulent, and that its detection system had caught almost all of them before advertisers were charged. Google claims that only 0.02 percent of its system-validated ad clicks turn out to be fraudulent. It's the combination of reimbursing advertisers for that 0.02 percent and tossing out the nearly 10 percent of identified bad clicks that costs the company that reported $1 billion a year.

For more information on click fraud and related topics, check out the following links:

Sources

  • Claburn, Thomas. "Google Reports Minuscule Click Fraud Rate." Information Week. Mar. 1, 2007. http://www.informationweek.com/news/showArticle. jhtml?articleID=197700474
  • Dignan, Larry. "Google: Click fraud costs us $1 billion a year." ZDNet. Mar. 1, 2007. http://blogs.zdnet.com/BTL/?p=4577
  • Lee, Kevin. "Click Fraud: What It Is, How to Fight It." ClickZ Experts. Feb. 18, 2005. http://www.clickz.com/showPage.html?page=3483981
  • McGann, Rob. "Eight Months of Click Fraud in Oregon." ClickZ News. Dec. 13, 2004. http://www.clickz.com/showPage.html?page=3446801
  • McGann, Rob. "Google and Overture Define Click Fraud." ClickZ News. Dec. 30, 2004. http://www.clickz.com/showPage.html?page=3453201
  • Miller, Jason Lee. "Google Sued For Click Fraud." WebProNews. Jun. 30, 2005. http://www.webpronews.com/insiderreports/2005/06/30/ google-sued-for-click-fraud
  • Schneier, Bruce. "Google's Click-Fraud Crackdown." Wired News. Jul. 13, 2006. http://www.wired.com/news/columns/0,71370-0.html

Advertisement

Search-based Internet Marketing

The location and order of the ads is constantly changing. It has to do with a ranking system that uses, among other methods, a comparison between the number of ad impressions (how many times people see an ad) and the number of clicks on that ad to establish its relevance. This is called an ad's click-thru rate (CTR).

Search-based Internet marketing is a huge business. It makes search engines money; it makes Web sites hosting search-engine ad results money; and it makes advertisers money when someone finds them through a search. But it's not the old "Put my banner ad here" type of advertising -- it's a web of multi-step transactions. So to understand why click fraud is such a big problem -- it reportedly costs Google about $1 billion in lost revenue annually, and it can run a small-time advertiser out of business -- it's helpful to have a basic understanding of how this type of advertising works.

First, when an ad shows up with Google search results, it's because that advertiser has purchased the word or phrase you typed into the search box. So if you're looking for, say, a new computer, and you type "computer" into Google's search field, the ads that appear at the top and to the right of your search results are paying to be associated with the keyword "computer."

Advertisement

If you click on one of those company's ads, Google charges that company for the click. It's a cost-per-click (CPC) system, and some clicks cost more than others. Different keywords sell for different amounts based on their value. "Computer," for instance, is probably a high-value keyword. Lots of people are searching for it, and people who click on an ad associated with "computer" are probably considering a high-cost purchase. A "computer" advertiser could be paying Google, say, $40 per click, whereas a company that purchases the keyword "llama" might only pay 5 cents per click.

That's the basic setup. Things get a little bit more complicated when second-tier publishers enter the picture. The publisher of the ad is the actual Web site where the ad is showing up. Sometimes Google is the publisher; sometimes it's not. HowStuffWorks is a second-tier publisher. When you perform a search using the HowStuffWorks search engine, along with your HowStuffWorks results you also get a few "Sponsored Results" supplied by Google.

Google, its advertisers and its second-tier (or even third-tier) publishers make up Google's advertising network. If someone clicks on a Google-provided ad that shows up in the HowStuffWorks search results for "computer," Google pays HowStuffWorks for that click, and the advertiser pays Google for that click. Next, learn about the different types of click fraud.

Advertisement

Types of Click Fraud

You may be starting to get an idea of why a person or a company would commit click fraud. Network click fraud is the most common type. When a company commits network click fraud, the idea is to fraudulently increase the money it makes as part of Google's ad network. If a partner publisher were to generate false clicks on an ad, it would get paid a lot more money by Google than if it relied solely on clicks by people actually interested in that ad. And while it may seem like Google would profit from this type of click fraud, too, because the advertiser would be paying Google for each of those fraudulent clicks, the overall results are actually bad for Google. Click fraud degrades the quality of its advertising network. The value of a network ultimately lies not only in its ability to generate ad views and clicks, but also in its ability to generate productive clicks. The more clicks that don't result in a sale or even an inquiry, the lower the quality of the network and the less Google can charge for its keywords. Google has filed at least one lawsuit against a partner publisher for alleged network click fraud.

The other main type of click fraud is more malicious. Competitor click fraud targets a specific company's ads, generating false clicks in order to run up that company's Google marketing bill. The idea is to deplete a competing company's marketing budget. If we go back to our theoretical cost-per-click of $40, just 30 fraudulent clicks in one month -- a single click a day -- adds up to $1,200 flushed down the toilet. None of those clicks even had the potential to result in a sale. For a small business with a limited marketing budget, $1,200 a month in click fraud could mean the end of its advertising ability or the end of the business entirely. If the scheme succeeds, the competing business wins the market by click fraud.

Advertisement

So how do you know if you are a victim of click fraud? See the next page to find out.

Detecting Click Fraud

But Google has methods of detecting click fraud, and it doesn't charge advertisers for clicks it finds to be fraudulent. Google reports that it uses a three-step system to detect and neutralize click fraud: First, a set of automated filters looks at each click as it happens, checking for signs of fraud such as time and date patterns and IP address problems; next, a similar analysis happens offline, with both computers and actual people analyzing clicks to make sure they appear to be legitimate; and finally, if an advertiser reports suspected click fraud, Google investigates. According to Google's ad contract, if it finds the complaint to be legitimate, it reimburses the company for the bad clicks.

So how do you know if you're the victim of click fraud? Sometimes it's obvious -- like a Google advertising bill that suddenly goes from $200 a month to $5,000 a month. But other times, it's more subtle. There are actually companies out there dedicated to detecting click fraud. A company can hire one to track all of its ad clicks and look for fraud. In one case in Oregon in 2004, Scott Hendison, who owned a Web-based insurance-consulting firm, suspected he was the victim of click fraud. He investigated on his own and saw that a huge number of his ad clicks were coming from a single IP address. Hendison hired one of these companies to put an end to the abuse, which was costing him hundreds of dollars a month. The company confirmed the suspect IP address, provided data on who was doing the clicking, and set up Hendison's ad so that the next time the person with the offending IP address clicked on it, a Hendison-composed message popped up. It said, "Stop, you weasel! I know who you are and have reported you to the proper authorities." One click later, the problem was solved.

Advertisement

Hendison reported the issue to Google, and he says he was only reimbursed for 50 percent of the fraudulent clicks. The biggest click-fraud complaints against Google are that the company isn't properly reimbursing advertisers and it's not doing enough to identify bad clicks in the first place. A lawsuit in 2005 also accused Google of hiding its click-fraud numbers from the public -- thus, perhaps, the increasing attempts at transparency. In a February 28 entry in its AdWords blog, the company reported that less than 10 percent of its advertising clicks were fraudulent, and that its detection system had caught almost all of them before advertisers were charged. Google claims that only 0.02 percent of its system-validated ad clicks turn out to be fraudulent. It's the combination of reimbursing advertisers for that 0.02 percent and tossing out the nearly 10 percent of identified bad clicks that costs the company that reported $1 billion a year.

For more information on click fraud and related topics, check out the links on the next page.

Advertisement

Frequently Answered Questions

What is click fraud with example?
Click fraud is when a person or automated script clicks on an online ad with the intention of generating a charge for the advertiser. For example, a fraudster may click on an ad multiple times, or click on ads from different devices, in order to generate false clicks and drive up the advertiser's costs.
What is click fraud in cyber security?
Click fraud is a type of cybercrime in which a person creates fake clicks on online advertisements in order to generate income for themselves. This can be done by clicking on the ads themselves, or by using automated software to click on the ads.

Advertisement

Loading...