Catching Click-Fraud Crooks

Taking Measure: Catching Click-Fraud CrooksMore than 14 years have passed since wired magazine launched hotwired, the first ad-supported Web site. One would think 14 years is long enough to establish a media business that is safe for advertisers, transparent, free of deception and devoid of outright fraud. Unfortunately, advertisers and agencies must still constantly look out for many deceptive and fraudulent practices.

Perhaps the most widespread and dangerous is attribution manipulation. We all know the convention of attributing a conversion to the last click or last view before that conversion is a simplistic and weak methodology. Nonetheless, it is current convention, and it at least provides a crude basis for optimization. But when multiple publishers and networks are on a plan, the competition to get attribution credit for conversion becomes intense - as does the incentive for those players to game the system.

The last-view (or view-through) method assumes that an advertising stimulus leads to conversion, tracked by the time-stamp of the ad-server cookie. However, what if something other than a legitimate ad stimulus sets the cookie? Two common manipulations we see are cookies set through chat windows and text links (often below the fold, at that). This practice hurts an advertiser in two ways: First, they pay for conversions that would have happened anyway. Second, they then optimize the plan toward these ineffective placements, so when the real conversion drivers are optimized off the plan, conversions fall overall. Unfortunately, it often takes awhile for conversions to work their way through the view-through time window. And by then, when someone notices the fall-off, the campaign is nearly over. When using view-through attribution, advertisers must set explicit attribution standards for all pubs and networks on the plan, and then audit them. Take nothing for granted - I've seen even the biggest, most credible names in the business play this game.

The next most common abuse is click fraud. It is a problem in search, and remains a danger for any display
advertiser running a cost-per-click campaign, or one in which clicks are the metric of success. While optimizing client campaigns, we've found that "robot clicks" are making a comeback, and that "click farms" have sprung up in places like India and China. While the major ad servers have protective measures to spot click fraud, the bad guys are smart, and have found ways to dodge the safeguards. Your best defense is to look at the granular data in your data transfer logs to find concentrations of clicks within similar ip blocks or ranges. Be suspicious of anything that looks too good to be true.

While not as prevalent as click fraud, impression fraud exists, too. I've found "sites without content" that consist of only pages of ad placements. These pages refresh on a timer, and pull five, 10 or even 20 ad impressions on the page. Unfortunately, no human being sees them. Be sure your Ts and Cs explicitly prohibit time-based ad rotation, and check log files for high numbers of impressions without clicks attached.

The next big deception is masked, inappropriate content. This problem has exploded with the growing popularity of ad exchanges. Exchanges honor networks, and publishers need to avoid channel conflict by allowing their inventory to be anonymous on the exchange. Unfortunately, this creates an environment where certain content providers who would otherwise struggle to sell their inventory to mainstream advertisers can abuse the system. The seller self-categorizes content, and urls are often masked to conceal their origin. And while the exchanges have put Ts and Cs and safeguards in place, they do not have the wherewithal to police them. Advertisers (and reputable networks) can take a number of steps to limit the problem, but there are no foolproof guarantees. Whenever possible, use named site's lists, post exclusion lists, eliminate sites using I-Frames, and stick to reputable networks and sellers with whom you have a direct relationship when buying on the exchanges.

There are many other deceptions and abuses to be addressed. Please email me your own observations and I will include them in a future column. If enough of you are willing to name names, maybe we can create a blog on the topic.

3 comments about "Catching Click-Fraud Crooks".
Check to receive email when comments are posted.
  1. Joe Fredericks, March 4, 2009 at 10:01 a.m.

    Certainly, click fraud detection is a worthy enterprise. But to suggest that " masked, inappropriate content <snip> has exploded with the growing popularity of ad exchanges" is a gross generalization. Brand safe media can be bought and sold through the exchange model today - albeit some exchanges do it better than others. But, in time, these methods will continue improve for all exchange players. Perhaps with your company's help?

  2. Dave Felipe from, March 4, 2009 at 10:25 a.m.

    Great posting! It's good to see more attention being given to click fraud, an issue we take very seriously here at Especially in this troubled economy, click fraud is robbing online marketers and advertisers of millions in advertising spending with no real checks and balances in place. We're continuing to make click fraud a priority for all parties involved, so thank you for your work!

    Dave Felipe
    Director of Communications
    <a href=""></a>

  3. Tim Daly, April 23, 2009 at 2:10 p.m.

    Great article John. I would add one more serious concern to attribution...banner re-targeting. Currently, ad networks are increasing their focus on site re-targeting with rules to set a 30-day cookie at Advertiser's direction. As the ad networks continue to serve ads, they are overwriting the cookie and resetting the 30-day time frame. This essentially leads to a perpetual cookie that gains attribution to the sales despite a potential lack of contribution. The cookie bombing actions you share are the illegitimate tactics, but we are now seeing numerous companies applying legitimate practices of continuous banner serving on low CPM website with the intention of just resetting the cookie.

Next story loading loading..