Spyware & Click Fraud

Depending on whether you believe Google or the fake click detection companies click fraud is big business. Detecting it is impossible for small advertisiers and it’s now being made even harder for even larger companies thanks to a new scam involving spyware.

Traditionally fake clicks were very costly to the merchant because the traffic wasn’t real and therefore didn’t convert. The new spyware scam infects a persons PC and when they are about to visit a popular ecommerce site the system triggers a fake click and sends the user though the tracking link to the site where they carry on and make a purchase. Clever stuff.

Below are the details via Ben Edelman who uncovered the system.

I’ve repeatedly reported improper placements of Google ads. In most of my write-ups, the impropriety occurs in ad placement — Google PPC ads shown in spyware popups), in typosquatting sites, or in improperly-installed and/or deceptive toolbars. This article is different: Here, the impropriety includes a fake click — click fraud — charging an advertiser for a PPC click, when in fact the user never actually clicked.

But this is no ordinary click fraud. Here, spyware on a user’s PC monitors the user’s browsing to determine the user’s likely purchase intent. Then the spyware fakes a click on a Google PPC ad promoting the exact merchant the user was already visiting. If the user proceeds to make a purchase — reasonably likely for a user already intentionally requesting the merchant’s site — the merchant will naturally credit Google for the sale. Furthermore, a standard ad optimization strategy will lead the merchant to increase its Google PPC bid for this keyword on the reasonable (albeit mistaken) view that Google is successfully finding new customers. But in fact Google and its partners are merely taking credit for customers the merchant had already reached by other methods.

BY Patrick Altoft AT 10:26am ON Wednesday, 13 January 2010

Patrick Altoft is Director of Search at Branded3 and has worked in the SEO industry for over 10 years. With experience across some of the worlds largest brands as well as startup businesses Patrick is well known in the industry and speaks regularly at the major SEO conferences and events. Follow Patrick on Twitter or Google+

Comments

http://www.seotra.com Rifki

An interesting article.
This just shows how sophisticated the fraudsters methods have now become, and how vulnerable we all are. Google should act quickly to deal with this, and assure users of PPC that they will not suffer from this kind of fraud.
http://yoast.com/ Joost de Valk

Patrick, where’s the money in this? Who’s making it and how? :)
http://www.blogstorm.co.uk Patrick Altoft

The guys running the Adsense ads which the fake clicks are clicking on I assume.
http://www.holidayextras.com chirlemann

Hi Patrick,

Really interesting article (I like the blogstorm emails because they are short enough to actually read! in a few minutes).

One thing I am still a little unclear on though is who makes money. The only winner here is Google. That is to say, I have a few adsense campaigns, if i knew that a particular person was likely to book through our business I would be crazy to force them to follow a link using spyware when they would have arrived on a free channel… I would serve them a display ad… or send an email… even a direct mailing response.

I mean unless it is an avertising agency trying to make themselves look good.. or content networks trying to increase clicks (and commission from the ads) I do not see how how the scammer makes money.

Anyway, if you could shed some more light on this aspect that would be much appreciated.

Kind regards

chirlemann
http://www.blogstorm.co.uk Patrick Altoft

The winner is the person whose Adsense account is the one serving the click – they are also the same people who spread the spyware in the first place which fakes the click.
http://www.holidayextras.com chirlemann

Thanks for the reply Patrick.

Yes, my mistake I get it now. I had confused Adsense with Adwords!

Another question that comes to mind, where does the ‘fake click’ come from? Is this generated from within the consumers computer or offsite?

What I am trying to get at is if the click is generated by one IP but the session on the merchants website another this could be a clue to this kind of fraud.?
http://www.crearedesign.co.uk Stephen Webb

This is an interesting development regarding pay per click advertisements, and one that has very serious implications for both Google and the clients paying. The constant evolution of spyware is obviously something that is well documented, with most PC users taking steps to protect their computer and avoid any kind of security issue.

However the fact that this spyware is targeting websites creates a huge problem, in that it just takes a few users who have little or inadequate system protection, and a PPC advert is compromised.

I will be interested to see how Google tackle this issue, and what can be done to prevent something that seems a difficult issue to fix. It will be interesting to see if Google covers this issue publicly, as it will obviously have major implications on those users looking to purchase a PPC campaign if they know the clicks received are not genuine.
http://www.oc-swimwear.co.uk Oli

Very interesting; I’m glad you pointed this out. I’ve long been suspicious of Adwords and other PPC services in terms of the accuracy of their results – this just makes things even more unreliable.
Pingback: Typos may earn Google $500m a year (Jim Giles/New Scientist) « Techno Pond

Spyware & Click Fraud

Comments

Latest from B3Labs

Latest from Blogstorm

Latest from #socialised

Spyware & Click Fraud

Comments

Social

Latest from B3Labs

Latest from Blogstorm

Latest from #socialised

Tags