Click fraud
Encyclopedia
Click fraud is a type of Internet crime  that occurs in pay per click
Pay per click
Pay per click is an Internet advertising model used to direct traffic to websites, where advertisers pay the publisher when the ad is clicked. With search engines, advertisers typically bid on keyword phrases relevant to their target market...

 online advertising
Online advertising
Online advertising is a form of promotion that uses the Internet and World Wide Web to deliver marketing messages to attract customers. Examples of online advertising include contextual ads on search engine results pages, banner ads, blogs, Rich Media Ads, Social network advertising, interstitial...

 when a person, automated script or computer program imitates a legitimate user of a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...

 clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link. Click fraud is the subject of some controversy and increasing litigation due to the advertising networks being a key beneficiary of the fraud.

Use of a computer to commit this type of Internet fraud
Internet fraud
Internet fraud refers to the use of Internet services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme....

 is a felony
Felony
A felony is a serious crime in the common law countries. The term originates from English common law where felonies were originally crimes which involved the confiscation of a convicted person's land and goods; other crimes were called misdemeanors...

 in many jurisdictions, for example Penal Code 502 in California
California
California is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...

, USA. There have been arrests relating to click fraud with regard to malicious clicking in order to deplete a competitor's advertising budget.

Pay per click advertising

Pay per click
Pay per click
Pay per click is an Internet advertising model used to direct traffic to websites, where advertisers pay the publisher when the ad is clicked. With search engines, advertisers typically bid on keyword phrases relevant to their target market...

 advertising or, PPC advertising, is an arrangement in which webmasters (operators of Web sites), acting as publishers, display clickable links from advertisers in exchange for a charge per click. As this industry evolved, a number of advertising networks developed, which acted as middlemen between these two groups (publishers and advertisers). Each time a (believed to be) valid Web user clicks on an ad, the advertiser pays the advertising network, who in turn pays the publisher a share of this money. This revenue-sharing system is seen as an incentive for click fraud.

The largest of the advertising networks, Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

's AdWords
AdWords
Google AdWords is Google's main advertising product and main source of revenue. Google's total advertising revenues were USD$28 billion in 2010. AdWords offers pay-per-click advertising, cost-per-thousand advertising, and site-targeted advertising for text, banner, and rich-media ads. The AdWords...

/AdSense
AdSense
Google AdSense which is a program run by Google Inc. allows publishers in the Google Network of content sites to automatically serve text, image, video, and rich media adverts that are targeted to site content and audience. These adverts are administered, sorted, and maintained by Google, and they...

 and Yahoo! Search Marketing
Yahoo! Search Marketing
Yahoo! Search Marketing is a keyword-based "Pay per click" or "Sponsored search" Internet advertising service provided by Yahoo!.Yahoo began offering this service after acquiring Overture Services, Inc....

, act in a dual role, since they are also publishers themselves (on their search engines). According to critics, this complex relationship may create a conflict of interest. For instance, Google loses money to undetected click fraud when it pays out to the publisher, but it makes more money when it collects fees from the advertiser. Because of the spread between what Google collects and what Google pays out, click fraud directly and invisibly profits Google.

Non-contracting parties

A secondary source of click fraud is non-contracting parties, who are not part of any pay-per-click agreement. This type of fraud is even harder to police, because perpetrators generally cannot be sued for breach of contract or charged criminally with fraud. Examples of non-contracting parties are:
  • Competitors of advertisers: These parties may wish to harm a competitor who advertises in the same market by clicking on their ads. The perpetrators do not profit directly but force the advertiser to pay for irrelevant clicks, thus weakening or eliminating a source of competition.
  • Competitors of publishers: These persons may wish to frame a publisher. It is made to look as if the publisher is clicking on its own ads. The advertising network may then terminate the relationship. Many publishers rely exclusively on revenue from advertising and could be put out of business by such an attack.
  • Other malicious intent: As with vandalism
    Vandalism
    Vandalism is the behaviour attributed originally to the Vandals, by the Romans, in respect of culture: ruthless destruction or spoiling of anything beautiful or venerable...

    , there is an array of motives for wishing to cause harm to either an advertiser or a publisher, even by people who have nothing to gain financially. Motives include political and personal vendettas. These cases are often the hardest to deal with, since it is difficult to track down the culprit, and if found, there is little legal action that can be taken against them.
  • Friends of the publisher: Sometimes upon learning a publisher profits from ads being clicked, a supporter of the publisher (like a fan, family member, political party supporter, charity patron or personal friend) will click on the ads to help. This can be considered patronage. However, this can backfire when the publisher (not the friend) is accused of click fraud.


Advertising networks may try to stop fraud by all parties but often do not know which clicks are legitimate. Unlike fraud committed by the publisher, it is difficult to know who should pay when past click fraud is found. Publishers resent having to pay refunds for something that is not their fault. However, advertisers are adamant that they should not have to pay for phony clicks.

Organization

Click fraud can be as simple as one person starting a small Web site, becoming a publisher of ads, and clicking on those ads to generate revenue. Often the number of clicks and their value is so small that the fraud goes undetected. Publishers may claim that small amounts of such clicking is an accident, which is often the case.

Much larger-scale fraud also occurs. Those engaged in large-scale fraud will often run scripts which simulate a human clicking on ads in Web pages.
However, huge numbers of clicks appearing to come from just one, or a small number of computers, or a single geographic area, look highly suspicious to the advertising network and advertisers.
Clicks coming from a computer known to be that of a publisher also look suspicious to those watching for click fraud. A person attempting large-scale fraud, alone in their home, stands a good chance of being caught.

One type of fraud that circumvents detection based on IP patterns uses existing user traffic, turning this into clicks or impressions Such an attack can be camouflaged from users by using 0-size iframe
IFrame
iFrame can be:* I-frames, in video compression; see video compression picture types* iFrame * The HTML iframe element....

s to display advertisements that are programmatically retrieved using JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....

. It could also be camouflaged from advertisers and portals by ensuring that so-called "reverse spiders
Web crawler
A Web crawler is a computer program that browses the World Wide Web in a methodical, automated manner or in an orderly fashion. Other terms for Web crawlers are ants, automatic indexers, bots, Web spiders, Web robots, or—especially in the FOAF community—Web scutters.This process is called Web...

" are presented with a legitimate page, while human visitors are presented with a page that commits click fraud. The use of 0-size iframes and other techniques involving human visitors may also be combined with the use of incentivized traffic, where members of "Paid to Read" sites are paid small amounts of money (often a fraction of a cent) to visit a website and/or click on keywords and search results, sometimes hundreds or thousands of times every day Some owners of PTR sites are members of PPC engines and may send many email ads to users who do search, while sending little ads to those who do not. They do this mainly because the charge per click on search results is often the only source of revenue to the site. This is known as forced searching, a practice that is frowned upon in the Get Paid To industry.

Organized crime
Organized crime
Organized crime or criminal organizations are transnational, national, or local groupings of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for monetary profit. Some criminal organizations, such as terrorist organizations, are...

 can handle this by having many computers with their own Internet connections in different geographic locations. Often, scripts fail to mimic true human behavior, so organized crime networks use Trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

 code to turn the average person's machines into zombie computer
Zombie computer
In computer science, a zombie is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam...

s and use sporadic redirects
URL redirection
URL redirection, also called URL forwarding and the very similar technique domain redirection also called domain forwarding, are techniques on the World Wide Web for making a web page available under many URLs.- Similar domain names :...

 or DNS cache poisoning
DNS cache poisoning
DNS cache poisoning is a security or data integrity compromise in the Domain Name System . The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a...

 to turn the oblivious user's actions into actions generating revenue for the scammer. It can be difficult for advertisers, advertising networks, and authorities to pursue cases against networks of people spread around multiple countries.

Impression fraud is when falsely generated ad impressions affect an advertiser's account. In the case of click-through rate
Click-through rate
Clickthrough rate is a way of measuring the success of an online advertising campaign. The clickthrough rate of an advertisement is defined as the number of clicks on an ad divided by the number of times the ad is shown , expressed as a percentage. For example, if a banner ad is delivered 100...

 based auction models, the advertiser may be penalized for having an unacceptably low click-through for a given keyword
Keyword (Internet search)
An index term, subject term, subject heading, or descriptor, in information retrieval, is a term that captures the essence of the topic of a document. Index terms make up a controlled vocabulary for use in bibliographic records. They are an integral part of bibliographic control, which is the...

. This involves making numerous searches for a keyword without clicking of the ad. Such ads are disabled automatically, enabling a competitor's lower-bid ad for the same keyword to continue, while several high bidders (on the first page of the search results) have been eliminated.

Class action lawsuits

  • Disputes over the issue have resulted in a number of lawsuit
    Lawsuit
    A lawsuit or "suit in law" is a civil action brought in a court of law in which a plaintiff, a party who claims to have incurred loss as a result of a defendant's actions, demands a legal or equitable remedy. The defendant is required to respond to the plaintiff's complaint...

    s. In one case, Google (acting as both an advertiser and advertising network) won a lawsuit against a Texas company called Auction Experts (acting as a publisher), which Google accused of paying people to click on ads that appeared on Auction Experts' site, costing advertisers $50,000. Despite networks' efforts to stop it, publishers are suspicious of the motives of the advertising networks, because the advertising network receives money for each click, even if it is fraudulent.

  • In July 2005, Yahoo settled a class-action lawsuit against it by plaintiffs alleging it did not do enough to prevent click fraud. Yahoo paid $4.5 million in legal bills for the plaintiffs and agreed to settle advertiser claims dating back to 2004 In July 2006, Google settled a similar suit for $90 million.

  • On March 8, 2006, Google agreed to a $90 million-settlement fund in the class-action lawsuit filed by Lane's Gifts & Collectibles. The class-action lawsuit was filed in Miller County, Arkansas, by Dallas attorneys Steve Malouf, Joel Fineberg, and Dean Gresham. The expert witness for the Plaintiffs in the case was Jessie Stricchiola, an internet search expert who first identified instances of ppc click fraud in 2001.

Michael Anthony Bradley

In 2004, California resident Michael Anthony Bradley created Google Clique, a software program that he claimed could let spammers defraud Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

 out of millions of dollars in fraudulent clicks.

Bradley used technology that he created for his other companies that took him five years to develop. Using this technology, he was able to demonstrate that fraud was possible, and was impossible for Google to detect.

Bradley notified Google of this security flaw, and was willing to work with them to close up some of these holes. However, Bradley was offered $500,000 for his software and technology by some of the world's top spammers. With this information, Bradley thought he could put a price of $100,000 on his technology, and offered to sell Google all rights to his technology, and they could make the Internet a better and safer place.

When Bradley showed up to Google's offices, he demoed the software for them, and when they asked what he wanted, he had stated that he would consult for free if they wanted to purchase the rights to his technology. He explained the prior offer of $500,000 and said he knew he could get it, but would settle for $100,000 if they wanted to work together.

Unknowingly, Bradley returned to Google's offices and was met by United States Secret Service officers who were undercover. They kept asking him what he wanted, and they even pushed a check for $100,000 to him, Bradley stated that this felt like blackmail and he was not comfortable with this, and pushed the money away. Just then the Secret Service came in and arrested him.

Authorities said he was arrested while trying to extort
Extortion
Extortion is a criminal offence which occurs when a person unlawfully obtains either money, property or services from a person, entity, or institution, through coercion. Refraining from doing harm is sometimes euphemistically called protection. Extortion is commonly practiced by organized crime...

 $100,000 from Google in exchange for handing over the program.

Charges were dropped without explanation on November 22, 2006; both the US Attorney's office and Google declined to comment. Business Week suggests that Google was unwilling to cooperate with the prosecution, as it would be forced to disclose its click fraud detection techniques publicly, as it also makes money from fraudulent clicks.

Solutions

Proving click fraud can be very difficult, since it is hard to know who is behind a computer and what their intentions are. Often the best an advertising network can do is to identify which clicks are most likely fraudulent and not charge the account of the advertiser. Even more sophisticated means of detection are used, but none is foolproof.

The Tuzhilin Report produced as part of a click fraud lawsuit settlement, has a detailed and comprehensive discussion of these issues. In particular, it defines "the Fundamental Problem of invalid (fraudulent) clicks":

• "There is no conceptual definition of invalid clicks that can be operationalized [except for certain obviously clear cases]."

• "An operational definition cannot be fully disclosed to the general public because of the concerns that unethical users will take advantage of it, which may lead to a massive click fraud. However, if it is not disclosed, advertisers cannot verify or even dispute why they have been charged for certain clicks."

The pay-per-click industry is lobbying for tighter laws on the issue. Many hope to have laws that will cover those not bound by contracts.

A number of companies are developing viable solutions for click fraud identification and are developing intermediary relationships with advertising networks. Such solutions fall into two categories:
  1. Forensic analysis of advertisers' web server log files.
    This analysis of the advertiser's web server data requires an in-depth look at the source and behavior of the traffic. As industry standard log files are used for the analysis, the data is verifiable by advertising networks. The problem with this approach is that it relies on the honesty of the middlemen in identifying fraud.
  2. Third-party corroboration.
    Third parties offer web-based solutions that might involve placement of single-pixel images or Javascript on the advertiser's web pages and suitable tagging of the ads. The visitor may be presented with a cookie. Visitor information is then collected in a third-party data store and made available for download. The better offerings make it easy to highlight suspicious clicks, and they show the reasons for such a conclusion. Since an advertiser's log files can be tampered with, their accompaniment with corroborating data from a third party forms a more convincing body of evidence to present to the advertising network. However, the problem with third-party solutions is that such solutions see only part of the traffic of the entire network. Hence, they can be less likely to identify patterns that span several advertisers. In addition, due to the limited amount of traffic they receive when compared to middlemen, they can be overly or less aggressive when judging traffic to be fraud.


Click fraud is less likely in cost per action
Cost Per Action
Cost Per Action or CPA is an online advertising pricing model, where the advertiser pays for each specified action linked to the advertisement....

 models.

Research

The fact that the middlemen (search engines) have the upper hand in the operational definition of invalid clicks is the reason for the conflict of interest between advertisers and the middlemen, as described above. This is manifested in The Tuzhilin Report as described above. The Tuzhilin report did not publicly define invalid clicks and did not describe the operational definitions in detail. Rather, it gave a high-level picture of the fraud-detection system and argued that the operational definition of the search engine under investigations is "reasonable". One aim of the report was to preserve the privacy of the fraud-detection system in order to maintain its effectiveness. This prompted some researchers to conduct public research on how the middlemen can fight click fraud. Since such research is presumably not tainted by market forces, there is hope that this research can be adopted to assess how rigorous a middleman is in detecting click fraud in future law cases. The fear that this research can expose the internal fraud-detection system of middlemen still applies. An example of such research is that done by Metwally, Agrawal and El Abbadi at UCSB. Recent work by Majumdar, Kulkarni, and Ravishankar at UC Riverside proposes protocols for the identification of fraudulent behavior by brokers and other intermediaries in content-delivery networks.

External links

  • "Truth in advertising", The Economist
    The Economist
    The Economist is an English-language weekly news and international affairs publication owned by The Economist Newspaper Ltd. and edited in offices in the City of Westminster, London, England. Continuous publication began under founder James Wilson in September 1843...

    , November 23, 2006.
  • "Vendors release click-fraud detection tools", eWeek
    EWeek
    eWeek is a weekly computing business magazine published by Ziff Davis Enterprise.The magazine consists of a print publication and web site covering enterprise topics and is targeted at IT professionals rather than hobbyists.-Audience:The eWeek audience is actively involved in buying enterprise...

    . Retrieved March 4, 2005.
  • "Click fraud roils search advertisers", CNet
    CNET
    CNET is a tech media website that publishes news articles, blogs, and podcasts on technology and consumer electronics. Originally founded in 1994 by Halsey Minor and Shelby Bonnie, it was the flagship brand of CNET Networks and became a brand of CBS Interactive through CNET Networks' acquisition...

    . Retrieved March 4, 2005.
  • "Mice Attack: Internet scammers steal money with 'click fraud'", Newsweek
    Newsweek
    Newsweek is an American weekly news magazine published in New York City. It is distributed throughout the United States and internationally. It is the second-largest news weekly magazine in the U.S., having trailed Time in circulation and advertising revenue for most of its existence...

    . Retrieved January 18, 2005.
  • "Google CFO: Fraud a Big Threat", CNN
    CNN
    Cable News Network is a U.S. cable news channel founded in 1980 by Ted Turner. Upon its launch, CNN was the first channel to provide 24-hour television news coverage, and the first all-news television channel in the United States...

     Money
    . Retrieved December 2, 2004.
  • "How Click Fraud Could Swallow the Internet", Wired Magazine, issue 14.01 (January 2006). Retrieved December 29, 2005.
  • "Click fraud fears growing for online advertisers", The Times
    The Times
    The Times is a British daily national newspaper, first published in London in 1785 under the title The Daily Universal Register . The Times and its sister paper The Sunday Times are published by Times Newspapers Limited, a subsidiary since 1981 of News International...

    . Retrieved February 2006.

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK