Need Help? Talk to Our Experts
Online advertising is huge. In 2019, it’s estimated that more than $330 billion was spent on digital advertising platforms including Google, Facebook and Amazon. Of that, it’s thought that click fraud takes anything from $3 billion to $35 billion although, understandably, the exact figures are hard to pin down.
With such a huge slice being taken from the advertising pie, what exactly are the giants such as Google doing to prevent click fraud? After all, if the money was being taken from them, they’d certainly have that locked down pretty quickly.
If you’re spending money on Google Ads, you probably want to know exactly what Google is doing to prevent click fraud and ad fraud for their customers.
For the uninitiated, click fraud is where you receive clicks on your paid links when the clicker has no interest in buying your product. Often done for malicious purposes, click fraud can encompass competitors trying to damage your online advertising budget, or organised fraudsters making money from spoofed websites.
You can read all about the practice of click fraud and ad fraud in our in-depth guide.
Google refers to all non-genuine clicks on paid ads as ‘invalid clicks’, which can cover everything from a genuine slip of the finger, to an organised click farm setup clicking on your ads. For the purposes of this article, we’re referring to the organised aspect of this practice – although Google does have processes in place to prevent advertisers paying for genuine mistakes.
Click fraud is estimated to affect around 20% of all paid links on the internet, from display ads or video, to paid search engine page results.
Put simply, if you’re paying for web traffic, you are most likely paying out a reasonable chunk to fraud of some kind. And this includes not just search engine traffic, but other forms of paid links such as social media. So, what do the advertising giants such as Google do to protect you from click fraud and other fraudulent activity?
Advertising revenue is by far Google’s biggest earner, so it is mostly in their interest to prevent fraud on their ads. As such they do have a fairly solid program of anti-click fraud processes. The sentiment in the marketing industry though is that Google do just enough, but could do more…
One of the main reasons Google is such a powerful platform is that they offer ad placement on over 11 million websites. If you want to advertise your product on a popular website with the potential for huge amounts of traffic, Google Ads is a solid choice.
With a nicely designed banner ad, you’ll quickly be channelling the kind of traffic that could take years to build organically. And you can have a global advertising reach, ensuring all sorts of people see your ads, building your brand rapidly.
The problem is that a lot of websites are made specifically for ad fraud. These spoofed sites are created simply to host display ads and collect the payout from clicks channelled through them, usually from bots or click farms. In fact, on many of these spoof sites, human eyes may rarely see the content let alone the ads.
So what is Google doing about this?
When a site is submitted to Adsense, Google will manually verify the quality before approving it to host banner ads. In truth, getting your site submitted to Adsense isn’t difficult. You just need to present a website that looks half decent and is made for human usage, with a few pages of content on it.
All sites submitted to Google’s Adsense program are verified by real live humans to make sure they have decent load times, are readable by human eyes and are generally functional. In short, Google just need to see that your website is a real working website.
However, one of the key complaints is that it’s pretty easy for an unscrupulous webmaster to create a website that looks the part. In fact, in one article, a marketer looking at over 48,000 Adsense sites estimated that around 90% of them are fake.
Google have recently tried to remedy this with ads.txt , which allows marketers to specify who displays their ads. But this has brought more problems, which we will look at in another article soon.
When you submit your Adsense site for verification, Google do make it quite clear that they will not tolerate fraud. The fraud detection process is ongoing, and if your site is the source of an abnormal amount of fraudulent clicks, publishers can be suspended or even rejected.
Of course, the odd fraudulent click doesn’t make one website publisher a fraudster themselves. There are many ways sites can be subjected to PPC fraud, so if there is a case against the webmaster they are given opportunities to put it right.
For many webmasters, hosting display ads is an honest way to monetise their content. This is usually how bloggers and online magazines make their money, so just because you haven’t heard of a site doesn’t make it dodgy.
Keep an eye on the sites you receive click traffic from during your PPC advertising campaigns, and flag those that seem suspicious.
To be fair to Google, they do have some effective algorithms in place to minimise accidental ‘invalid’ clicks. Say, for example, that you’re browsing a site on your phone and you accidentally click on an ad that opens a new page. You click off and continue reading the content you wanted to…
In the meantime that accidental click is already being recognised as an invalid click by Google’s algorithms and the advertiser has not had to pay for it.
The trick here is that the bounce rate was extremely high, with the user closing the site either before it even loaded, or within seconds of it loading. This is typical of accidental clicks and is relatively easy for Google (and other advertising platforms) to handle.
One of the growing frontiers for ad fraud is mobile apps, or app malware. An example of this is the DrainerBot malware which managed to proliferate through thousands of apps and millions of downloads thanks to some iffy code in a software kit.
To help eliminate this kind of malware, Google introduced Play Protect, which scans apps for suspicious code and malware. It also alerts users to the potential of security exploits in app downloads, and attempts to close loopholes by requiring developers to create software that is suitable for newer and more secure versions of Android.
The Play Protect system actually prevented over 1.9 billion malware downloads in 2019. Although this initiative is an excellent idea and has helped minimise malware on the Android platform, the problem is still growing. Malware can often be inserted into apps after downloading, usually via an update (known as a dropper); or ‘side loading’, which is when an app is downloaded from a source other than the app store.
Simply put, malware is a problem that refuses to go away. Google are constantly fighting the war, but as soon as one battle is won, a new threat emerges.
Being able to call on the global creme de la creme of technological experts, you would expect Google to have some solid defenses against click fraud. And, indeed they do. In fact they currently have around 180 sophisticated data filters which are constantly updated. They also have a dedicated team who are on the hunt for botnet activity and will manually review suspicious activity on PPC ads.
But that doesn’t mean you can just sit back and assume they’ve got it covered. If you’re using Google Ads to promote your business, you should still keep an eye on the activity on your ads, including suspect IP addresses, unusual publisher sites and surges in click activity.
If you do find anything unusual that you think needs attention, make sure to report it to Google and follow their guidelines to minimise exposure to click fraud and ad fraud.
Looking at Google Ads traffic quality pages, there is no denying that Google is doing a lot to prevent invalid clicks on your paid ads. They have whole dev teams dedicated to monitoring fraud and updating software. But, by our data, click fraud is fairly consistent, even with these measures in place.
So if you’re asking if Google is doing enough, it’s tough to call. The answer might be that they do things differently, or perhaps they do enough to prevent the most obvious forms of invalid clicks such as accidental clicks.
With the estimated figure of 90% (not our estimate) of Adsense sites being spoofed, it certainly appears that there is room for improvement. The problem is that Google makes good money from the clicks on ads, even if the ads are on spoofed sites. And without a significant re-jig to the way sites are approved, this looks likely to continue.
Yes, the Play Protect and ads.txt measures that were introduced have helped in some respects. But as we’ve mentioned, fraudsters are resourceful and will always find another route in.
Although limiting the sites your ad appears on can be very useful, it isn’t the solution for everyone. After all, if you have a new business or a product launch, it’s likely you’ll want your ad to appear as often as possible across many different sites. And the truth is that calling which site is spoofed and which isn’t is actually pretty difficult.
Click fraud protection software such as ClickCease operates in a different way to Google. By assigning a unique ID to each device that clicks on a PPC ad, we can identify multiple clicks from the same source, even if they use VPNs or other methods to change IP address.
Third party software is also dedicated to eliminating click fraud on your PPC ads, with blacklisting for suspicious IP addresses and automated ad blocking for shady IPs and devices.
This gives you the opportunity to display your Google Ads freely, but by using anti click fraud software you’ll be able to block fraudulent clicks and other suspicious activity.
As the industry leading and most trusted click fraud software, ClickCease offer unbeatable protection from ad fraud and click fraud. Sign up for a free trial to find out how your PPC ad campaign can be protected.
Refund Policy|Terms & Condition|Blog|Sitemap