4 Powerful Ways to Eliminate Click Fraud in Your Account

28

Eliminate click fraud tips 

When I speak with advertisers who are debating whether to explore paid search, one of the biggest sources of hesitation is click fraud. It may sound like paranoia, but it’s actually a very valid concern for many PPC practitioners. That said, fearfulness of click fraud is no reason to avoid PPC altogether. As long as you are cognizant of the phenomenon, committed to keeping a watchful eye on your account and have employed proactive measures to protect yourself, you’ll be in good shape!

Worried about the cost of PPC? Get our free guide to discover your most cost-effective keywords!

What is Click Fraud?

Click fraud is a black-hat technique of falsely inflating the number of clicks on a pay-per-click ad. Click fraud is usually driven by one of two incentives:

  • Advertisers are trying to sabotage their competitors by driving up their costs and meeting their budget caps early on in the day
  • Ad publishers are clicking on the ads displayed on their own sites to generate more revenue for themselves.

 what is click fraud

What Are Search Engines Doing About It?

For years, search engines have been getting a lot of flak for not going the extra mile to identify and quash click fraud. This suspicion is not unwarranted. Remember, regardless of whether a click is malicious or not, it’s generating dough for the search engine displaying it. So, to uphold their reputations (and put weary advertisers’ minds at rest), all of the major ad platforms have designated their very own task forces to take on click fraud.

 click fraud protection

Google has created, by far, the most robust anti-click fraud program. Their system of detection uses a three pronged approach that starts with automated filters. Advanced algorithms detect and filter out invalid clicks in real time, before advertisers are even charged. Since these filters cannot be relied on to catch all fraudulent clicks, Google’s Ad Traffic Quality Team also conducts manual, offline analysis and removes any clicks that they deem invalid before advertisers are charged. Aside from these proactive measures, Google also launches investigations based on advertisers’ reports of suspicious activity. Anytime malicious clicks are detected, they are labeled as “invalid” and credits are issued to the account.

 click fraud credits

How to Identify Click Fraud in Your Account

 click fraud prevention

So now that you know the ins and outs of click fraud, you’re probably wondering whether malicious clicks are happening in YOUR account. Welp, before you launch into a full-on bout of paranoia, let me reassure you that there is a TON you can do to identify whether you are a victim of click fraud! To get the full rundown, I turned to WordStream’s Evan Cummins to see what our Managed Services Team is doing to monitor their clients’ accounts. Evan explained that, depending on the time and resources you can commit to monitoring click fraud, you can approach the problem one of two ways: through manual analysis or an automated solution.

Going the DIY Route

If you elect to go the DIY route, here’s Evan’s two cents on how to go about it:

Firstly, you will need internal reporting. In general, it’s always good to have internal reporting in some form, regardless of whether you think you have click fraud, because while Google can only tell you if a click became a lead. Internal reporting would tell you if that lead became a sale. Knowing this information can help you adjust your bidding to favor terms that are more likely to result in a sale.

In order to track click fraud with your internal reporting, there are a few pieces of information you’ll want to ensure you collect:

  • IP address
  • click timestamp
  • action timestamp
  • user agent

The necessity for the IP address is pretty self-explanatory, but why do you need the other three? Click timestamp and action timestamp should be used together because you want to see the IP addresses which are arriving at your site by clicking on an ad, but not converting or rarely converting. The click timestamp is the time when someone arrives on your site after clicking an ad. The action timestamp is the time when that person completed an action on your site. If you see an IP address with a bunch of click timestamps but no action timestamps, then that is likely click fraud. Lastly, user agent really is useful for identifying whether someone on a particular IP is the same person. It takes note about all the features of the device being used to access your site such as type of computer or device, internet browser, software, and more.

Once you discover a potentially fraudulent IP address, you should always perform a quick check of the IP on a site to see who it belongs to. Sites like www.whatismyipaddress.com, www.whatismyip.com, and www.ip2location.com are good resources to turn to.

One thing to keep an eye out for is proxy servers. It’s not unusual for a client to panic because a significant portion of their traffic is coming from the same place, only to finally discover that the suspect IP address belonged to proxy server at a public place like a coffee shop, airport, or university. Doing some research on your IP can help you discern whether this is the case. If you’re still unsure, look at all of the searches triggered from the IP in question. If the searches are very different, it’s likely a proxy server. If the search queries are similar and are occurring over a super short time period, the clicks are probably fraudulent.

If you identify click fraud in your account, don’t hesitate to report it via the AdWords Support line.

How to Eliminate Click Fraud in your Account

Despite Google’s claims that it’s going the extra mile to eradicate click fraud, many advertisers still consider it to be a major issue. If you feel as though you can’t solely rely on Google to weed out invalid clicks, take matters into your own hands!

 prevent click fraud

Sometimes you just have to take matters into your own hands.

Here are my top 4 tips to protect yourself from click-happy criminals:

  1. Turn to Facebook/Twitter Ads: The great thing about utilizing these platforms is that your ads will ONLY show on these platforms (!)—meaning there are no third-party publishers involved in the process. This cuts out a significant source of click fraud. OK, so but what about malicious competitors’ clicks? Actually, this version of click fraud is also less prevalent on paid social networks because their advanced targeting options are so specific. Since ad placement is based on a keyword search, it’s much more difficult for competitors to find your ads.
  2. Set up IP Exclusions in AdWords: If you’ve done your due diligence and identified the IP address associated with fraudulent clicks, you can block your ad from being served to that IP in the future. To set up an exclusion, all you need to do is head to the Settings tab and scroll down to the IP Exclusions setting. From there, you just need to plug in the offending addresses and you’ll be good to go!
  3. Run GDN Remarketing Campaigns: If you’re concerned about publisher-based click fraud, this is the way to go. It is easily avoided with remarketing because ads are only displayed to those who have visited and displayed interest in the advertiser’s website. There’s no risk of publishers clicking on the ads, because they can’t see them!
  4. Adjust Your Ad Targeting: Sometimes all it takes is a small tweak to your targeting to weed out invalid clicks. If you suspect click fraud is coming from a specific geographic region (oftentimes “click farms” are based in poorer countries with low labor rates), it may be worthwhile to exclude these locations and their respective languages. Or, if you suspect that a competitor is committing click fraud, you can exclude their zip code, city, etc. One caveat to be mindful of here is that it is critical that you are not eliminating GOOD traffic as you do this. Only set these exclusions if you truly believe that the majority of the clicks generated in these areas are fraudulent.

So, now I turn to you, my fellow click-fraud victims, what clever tactics have you employed to eradicate malicious clicks in your accounts?

 

Find out how you're REALLY doing in AdWords!

Watch the video below on our Free AdWords Grader:

Visit the AdWords Grader.

Comments

Jithin Chandrababu
Aug 18, 2015

Thanks for the info. Again, is there a way i can request Google to check my account specifically because in have identified some click fraud?

Erin Sagin
Aug 18, 2015

Thanks for commenting, Jithin! Yes, you can report click fraud to Google through a number of their support channels (listed here: https://support.google.com/adwords/answer/8206?hl=en&contactus=1). Best of luck to you!

Albert James
Jun 13, 2016

This one is really a good piece of writing buddy. This will help many people to gain knowledge.

Michael Lorenzo
Jul 07, 2017

Hi Erin, Thank you for the great insights & info!
We've been using Clixtell click fraud protection tool and its great.
They detect & block suspicious clicks as they happen, even from bots, VPNs & proxies. They have a defense mode that works like a charm and literally saved us thousands.

josh
Sep 06, 2015

You actually have to fill out this report:
https://support.google.com/adwords/contact/click_quality

Josh
Sep 06, 2015

Hi Erin,
Thanks for this article, it makes a lot of sense but now days many fraudsters use different tactics to avoid detection. When it comes to stop attackers that use VPN and proxie softwares i'd recommend to use a 3rd party click-fraud protection services like Clickcease.com or improvely.com.These services even offer to automatically add the IPs to the exclusion list so the attacker can't keep clicking your ads. I couldn't find a better way to stop click-fraud these days.

Zvi Pardes
Oct 28, 2015

Thanks for such a concise yet descriptive rundown on click fraud. There are now inexpensive professional options for small to medium businesses to use which will significantly decrease click fraud for a nominal monthly fee.

Jake
Feb 14, 2016

Thanks Josh, I tried out Clickcease, after a competitor was draining my ad budget. Before I used clickcease I had to manually look for the fraudulent IP's, and that was completely useless, now it all gets blocked automatically and my campaigns are back to be profitable again. Thanks again for the recommendation.

liat
Mar 22, 2016

If you are using google Adwords you can use clickfrauds.com to demolish this problem!

Madrat
Apr 22, 2016

I'd not looked into twitter yet, but will now. Facebook may have similar issues of its own. Stopped all add with them for now as the traffic was not looking perform as expected and seemed suspicious. I may give another try as I have leveraged a new fairly realtime visitor tracker called slim stat for wordpress sites which I can check IP addresses with. What I do like about adwords is that I can target specific location, zipcode etc and "should" get visitors from that area only.

Whitk
Apr 25, 2016

Actually, Facebook is just as bad. All FB ad traffic we get is very low quality, all mobile users and have high bounce rates. Some bounce so fast that the clicksdont even show up in our tracking software - even though FB is charging.


We made some sophisticated testing of user actions and find that the users are all fake. The worst is Instagram ads. Mind you no hashtags were used - so it cannot be the normal instagram robot spam.

My conclusion is that FB itself is using a bot farm to drive their ad revenue higher.

Kelly
May 04, 2016

I have to agree to with Whitk about facebook. I have spent an enormous amount of money with FB ads and got nothing in return. I

jeff
Jun 03, 2016

We absolutely crush it on Facebook marketing.. you guys must be doing it all wrong.

troisrivieres
Jul 01, 2017

It's wonderful that you are getting thoughts from this paragraph as
well as from our dialogue made at this place.

Joshua
Jun 08, 2016

The issue we are running into is that someone is using a software that changes the IP slightly from a mobile device so that it looks like a different person when in fact is 100% not and is spam. Very clever. Clickcease does help a bit but what is really needed is an exclusion tool that can exclude ranges of IPs but then remove them from an exclusion list very quickly because if you block ranges, you block whole areas covered by a mobile provider. Anyone know of anything to combat this?

David
Aug 07, 2016

Hi Joshua,
I've been using ClickCease myself and they've recently added a feature that allows me to determine the time periods I would like either a specific IP or an IP range to be blocked for. It really is a very useful tool.

Tabrej
Jan 25, 2017

I have the same problem, my competitors are clicking on my ads by changing their ips and google cant filters it as invalid click..plzz help me out how to solve this issue

Tony Nguyen
Aug 24, 2016

We've been using campaignprotection.com and it works well identifying multiple clicks from IPs, also list the region and local it comes from. The only problem is that Google only gives you 500 IPs to ban for each campaign. We generated so many bad IPs that the program became useless after we reached the max in Google. Shame on Google.

jeff
Sep 14, 2016

good article. one element though i did not see how to determine is the IP addresses of invalid clicks. where can one find this info in order to set up ip exclusions in adwords?

WesJA
Oct 06, 2016

Its not a real good article. Since years click fraudulents use proxylists with 10, 200 or 1500 proxyservers to click on ads automatically. This can not be detected in the way written above.

NexToronto
Nov 22, 2016

Faith in Google AdWords restored. So happy they have such a robust system in place to prevent click fraud. I thought I had to manually take care of this myself. Great article.

Matt
Nov 26, 2016

Josh and Jake, thank you for mentioning Clickcease. I am looking at the new Siphon product recommended by the guys at OMG; but if Clickcease is better then I am open to that. Any comparisons that you have found which compare the 2 services, or any others which are considered to be trustworthy and cost-effective? Thanks for your thoughts!

Ben
Mar 14, 2017

We use this exclusion list as we've determined that most of our fraudulent clicks come from here. A little warning, this list excludes billions of IP4 addresses. Amazon, Cloudflare, and MS Azure are to name a few. We keep a page on our site that is dedicated to keeping a click fraud list.
207.46.192.*
205.251.247.*
205.251.248.*
205.251.249.*
205.251.254.*
207.46.198.*
209.76.145.*
207.46.202.*
99.235.180.*
168.63.88.*
103.21.244.0/22
103.22.200.0/22
172.64.0.0/13
173.245.48.0/20
199.27.128.0/21
64.163.110.*
43.0.0.0/8
51.0.0.0/8
103.246.148.0/23
103.246.150.0/23
107.23.255.0/26
175.41.128.0/18
175.41.192.0/18
176.32.104.0/21
176.32.112.0/21
176.32.120.0/22
176.32.125.0/25
176.32.64.0/19
176.32.96.0/21
176.34.0.0/19
176.34.128.0/17
176.34.159.192/26
176.34.32.0/19
176.34.64.0/18
177.71.128.0/17
177.71.207.128/26
177.72.240.0/21
178.236.0.0/20
184.169.128.0/17
184.72.0.0/18
184.72.128.0/17
184.72.64.0/18
184.73.0.0/16
185.48.120.0/22
203.83.220.0/22
204.236.128.0/18
204.236.192.0/18
204.246.160.0/22
204.246.164.0/22
204.246.168.0/22
204.246.174.0/23
204.246.176.0/20
205.251.192.0/19
205.251.192.0/21
205.251.224.0/22
205.251.228.0/22
205.251.232.0/22
205.251.236.0/22
205.251.240.0/22
205.251.244.0/23
205.251.250.0/23
205.251.252.0/23
207.171.160.0/20
207.171.176.0/20
216.137.32.0/19
27.0.0.0/22
50.112.0.0/16
50.16.0.0/15
50.18.0.0/16
72.21.192.0/19
87.238.80.0/21
96.127.0.0/17
205.251.255.*
103.4.8.0/21
122.248.192.0/18
174.129.0.0/16
216.182.224.0/20
50.19.0.0/16
67.202.0.0/18
72.44.32.0/19
75.101.128.0/17
79.125.0.0/17
131.0.72.0/22
172.96.97.*
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
141.101.64.0/18
162.158.0.0/15
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
107.20.0.0/14
54.0.0.0/8
23.0.0.0/8
13.0.0.0/8
40.0.0.0/8
52.0.0.0/8
104.208.0.0/19
104.208.128.0/27
104.208.128.32/28
104.208.129.*
104.208.136.0/21
104.208.144.0/20
104.208.160.0/21
104.208.192.0/20
104.208.208.*
104.208.209.0/28
104.208.216.0/21
104.208.224.0/20
104.208.240.0/21
104.208.248.0/27
104.208.32.0/20
104.209.128.0/17
104.209.16.0/23
104.209.32.0/19
104.210.0.0/20
104.210.128.0/19
104.210.184.0/21
104.210.192.0/19
104.210.32.0/19
104.211.0.0/18
104.214.0.0/17
104.215.64.0/18
104.40.0.0/18
104.40.64.0/19
104.41.128.0/19
104.42.0.0/18
104.42.64.0/20
104.42.96.0/19
104.43.128.0/17
104.44.128.0/19
104.45.128.0/18
104.45.192.0/20
104.45.208.0/20
104.45.224.0/19
104.46.0.0/21
104.46.192.0/20
104.46.96.0/19
104.47.200.0/21
104.47.208.0/23
137.116.0.0/18
137.116.112.0/20
137.116.184.0/21
137.116.64.0/19
137.116.96.0/22
137.117.0.0/19
137.117.32.0/19
137.117.64.0/18
137.135.0.0/18
137.135.64.0/18
138.91.112.0/20
138.91.128.128/25
138.91.128.48/28
138.91.128.64/26
138.91.129.0/26
138.91.129.64/28
138.91.136.0/21
138.91.144.0/20
138.91.160.0/19
138.91.192.0/21
138.91.224.0/19
138.91.64.0/19
138.91.96.0/25
138.91.96.128/26
138.91.96.192/28
157.55.103.32/27
157.55.136.0/21
157.55.153.224/28
157.55.160.0/20
157.55.176.0/20
157.55.192.0/21
157.55.200.0/22
157.55.208.0/21
157.55.24.0/21
157.55.252.0/22
157.55.60.224/27
157.55.73.32/28
157.55.80.0/21
157.56.160.0/21
157.56.176.0/21
157.56.24.160/27
157.56.24.192/28
157.56.28.0/22
157.56.8.0/21
168.61.0.0/19
168.61.128.0/17
168.61.32.0/20
168.61.48.0/21
168.61.64.0/20
168.62.0.0/21
168.62.100.0/22
168.62.104.0/21
168.62.112.0/20
168.62.12.0/23
168.62.128.0/19
168.62.14.*
168.62.15.0/27
168.62.15.128/25
168.62.15.32/28
168.62.15.96/27
168.62.16.0/20
168.62.160.0/19
168.62.192.0/19
168.62.224.0/20
168.62.240.0/21
168.62.248.0/22
168.62.32.0/25
168.62.32.128/27
168.62.32.192/26
168.62.33.*
168.62.34.0/26
168.62.34.128/25
168.62.34.64/28
168.62.34.96/27
168.62.35.*
168.62.36.0/22
168.62.40.0/22
168.62.44.0/23
168.62.46.*
168.62.47.0/27
168.62.47.128/25
168.62.47.32/28
168.62.47.96/27
168.62.48.0/20
168.62.8.0/22
168.62.96.0/27
168.62.96.128/25
168.62.96.32/28
168.62.96.64/26
168.62.97.0/25
168.62.97.128/26
168.62.97.192/27
168.62.98.0/23
168.63.89.0/25
168.63.89.128/26
191.233.144.*
191.233.168.0/21
191.233.176.0/21
191.234.32.0/19
191.236.0.0/18
191.236.128.0/18
191.236.192.0/18
191.236.64.0/18
191.237.0.0/19
191.237.128.0/19
191.237.160.0/22
191.237.164.0/23
191.237.168.0/21
191.237.176.0/20
191.237.32.0/22
191.237.36.0/23
191.237.38.0/27
191.237.39.*
191.237.40.0/21
191.237.48.0/20
191.237.64.0/18
191.238.0.0/22
191.238.136.0/21
191.238.144.0/20
191.238.16.0/20
191.238.160.0/19
191.238.224.0/19
191.238.32.0/19
191.238.4.*
191.238.6.0/26
191.238.6.64/28
191.238.7.*
191.238.70.0/23
191.238.8.0/21
191.239.0.0/18
191.239.224.0/25
193.149.64.0/21
193.149.72.0/21
207.46.193.0/25
207.46.193.144/28
207.46.193.160/27
207.46.193.192/26
207.46.194.0/23
207.46.196.0/23
207.46.199.0/26
207.46.199.128/25
207.46.199.64/27
207.46.200.0/26
207.46.200.128/25
207.46.200.64/28
207.46.200.96/27
207.46.201.*
207.46.203.0/26
207.46.203.128/26
207.46.203.192/27
207.46.204.0/22
209.240.220.0/23
65.52.0.0/19
65.52.106.16/28
65.52.112.0/20
65.52.192.0/19
65.52.232.0/21
65.52.240.0/21
65.52.32.0/21
65.52.48.0/20
65.54.48.0/22
65.54.52.0/26
65.54.52.128/25
65.54.52.64/27
65.54.53.*
65.55.80.0/21
65.55.88.0/22
65.55.92.0/23
65.55.94.*
65.55.95.0/26
65.55.95.128/25
65.55.95.64/27
70.37.112.0/22
70.37.116.0/23
70.37.118.*
70.37.119.128/26
70.37.119.224/27
70.37.120.0/22
70.37.124.0/23
70.37.126.0/26
70.37.126.128/27
70.37.126.192/26
70.37.126.64/27
70.37.127.0/26
70.37.127.240/28
70.37.160.0/21
70.37.48.0/20
70.37.64.0/19
70.37.96.0/20
185.143.16.*
103.8.172.0/22

Jyothi Prakash M
Mar 23, 2017

I'm a victim of fraudulent clicking by some anonymous rival,I appealed to G***le but they didn't consider my request. Is there any scope for recovery? Kindly suggest me best practices to keep such issues intact.

Cash For Cars
Apr 28, 2017

Google will never solution because they lose money and I am sure they will try to block other for finding solutions. just quite google

Jessica Hamilton
May 07, 2017

We've been a victim of click fraud and I for one can tell you that you don't always get the refund you're expecting. We've used Click Cease and Improvely but for now we're settled using Click Guardian. The problem seems to be under control for now. @Ben thanks for the list but it does seem a little exhaustive. I would worry myself that I was blocking too many potential customers by blocking such a wide range of IP addresses.

ali
Jun 23, 2017

good information. thanks

Neil
Sep 11, 2017

Google really need to do more to combat this. We use PPC Protect now (ppcprotect.com) and find it's blocking a lot of click fraud, you would think Google would try and solve this themselves!

Leave a comment