When I speak with advertisers who are debating whether to explore paid search, one of the biggest sources of hesitation is click fraud. It may sound like paranoia, but it’s actually a very valid concern for many PPC practitioners. That said, fearfulness of click fraud is no reason to avoid PPC altogether. As long as you are cognizant of the phenomenon, committed to keeping a watchful eye on your account and have employed proactive measures to protect yourself, you’ll be in good shape!
Click fraud is a black-hat technique of falsely inflating the number of clicks on a pay-per-click ad. Click fraud is usually driven by one of two incentives:
For years, search engines have been getting a lot of flak for not going the extra mile to identify and quash click fraud. This suspicion is not unwarranted. Remember, regardless of whether a click is malicious or not, it’s generating dough for the search engine displaying it. So, to uphold their reputations (and put weary advertisers’ minds at rest), all of the major ad platforms have designated their very own task forces to take on click fraud.
Google has created, by far, the most robust anti-click fraud program. Their system of detection uses a three pronged approach that starts with automated filters. Advanced algorithms detect and filter out invalid clicks in real time, before advertisers are even charged. Since these filters cannot be relied on to catch all fraudulent clicks, Google’s Ad Traffic Quality Team also conducts manual, offline analysis and removes any clicks that they deem invalid before advertisers are charged. Aside from these proactive measures, Google also launches investigations based on advertisers’ reports of suspicious activity. Anytime malicious clicks are detected, they are labeled as “invalid” and credits are issued to the account.
So now that you know the ins and outs of click fraud, you’re probably wondering whether malicious clicks are happening in YOUR account. Welp, before you launch into a full-on bout of paranoia, let me reassure you that there is a TON you can do to identify whether you are a victim of click fraud! To get the full rundown, I turned to WordStream’s Evan Cummins to see what our marketing services team is doing to monitor their clients’ accounts. Evan explained that, depending on the time and resources you can commit to monitoring click fraud, you can approach the problem one of two ways: through manual analysis or an automated solution.
If you elect to go the DIY route, here’s Evan’s two cents on how to go about it:
Firstly, you will need internal reporting. In general, it’s always good to have internal reporting in some form, regardless of whether you think you have click fraud, because while Google can only tell you if a click became a lead. Internal reporting would tell you if that lead became a sale. Knowing this information can help you adjust your bidding to favor terms that are more likely to result in a sale.
In order to track click fraud with your internal reporting, there are a few pieces of information you’ll want to ensure you collect:
The necessity for the IP address is pretty self-explanatory, but why do you need the other three? Click timestamp and action timestamp should be used together because you want to see the IP addresses which are arriving at your site by clicking on an ad, but not converting or rarely converting. The click timestamp is the time when someone arrives on your site after clicking an ad. The action timestamp is the time when that person completed an action on your site. If you see an IP address with a bunch of click timestamps but no action timestamps, then that is likely click fraud. Lastly, user agent really is useful for identifying whether someone on a particular IP is the same person. It takes note about all the features of the device being used to access your site such as type of computer or device, internet browser, software, and more.
Once you discover a potentially fraudulent IP address, you should always perform a quick check of the IP on a site to see who it belongs to. Sites like www.whatismyipaddress.com, www.whatismyip.com, and www.ip2location.com are good resources to turn to.
One thing to keep an eye out for is proxy servers. It’s not unusual for a client to panic because a significant portion of their traffic is coming from the same place, only to finally discover that the suspect IP address belonged to proxy server at a public place like a coffee shop, airport, or university. Doing some research on your IP can help you discern whether this is the case. If you’re still unsure, look at all of the searches triggered from the IP in question. If the searches are very different, it’s likely a proxy server. If the search queries are similar and are occurring over a super short time period, the clicks are probably fraudulent.
If you identify click fraud in your account, don’t hesitate to report it via the Google Ads Support line.
Despite Google’s claims that it’s going the extra mile to eradicate click fraud, many advertisers still consider it to be a major issue. If you feel as though you can’t solely rely on Google to weed out invalid clicks, take matters into your own hands!
Sometimes you just have to take matters into your own hands.
Here are my top 4 tips to protect yourself from click-happy criminals:
So, now I turn to you, my fellow click-fraud victims, what clever tactics have you employed to eradicate malicious clicks in your accounts?
Please read our Comment Policy before commenting.