Click Fraud Detection

How difficult is it to detect click fraud on your own website?


We recently released the audio recording of our clinic on this topic. You can listen to a recording of this clinic here:

Click Fraud 2006

Are there ways to combat click fraud when running PPC campaigns? Is it possible to minimize the chances of being targeted? And how can you find out if you have already been paying for fraudulent clicks?

Suspecting we had been a victim of click fraud ourselves, we set out to answer these questions and share our findings.

In addition to documenting our own experience, we have spoken with other PPC experts around the world and developed a 14-point plan.

This plan not only gives you the means to minimize the likelihood of your company becoming a victim of click fraud, but also provides instructions on identifying click fraud attacks as and when they occur.

PPC is an important and sometimes essential tool for many online marketers. As awareness of click fraud grows, it is necessary to learn how to protect both the integrity and the ROI of your campaigns.

In a previous report, we examined the problem of click fraud and found that as much as 30% of paid search traffic may be fraudulent.

Click Fraud Tested


South African search firm has developed a unique click-tracking tool that creates and measures a unique click ID for each click. This ID is created based on a number of characteristics that they believe to be statistically significant. This tool was used in creating the three campaigns below.

Specifics of these tested campaigns included:

  • All three campaigns ran over a ten day period.
  • Duplicates were determined by comparing IP address, language, browser settings, referring URL, time of click, operating system, browser plug-ins, and country.
  • Campaign A was implemented for a finance company with a high-end ($1.00-$2.00) cost-per-click (CPC), Campaign B was for a travel company with a mid-range ($0.20-$0.30) CPC, and campaign C was for a “jobs” company with a low ($0.05-$0.15) CPC.
Documented Click Fraud for
Three Google AdWords Campaigns
Campaign A Campaign B Campaign C
Total Clicks 34,763 12,790 4,184
Duplicate Clicks 10,268 1,257 349
Alleged Click Fraud 29.5% 9.8% 8.3%
Clicks Billed By Google 34,758 12,671 4,130
Google Credits – 5 – 119 – 54
Non-Credited Fraudulent Clicks 10,263 1,138 295
Cost to Advertiser $15,394.50 $284.50 $29.50

What You Need To UNDERSTAND: This random sample showed as much as 29.5% fraud. Fraud increased as the bid price increased. Google only seemed to detect a very small percentage of fraud.

KEY POINT: Data indicates that the potential for significant click fraud increases proportionately to the bid price. Click fraud may be a larger problem than the major online search engines admit. Until more information becomes available, PPC advertisers will have to remain vigilant against the dangers of PPC fraud.

In March, Google agreed to settle a class-action click-fraud lawsuit for $90 million (*1). So the danger of click fraud hasn’t left of the awareness of careful marketers.

The Click Fraud Network is currently reporting that 16.4% of PPC traffic is at a “high threat level.” The current threat level is updated weekly at:

But how serious of a problem is it for the individual company?

To examine the problem of click fraud, we will present two case studies, followed by ten tips to help prevent click fraud.

Case Study #1: How we may have wasted nearly $7500 in three days.

This study is a deviation from the typical MEC report format. Because click fraud often manifests in unexpected ways, we have decided to share an anecdote about our own experiences. This is part of our ongoing study of click fraud, and we thought it would be a useful example to other marketers who may find themselves in a similar situation.

On a Friday afternoon, our test site suddenly experienced a huge traffic spike from Google AdWords. In a matter of hours, the Google PPC campaign had incurred thousands of dollars in charges:

Google AdWords PPC Campaign for Test Site 1
Day of the Month Click Charges
25 $145.00
26 $409.00
27 $437.00
28 $1,544.00
29 $4,307.00
30 $1,503.00

What You Need To UNDERSTAND: On the 29th of the month, there was a traffic spike costing our test site $4,307.00.

MEC Senior Analyst Jalali Hartman tells the story:

At first, I thought the traffic surge was great. I was working to advertise a paid subscription product where users could get a free trial in exchange for providing an email address.

By all indications, the campaign was a huge success.

I had started out testing Google to see if I could drive targeted traffic to the site, and it seemed that I could. I was spending a couple of hundred of dollars per day, but it was well within my budget.

Hungry for more traffic, I decided to increase my bid to over $7 per click and activate Google’s content network.

I didn’t think much of it. I was away on business that afternoon and evening but I could see all of the leads flowing in as I monitored my email from my Treo.

(Ironically, I had just completed a major study on click fraud and found that some campaigns had as much as 30% invalid clicks, which had appeared to go undetected by Google.)

I logged into my Google account after returning from my business trip and gasped.

The weekly spend had skyrocketed to $8,345.

While this amount is not in itself unbearably large, it is quite substantial for anyone who is trying to create a positive ROI with a new PPC campaign. And it significantly exceeded our test budget for this period of this campaign.

I immediately shut down all advertising. I was concerned about how I would explain this budget aberration to our director of research.

I didn’t panic at first, because I was sure that I would log in the next day and see all of these clicks charges credited back to me.

Because of my recent research and because of all of the “click fraud buzz” in the media, I was sure I had fallen victim to a click fraud scam and that the Google Police would immediately notify me, apologize, and I could go back to business as usual.

I decided to try to get to the bottom of this. I was determined NOT to pay for these clicks.

I started to compile any data that I could.

The first thing I did was look at the trends in my Google campaign:

Trends in Google Campaign

The impressions and clicks were in-line with the charges that I was being billed for. This seemed to match up.

Next, I decided to look at the leads I was getting during this time.

I analyzed where the leads were coming from, geographically. The site I was marketing sold a product that was targeted at U.S. and European investors, although theoretically anyone could use it.

At first glance, these leads seemed to make sense. Then I remembered that the orange dots represented a high concentration of leads.

I saw one orange dot in Florida. That was probably the result of my own testing.

Then I saw orange dots in each of the major Indian technology cities. I had just returned from India, and I knew what these cities were like. Each held millions of people, and most were lucky to make $2 per day doing hard labor.

It put the $7 CPC I was paying into perspective.

I decided to see if the percentage of leads from India during this traffic spike was higher than usual:

Spike vs. Average Traffic Comparison
Region During Traffic Spike Average
North America 27% 30%
Central/South America 4% 2%
Europe 14% 11%
Africa 6% 5%
Australia 1% 1%
India 37% 42%
Asia (Excluding India) 7% 6%
Middle East 3% 3%

What You Need To UNDERSTAND: The percentage of traffic from India was actually lower than normal during the traffic spike.

Again, I had found no real proof of fraud.

But wait… why are 42% of my leads coming from India?

I started to look at some of the email addresses. Almost all of them were or addresses. I compared these to the leads from the U.S. Most of these latter leads were people’s names at company domain names.

But still, there was no proof.

I decided to call Google. I spoke to someone there and told them my situation. They agreed that it sounded fishy and asked me to send them my data.

I did so, and felt confident that I would be able to report triumphantly to the research director that the charges would be reversed.

I waited and waited and waited.

Two weeks later, I got a forwarded email from the billing contact of the Google account in question.

It was a short email explaining that they had found no invalid clicks.

That was it. There was no further explanation.

We paid the bill. I had spent 276% of my monthly advertising budget in 3 days.

We are still awaiting further communication from Google.

Case Study #2: Fraudulent Referrers

In our second study, we tracked the referring URL’s to another test site for a 24-hour period. The ONLY proactive form of promotion or advertising for this site was from Google AdWords.

This following table ranks referring URL’s (external web pages) that brought traffic to the site. “Unknown” signifies traffic from no external URL, such as when a user arrives at the site via a bookmark, email link, or by typing the URL directly into the web browser.

Here were the results:

Fraudulent Referrers
Referrer Number Percentage
Unknown 171,991 79.81%
Google, Yahoo, MSN, AskJeeves, AOL Search, etc. 35,687 16.56%
SEO Parking and Spam Sites 7,824 3.63%
TOTAL 215,502

What You Need To UNDERSTAND: In this 24-hour period, 3.63% of our test site’s total traffic, or 17.98% of total search traffic, was from known sources of fraudulent search traffic.

The website tracking solution that generated this report identifies suspicious traffic by comparing originating domains to known sources of fraudulent traffic. This can help you eliminate fraudulent charges and keep tabs on large spikes in suspicious traffic.

The above report was generated with Urchin. Sophisticated website tracking solutions such as this can identify fraudulent traffic by domain.

How to Avoid Click Fraud:

The following tips come to us from Vinny Lingham, the founder of incuBeta (parent company of Clicks2Customers, Inc.):

Vinny’s Blog:

These tips should help you minimize click fraud:

  1. Watch the daily volume of clicks on your main keywords. If they fall outside the statistical averages, then investigate. A sudden drop in conversion may also indicate a problem.
  2. Be very conservative with content-targeted ads placed on third-party websites. These website owners are incentivized to click, or may recruit others to click the links on their sites. This is the majority of international fraud that you find, where many companies have set up shop, employing low-cost labor to click on various websites that they own.
  3. Only target the geographical regions where you do business — don’t waste clicks and impressions on countries you do not serve.
  4. If you have a select group of keywords that drive most of your traffic, try increasing your keyword base with more specific and relevant terms. The larger your keyword base, the less susceptible you are to click fraud in general.
  5. Review your server logs, and use applications like KeywordMax, Urchin, Clicktracks, or companies like ClickDefense to assist in monitoring your click fraud levels.
  6. Click fraud from (non-contextual) search engine traffic is very low, as no one except your competitors have an incentive to click your links. Competitors can only incur one charge in a given period, as search engines do not typically bill for multiple clicks from the same source. (Beware of those who do.) Contextual traffic is the highest risk of click fraud.
  7. Review IP addresses and IP ranges in your server logs over a given period of time, such as seven days. This will show you if many duplicate IP addresses come up, and you can report this to the search engines for investigation. The more information you give them, the more they can help you.
  8. If fraudulent or unproductive activity occurs primarily during a certain time of the day, then pause the campaigns for those hours.
  9. Don’t buy PPC traffic on unknown search engines. These will often allow bots and other suspicious activity in without a high level of click fraud filtering. These small companies may be hungry for revenue and more hesitant about eliminating potential fraud.Spend your money with Yahoo!, Google, AskJeeves, and MSN, until you’ve really tapped out your search budget. Then go for lower volume, but still high-quality second-tier engines like Looksmart. We’re spending well into eight figures this year on search, and we have yet to use another engine other than these, simply because we’re still exploring the keyword opportunities on the Big Four.
  10. KEY POINT: Avoid bidding high for position or branding. Use the tracking codes provided by the search engines or an alternative solution to understand your traffic behavior and conversion data.Don’t simply bid to be number-one, bid for the position at which the ROI is positive. Many times the perception of click fraud is simply a result of marketers assuming that the top position must convert well, when it may produce nothing but unqualified traffic.Tom Charvet, the Vice President of Technology for Click Forensics<>, offers this additional advice:
  11. In addition to monitoring paid conversions, you should also monitor your organic conversion rates. A sudden deviation in the ratio between these two conversion rates may indicate click fraud.
  12. Check your paid traffic for unusual activity in areas outside of your geo-targets. Specifically look for traffic from foreign countries that are unlikely to be interested in your products or services.
  13. The Click Fraud Network <> has identified that China, Egypt, and South Africa have generated the greatest volume of high threat-level traffic.
  14. High-traffic, expensive keywords are the most obvious targets for those involved in creating fraudulent clicks. Make their job harder by leveraging keywords that aren’t so inflated.

::Top Of Page::

(*1) See, for example:

Related MarketingExperiments Reports:

As part of our research, we have prepared a review of the best Internet resources on this topic.

Rating System

These sites were rated for usefulness and clarity, but alas, the rating is purely subjective.

* = Decent | ** = Good | *** = Excellent | **** = Indispensable


Editor — Flint McGlaughlin

Writers — Brian Alt
Nick Usborne

Contributors — Jalali Hartman
Vinny Lingham
Tom Charvet

HTML Designer — Cliff Rainer

::Top Of Page::

You might also like

Leave A Reply

Your email address will not be published.