This is “Search Engines, Ad Networks, and Fraud”, section 14.9 from the book Getting the Most Out of Information Systems (v. 2.0). For details on it (including licensing), click here.

For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. To download a .zip file containing this book to use offline, simply click here.

Has this book helped you? Consider passing it on:
Creative Commons supports free culture from music to education. Their licenses helped make this book available to you.
DonorsChoose.org helps people like you help teachers fund their classroom projects, from art supplies to books to calculators.

14.9 Search Engines, Ad Networks, and Fraud

Learning Objectives

  1. Be able to identify various types of online fraud, as well as the techniques and technologies used to perpetrate these crimes.
  2. Understand how firms can detect, prevent, and prosecute fraudsters.

There’s a lot of money to be made online, and this has drawn the attention of criminals and the nefarious. Online fraudsters may attempt to steal from advertisers, harm rivals, or otherwise dishonestly game the system. But bad guys beware—such attempts violate terms-of-service agreements and may lead to prosecution and jail time.

Studying ad-related fraud helps marketers, managers, and technologists understand potential vulnerabilities, as well as the methods used to combat them. This process also builds tech-centric critical thinking, valuation, and risk assessment skills.

Some of the more common types of fraud that are attempted in online advertising include the following:

  • Enriching click fraudGenerating bogus clicks, either for financial gain (enriching fraud), or to attack rivals by draining their online ad budget (depleting fraud).—when site operators generate bogus ad clicks to earn PPC income.
  • Enriching impression fraud—when site operators generate false page views (and hence ad impressions) in order to boost their site’s CPM earnings.
  • Depleting click fraud—clicking a rival’s ads to exhaust their PPC advertising budget.
  • Depleting impression fraud—generating bogus impressions to exhaust a rival’s CPM ad budget.
  • Rank-based impression fraud—on-sites where ad rank is based on click performance, fraudsters repeatedly search keywords linked to rival ads or access pages where rival ads appear. The goal is to generate impressions without clicks. This process lowers the performance rank (quality score) of a rival’s ads, possibly dropping ads from rank results, and allowing fraudsters to subsequently bid less for the advertising slots previously occupied by rivals.
  • Disbarring fraud—attempting to frame a rival by generating bogus clicks or impressions that appear to be associated with the rival, in hopes that this rival will be banned from an ad network or punished in search engine listings.
  • Link fraud (also known as spamdexing or link farming)—creating a series of bogus Web sites, all linking back to a page, in hopes of increasing that page’s results in organic search.
  • Keyword stuffing—packing a Web site with unrelated keywords (sometimes hidden in fonts that are the same color as a Web site’s background) in hopes of either luring users who wouldn’t normally visit a Web site, or attracting higher-value contextual ads.

Disturbing stuff, but firms are after the bad guys and they’ve put their best geeks on the case. Widespread fraud would tank advertiser ROI and crater the online advertising market, so Google and rivals are diligently working to uncover and prosecute the crooks.

Busting the Bad Guys

On the surface, enriching click fraud seems the easiest to exploit. Just set up a Web site, run PPC ads on the page, and click like crazy. Each click should ring the ad network cash register, and a portion of those funds will be passed on to the perpetrating site owner—ka ching! But remember, each visitor is identified by an IP address, so lots of clicks from a single IP make the bad guys easy to spot.

So organized crime tried to raise the bar, running so-called click farmsRecruiting a network of users to engage in click fraud with the goal of spreading IP addresses across several systems and make a fraud effort more difficult to detect. to spread fraud across dozens of IP addresses. The Times of India uncovered one such effort where Indian housewives were receiving up to twenty-five cents for each ad click made on fraudster-run Web sites.N. Vidyasagar, “India’s Secret Army of Online Ad ‘Clickers,’” Times of India, May 3, 2004. But an unusually large number of clicks detected as coming from Indian IP addresses foiled these schemes as well.

Fraudsters then moved on to use zombie networksSometimes called “clickbots” or “botnets,” these are hordes of surreptitiously infiltrated computers, linked and controlled remotely. This technique is used to perpetrate click fraud, as well as a variety of other computer security crimes.—hordes of surreptitiously infiltrated computers, linked and controlled by rogue software.C. Mann, “How Click Fraud Could Swallow the Internet,” Wired, January 2006. To create zombie networks (sometimes called botnets), hackers exploit security holes, spread viruses, or use so-called phishing techniques to trick users into installing software that will lie dormant, awaiting commands from a central location. The controlling machine then sends out tasks for each zombie, instructing them to visit Web sites and click on ads in a way that mimics real traffic. Zombie botnets can be massive. Dutch authorities once took down a gang that controlled some 1.5 million machines.T. Sanders, “Dutch Botnet Gang Facing Jail,” IT News Australia, January 18, 2007; and N. Daswani and M. Stoppleman, “The Anatomy of Clickbot” (paper, Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, April 11–13, 2007).

Scary, but this is where scale, expertise, and experience come in. The more activity an ad network can monitor, the greater the chance that it can uncover patterns that are anomalous. Higher click-through rates than comparable sites? Caught. Too many visits to a new or obscure site? Caught. Clicks that don’t fit standard surfing patterns for geography, time, and day? Caught.

Sometimes the goal isn’t theft, but sabotage. Google’s Ad Traffic Quality Team backtracked through unusual patterns to uncover a protest effort targeted at Japanese credit card firms. Ad clicks were eventually traced to an incendiary blogger who incited readers to search for the Japanese word kiyashinku (meaning cashing credit, or credit cards), and to click the credit card firm ads that show up, depleting firm search marketing budgets. Sneaky, but uncovered and shut down, without harm to the advertisers.M. Jakobsson and Z. Ramzan, Crimeware: Understanding New Attacks and Defenses (Cupertino, CA: Symantec Press, 2008).

Search firm and ad network software can use data patterns and other signals to ferret out most other types of fraud, too, including rank-based impression fraud, spamdexing, and keyword stuffing. While many have tried to up the stakes with increasingly sophisticated attacks, large ad networks have worked to match them, increasing their anomaly detection capabilities across all types of fraud.M. Jakobsson and Z. Ramzan, Crimeware: Understanding New Attacks and Defenses (Cupertino, CA: Symantec Press, 2008). Here we see another scale and data-based advantage for Google. Since the firm serves more search results and advertisements than its rivals do, it has vastly more information on online activity. And if it knows more about what’s happening online than any other firm, it’s likely to be first to shut down anyone who tries to take advantage of the system.

Click Fraud: How Bad Is It?

Accounts on the actual rate of click fraud vary widely. Some third-party firms contend that nearly one in five clicks is fraudulent.S. Hamner, “Pay-per-Click Advertisers Combat Costly Fraud,” New York Times, May 12, 2009. But Google adamantly disputes these headline-grabbing numbers, claiming that many such reports are based on-site logs that reflect false data from conditions that Google doesn’t charge for (e.g., double counting a double click, or adding up repeated use of the browser back button in a way that looks like multiple clicks have occurred). The firm also offers monitoring, analytics, and reporting tools that can uncover this kind of misperceived discrepancy.

Google contends that all invalid clicks (mistakes and fraud) represent less than 10 percent of all clicks, that the vast majority of these clicks are filtered out, and that Google doesn’t charge advertisers for clicks flagged as mistakes or suspicious.M. Lafsky, “Google and Click Fraud: Behind the Numbers,” New York Times, February 27, 2008. In fact, Google says their screening bar is so high and so accurate that less than 0.02 percent of clicks are reactively classified as invalid and credited back to advertisers.M. Jakobsson and Z. Ramzan, Crimeware: Understanding New Attacks and Defenses (Cupertino, CA: Symantec Press, 2008).

So who’s right? While it’s impossible to identify the intention behind every click, the market ultimately pays for performance. And advertisers are continuing to flock to PPC ad networks (and to Google in particular). While that doesn’t mean that firms can stop being vigilant, it does suggest that for most firms, Google seems to have the problem under control.

Key Takeaways

  • Fraud can undermine the revenue model behind search engines, ad networks, and the ad-based Internet. It also threatens honest competition among rivals that advertise online.
  • There are many forms of online fraud, including enriching fraud (meant to line the pockets of the perpetrators), depleting fraud (meant to waste the ad budgets of rivals), disbarring fraud (meant to frame the innocent as fraudsters), and methods to lower rival ad rank performance, or gain search engine ranking algorithms.
  • While fraudsters have devised ingenious ways to exploit the system (including click farms and zombie attacks), IP addresses and detailed usage pattern monitoring increasingly reveal bogus activity.
  • Fraud rates are widely disputed. However, it is clear that if widespread fraud were allowed to occur, advertisers would see lower ROI from online ad efforts, and Internet business models would suffer. The continued strength of the online advertising market suggests that while fraud may be impossible to stop completely, most fraud is under control.

Questions and Exercises

  1. Why is it difficult for an unscrupulous individual to pull off enriching click fraud simply by setting up a Web site, running ad network ads, and clicking?
  2. Why did hackers develop zombie networks? What advantage do they offer the criminals? How are they detected? Why do larger ad networks have an advantage in click fraud detection?
  3. How can you prevent zombies from inhabiting your computers? Are you reasonably confident you are “zombie-free?” Why or why not?
  4. What are spamdexing and keyword stuffing? What risks does a legitimate business run if it engages in these practices, and if they are discovered by search engines? What would this mean for the career of the manager who thought he could game the system?
  5. Which types of fraud can be attempted against search advertising? Which are perpetrated over its ad network?
  6. What are the consequences if click fraud were allowed to continue? Does this ultimately help or hurt firms that run ad networks? Why?