Online advertising is huge. In 2019, it’s estimated that more than $330 billion was spent on digital advertising platforms including Google, Facebook and Amazon. According to research by Cheq and the University of Baltimore, $35 billion was wasted on click fraud during 2020, with that figure set to rise in the coming years.
With such a huge slice being taken from the advertising pie, what exactly are the giants such as Google doing to prevent click fraud? After all, if the money was being taken from them, they’d certainly have that locked down pretty quickly.
If you’re spending money on Google Ads, you probably want to know what Google is doing to prevent click fraud and ad fraud for their customers.
What constitutes click fraud?
For the uninitiated, click fraud is where you receive clicks on your paid links when the clicker has no interest in buying your product. Often done for malicious purposes, click fraud can encompass competitors trying to damage your online advertising budget, or organised fraudsters making money from spoofed websites.
You can read all about the practice of click fraud and ad fraud in our in-depth guide.
Google refers to all non-genuine clicks on paid ads as ‘invalid clicks’, which can cover everything from a genuine slip of the finger, to an organised click farm setup clicking on your ads.
Click fraud is estimated to affect around 20% of all paid links on the internet, from display ads or video, to paid search engine page results.
Put simply, if you’re paying for web traffic, you are most likely paying out a reasonable chunk to fraud of some kind. And this includes not just search engine traffic, but other forms of paid links such as social media. So, what do the advertising giants such as Google do to protect your campaigns from click fraud and other fraudulent activity?
How does Google track and prevent click fraud?
Advertising revenue is by far Google’s biggest earner, so it should be in their interest to ensure confidence in the platform. So, yes, Google does have an entire department dedicated to filtering and preventing click fraud on Google Ads.
The sentiment in the marketing industry though is that Google do just enough, but could do more… The reasoning most often cited is that Google make money from each click, fraudulent or not, so they have little interest in shutting fraud down.
This slightly cynical view might have built up traction over the years, but the truth is that snuffing out fraudulent clicks is a Herculean task. Google do their part for sure, but there are holes in their processes, as we’re about to see.
Google Adsense site verification
One of the main reasons Google is such a powerful platform is that they offer ad placement on over 11 million websites. If you want to advertise your product on a popular website with the potential for huge amounts of traffic, Google Ads is a solid choice.
With a nicely designed banner ad, you’ll quickly be channelling the kind of traffic that could take years to build organically. And you can have a global advertising reach, ensuring all sorts of people see your ads, building your brand rapidly.
The problem is that a lot of websites are made specifically for maximising advertising revenue. Some of these are just low quality sites designed to generate views and clicks on ads. Others are made to display fraudulent ads often with spoofed domains and sophisticated processes to maximise the impressions – a practice known as ad fraud.
These spoofed sites are created simply to host display ads and collect the payout from clicks channelled through them, usually from bots or click farms. In fact, on many of these spoof sites, human eyes may rarely see the content let alone the ads.
So what is Google doing about this?
When a site is submitted to Adsense, Google will manually verify the quality before approving it to host banner ads. In truth, getting your site submitted to Adsense isn’t difficult. You just need to present a website that looks half decent and is made for human usage, with sufficient content on it.
All sites submitted to Google’s Adsense program are verified by real live humans to make sure they have decent load times, are readable by human eyes and are generally functional. In short, Google just need to see that your website is a real working website.
However, one of the key complaints is that it’s pretty easy for an unscrupulous webmaster to create a website that looks the part. In fact, in one article, a marketer looking at over 48,000 Adsense sites estimated that around 90% of them are fake.
An industry wide initiative has recently tried to remedy this with ads.txt , which allows marketers to specify who displays their ads. Although effective in some ways, ads.txt has created new problems, which you can read about here.
Violations of terms
When you submit your Adsense site for verification, Google do make it quite clear that they will not tolerate fraud. The fraud detection process is ongoing, and if your site is the source of an abnormal amount of fraudulent clicks, publishers can be suspended or even rejected.
Of course, the odd fraudulent click doesn’t make one website publisher a fraudster themselves. There are many ways sites can be subjected to PPC fraud, so if there is a case against the webmaster they are given opportunities to put it right.
For many webmasters, hosting display ads is an honest way to monetise their content. This is usually how bloggers and online magazines make their money, so just because you haven’t heard of a site doesn’t make it dodgy.
Keep an eye on the sites you receive click traffic from during your PPC advertising campaigns, and flag those that seem suspicious.
Algorithms to protect PPC ads from accidental clicks
To be fair to Google, they do have some effective algorithms in place to minimise accidental ‘invalid’ clicks. Say, for example, that you’re browsing a site on your phone and you accidentally click on an ad that opens a new page. You close this page quickly and continue reading the content you wanted to…
In the meantime that accidental click is already being recognised as an invalid click by Google’s algorithms and the advertiser has not had to pay for it.
The giveaway here is that the bounce rate was extremely high, with the user closing the site either before it even loaded, or within seconds of it loading. This is typical of accidental clicks and is relatively easy for Google (and other advertising platforms) to handle.
Google Play Protect
One of the growing frontiers for ad fraud is mobile apps, or app malware. An example of this is the DrainerBot malware which managed to proliferate through thousands of apps and millions of downloads thanks to some iffy code in a software kit.
To help eliminate this kind of malware, Google introduced Play Protect, which scans apps for suspicious code and malware. It also alerts users to the potential of security exploits in app downloads, and attempts to close loopholes by requiring developers to create software that is suitable for newer and more secure versions of Android.
The Play Protect system actually prevented over 1.9 billion malware downloads in 2019. Although this initiative is an excellent idea and has helped minimise malware on the Android platform, the problem is still growing. Malware can often be inserted into apps after downloading, usually via an update (known as a dropper); or ‘side loading’, which is when an app is downloaded from a source other than the app store.
Simply put, malware is a problem that refuses to go away. Google are constantly fighting the war, but as soon as one battle is won, a new threat emerges.
Automated and manual filters to prevent fraud activity
Being able to call on the global creme de la creme of technological experts, you would expect Google to have some solid defenses against click fraud. And, indeed they do. In fact they currently have around 180 sophisticated data filters which are constantly updated. They also have a dedicated team who are on the hunt for botnet activity and will manually review suspicious activity on PPC ads.
But that doesn’t mean you can just sit back and assume they’ve got it covered. If you’re using Google Ads to promote your business, you should still keep an eye on the activity on your ads, including suspect IP addresses, unusual publisher sites and surges in click activity.
If you do find anything unusual that you think needs attention, make sure to report it to Google and follow their guidelines to minimise exposure to click fraud and ad fraud.
Is Google doing enough?
Looking at Google Ads traffic quality pages, there is no denying that Google is doing a lot to prevent invalid clicks on your paid ads. They have whole dev teams dedicated to monitoring fraud and updating software. But, by our data, click fraud is fairly consistent, even with these measures in place.
ClickCease still filters out millions of bot clicks and other unusual activity every month.
So if you’re asking if Google is doing enough, it’s tough to call. The answer might be that they do things differently, or perhaps they do enough to prevent the most obvious forms of invalid clicks such as accidental clicks.
With the estimated figure of 90% (not our estimate) of Adsense sites being spoofed, it certainly appears that there is room for improvement. The problem is that Google makes good money from the clicks on ads, even if the ads are on spoofed sites. And without a significant re-jig to the way sites are approved, this looks likely to continue.
Yes, the Play Protect and ads.txt measures that were introduced have helped in some respects. But as we’ve mentioned, fraudsters are resourceful and will always find another route in.
Updates on the way
You may already be aware that there are some big updates from Google in the pipeline. One of the big ones is that Google will discontinue the use of third-party cookies in Chrome. The theory behind this is that it gives internet users more privacy, with targeted advertising based on individual behaviour and a switch to ‘cohorts’, or groups of similar people.
Google are also planning to change the way they monitor and filter click fraud. Just how effective this will be remains to be seen. However one of the main problems with any of these major changes is that fraudsters almost always find away around them.
As we’ve seen, ads.txt didn’t stop ad fraud, and in some respects created a new form of PPC fraud. Play Protect too only changed the way the fraud happened with apps, and hasn’t had an impact on the volume of fraudulent clicks. So even if Google works hard to prevent click fraud, it seems there is always another problem that arises.
How does third party click fraud software help?
Although limiting the sites your ad appears on can be very useful, it isn’t the solution for everyone. After all, if you have a new business or a product launch, it’s likely you’ll want your ad to appear as often as possible across many different sites. And the truth is that calling which site is spoofed and which isn’t is actually pretty difficult.
Click fraud protection software such as ClickCease operates in a different way to Google. By assigning a unique ID to each device that clicks on a PPC ad, we can identify multiple clicks from the same source, even if they use VPNs or other methods to change IP address.
Third party software is also dedicated to eliminating click fraud on your PPC ads, with blacklisting for suspicious IP addresses and automated ad blocking for shady IPs and devices.
This gives you the opportunity to display your Google Ads freely, but by using anti click fraud software you’ll be able to block fraudulent clicks and other suspicious activity.
As the industry leading and most trusted click fraud software, ClickCease offer unbeatable protection from ad fraud and click fraud. Sign up for a free trial to find out how your PPC ad campaign can be protected.