You may have noticed that some news outlets this week have been covering a story on a new, and particularly devious, model of click fraud that has been discovered by a Harvard Business School professor named Ben Edelman. (Find the Forbes.com article here). As regular readers of Junkie well know, click fraud is a major source of interest to us, as it should be to anyone involved in e-commerce. And as far as click fraud schemes go, this one is a doozy so it certainly necessitates some attention from us.
So what makes this version of click fraud so dangerous? The scheme not only simulates valid Google ad clicks, it also simulates a real customer and an actual sale on that advertiser’s site, a combination that many industry experts once thought was unimaginable
How does it work? According to Edelman, the perpetrators of the fraud, believed to be a site called TrafficSolar.com, make deals to host Google PPC ads through an extensive network of Google affiliate partners. Each of those partners place their ads on other sites in exchange for a slice of the revenue. TrafficSolar then infects web users’ computers with spyware by exploiting a security loophole in Windows XP or Internet Explorer when that user visits a site that they have compromised.
If someone with an infected machine visits one of any number of popular shopping sites, the spyware on their machine produces up a large pop-up window that covers the entire browser and obscures the legitimate shopping portal. The pop-up is created by TrafficSolar simulating a click on one of those ads in its network of Google partners, an ad for the exact site the user intended to visit in the first place. Unsuspecting shoppers complete a transaction on that pop-up window thinking they’re on the correct site. The result is TrafficSolar and its ad partners get a share of the PPC fee paid by the original advertiser while the shopping site logs the visit and transaction as legitimate, with no clear reason to suspect otherwise. Later on, because these transactions appear to be legitimate evidence of traffic conversion, an advertiser may be inclined to raise their bids in Google’s ad auction system.
Ok, we know that this is dizzyingly complicated so don’t feel bad if it’s making your head spin. It certainly had a similar effect on us. But while knowing every nitty gritty detail of this scheme isn’t particularly necessary, what IS important is that you’re aware this threat exists and that it is operating through an ad network (Google) that many of you probably already use.
So what can you do? As we always recommend, educating yourself on the issue of click fraud is vitally important. Acknowledge that, as an online advertiser, you are in the crosshairs of people who are constantly using new and stealthy ways to carry out their click fraud schemes. And if you’re using Google as an advertising network, pay very close attention to your conversion rates and data. Look for discrepancies and when you find them, notify your Google representative immediately.
For retailers and e-commerce entities in particular, we strongly recommend that you utilize sites that do not use CPC or PPC pricing models at all. Sortprice.com is one such price comparison site that employs a monthly fee pricing structure instead. You get unlimited clicks for all of your products and no possibility of click fraud.
We’ll continue to track this story for you as new details emerge. But we want to hear from you on this issue. If you have questions about this or any other version of click-fraud, post it below and we promise we’ll get you as comprehensive a reply as possible.
[...] on their credit cards. Of course, this can sometimes be the result of an advanced version of click fraud that we reported on about a month ago. But it’s also likely that people are seeing these [...]