Click fraud is when a person or computer program clicks an ad (often multiple times) with the intent of charging the advertiser (usually a competitor to the person or organization committing the fraud).
Two articles on AdWords click fraud caught my attention this week. The first article, Hackers Helping Businesses Commit Click Fraud on Competitors’ AdWords, talks about companies sometimes hiring hackers to use a myriad of programs to click their competitor’s ads so many times that they max out their daily budget before the start of the business day, taking them down for the day. The second article, Google AdWords Says You Can Be Charged For Invalid Clicks When…, reveals a commonly deployed defense, banning IP addresses, may be less effective than imagined. Banning an IP address does not mean that you can prevent users from that IP from clicking on your ads:
1. “There are cases where a search is made with with IP ‘A’ (which was not excluded) and then the click is made with IP ‘B’, which is excluded but Google has no control over it.
2. You are charged [based] upon these clicks unless we detect these clicks as fraudulent. The fact that you have blocked an IP and that a click is made with this IP is irrelevant because the search that led to this click is done with a different IP.”
The article explains that this situation is likely a rarity, but it makes you think if IP exclusions are not foolproof, how can we protect our AdWords accounts from such attacks?