When most of us think of internet scam, we think of stealing credit card details, swingling premium rate text message (SMS) subscriptions or e-mails from supposed heirs of African fortunes. But as it turns out, advertisers also fall for scams worth billions of dollars every year.
Ironically, most often the companies who fall prey to fraud are those who tend to use performance-based marketing and decide to allocate their budgets on the basis of metrics such as the number of visits, gathered leads or generated revenues.
One of the most known types of online advertising fraud is most probably click fraud in Google Ads. Usually we accuse our competitors of such misbehaviour, but it can also be caused by bots which analyse search results, gather content and other data.
Google successfully filters out this type of activity and does not charge the advertisers for those clicks (fig. 1).
Google itself is genuinely interested in counteracting this phenomenon. Invalid clicks, if they were not eliminated, would lower the value of traffic generated by ads. In such case, advertisers wouldn’t want to increase CPC rates, because some of the traffic they pay for would be fake, and would never convert. Any tolerance or support for this type of practice would pose a great threat to Google’s reputation and the trust of advertisers and it could result in multi-million penalties. So, Google is an ally of advertisers.
What about those invalid clicks which Google does not recognise though? The advertiser who runs their Google campaigns, in the long run, shouldn’t worry about them too much. In the mid and long-term perspective, the higher the CTR, the lower the CPC. In a nutshell, Google converts the cost per click into effective cost per impression. If the ad gets more clicks than other ads, the Quality Score increases and the cost of a click decreases.
Indeed, false clicks lower the value of the incoming traffic but the advertiser who measures the cost of conversion is able to take it into account and adjust the CPC bids accordingly. And, although false clicks aren’t completely neutral in terms of ad efficiency, the mechanisms described above make them relatively harmless for performance-driven advertisers.
False conversions are a little more advanced type of scam. They take place in many different ways:
This type of scam happens mostly in affiliate networks, where advertisers pay for the traffic in the CPA model (Cost Per Action). In this type of networks, the barrier of entry for publishers is usually very low. Some publishers don’t mind their reputation and in case they are compromised, they just close down and reappear under a different name and domain.
We can also encounter this type of scam in CPC or CPM advertising, like a regular display network. In this case, the publisher is not directly paid for the conversions generated by ads, but if the given placement or publisher generates conversions, it will attract more ads and more budgets.
In the end, we can always see if the money gets to our bank account and if the deadline for refund claims has passed. Nowadays, the tracking systems allow conversion import from other databases (offline conversion) and linking them to particular clicks and traffic sources. A simple analysis will make clear which sources generate real transactions and which ones deliver worthless leads. Alternatively, instead of importing offline conversions you can push ValueTrack parameters to your CRM (see the Google Ads help article here).
False clicks and conversions are a primitive type of fraud which is simple to detect. Advertisers who eliminated them, feel that they effectively protect themselves from fraud. Meanwhile, scammers make the most money in a completely different way.
In this type of scam, the source of conversion is completely different than the one for which the advertiser actually pays, because the swindlers create an illusion to prove that they are the ones who actually brought the lead.
So you might ask: if the transaction actually took place, what’s the problem?
The problem is that the advertiser probably paid to get this lead in a different way before, and the scammer demands a payment even though their contribution to this conversion was minimal, or none.
As a result, the advertiser pays twice for the conversion and the real sources of leads suffer in terms of future budgets.
Ad stacking is a primitive type of attribution fraud which is rather easy to detect. The purpose of this fraud is to charge commissions multiple times for a single click. The commission may be paid by the same or by a number of different advertisers. The user clicks on a single ad but in reality, it generates many clicks with redirects to a number of different advertising/affiliate networks (fig. 2).
Those clicks are often invisible to the user. Websites often open in a pixel-sized window or they are visited for a fraction of a second in consecutive redirects before the user lands on the page they intended to visit. Technology does not matter, it’s all about planting a cookie file in your browser.
It sometimes happens that such multiple clicks are leading to the same website or app, but were published through different networks. If the user converts, then each of these networks will claim this transaction as their own conversion. If the advertiser does not use deduplication, they will pay several times for a single conversion – regardless of whether these ads are paid for in the CPA model or indirectly through CPC.
Ad stacking is relatively easy to discover, as the same user generates a series of clicks from different sources in a very short period of time (usually milliseconds). Such publisher can be quickly identified by the advertising network or by an advertiser who uses several networks simultaneously.
Also known as click flooding or click spam. This technique is to make a very large number of random users to click the ad, hoping that at least some of them will convert.
The affiliate network tracking system does not see other interactions but their own. Therefore, even if there are interactions with other, legitimate ads on the conversion path, the CPA commission will be attributed to the click of the spammy ad. This way the scammer takes credit for conversions actually generated by other sources (fig. 3).
One of the easiest victims of click flooding is direct traffic. In case of users who are loyal customers, who come from recommendations or from other offline sources, the click of a spammy ad (often unintentional) may appear as the only interaction on their conversion path. Regardless of the attribution model, the transaction is attributed to the spammy click, even though it had no contribution to the conversion.
For this reason, scammers usually target large and popular brands, with lots of organic and direct traffic who use numerous online and offline advertising channels. It’s all based on the scale: if an advertiser has a significant market share, you can expect with some degree of probability that a random internet user who has been planted a cookie file by a spammer may soon make a purchase. By using ad stacking, the spammer can distribute advertising cookies of many competing companies, which increases the chance that one of these ads will convert (fig. 4).
This operation may be profitable if clicks are acquired at a very low cost. And for that to be possible, those clicks are usually forced, and very often invisible to the user. And of course, they have absolutely no influence on the user’s purchasing decisions. Examples of such activities:
Even if the advertiser deduplicates transactions and analyses multichannel paths, it may happen that the spammy click will be simply lucky to be the last or even the only interaction on the conversion path.
This is one of the most sophisticated performance marketing scams. These interactions are artificially “injected” into the conversion path right before a purchase is made. Here are a few examples:
If you decide to use discount codes in your marketing campaigns as an incentive, don’t place a “discount code” field on the checkout page, because it will encourage your customers to abandon their transaction and look for the coupon, even if they never thought about it before. This way you reward the customer and the code distributor for nothing. Moreover, while looking for the coupon, the user may come across some more attractive offers and you can lose customers just one step before they finalised their purchase.
Discount coupons should be activated through dedicated landing pages, which automatically add discounts to the basket. This way is also better from the UX perspective, rather than if the users have to remember the code and use it at the checkout then. A discount code should also have an expiry date, which should be visible to the user so that they are more motivated to make a quick purchase.
First and foremost, don’t get lured by fast profits. If money comes too easy, you should be suspicious. The advertising industry is very competitive and largely effective, which means that what you pay for the traffic is actually close to its value. You can only occasionally get a better deal, and usually to a small scale.
Validating and deduplicating conversion is the first step. How many publishers “claim” the given conversion? Are the achieved effects real, or only apparent?
Make sure that your leads are real and that they convert to transactions. Take into account all returns and complaints. If you have a complete system of conversion tracking, you can easily detect any kind of false conversion and by following the trace you can eliminate fraudulent ads.
And even if your conversions are real and paid in full, you should not put your guard down. Attribution fraud is often committed to a much larger scale than a primitive scam based on fabricating leads. Here, you have to analyse your entire conversion path, including the time stamps and try to detect suspicious activity.
Consider what you pay for. Wayfair.com, a major online home store for furniture and decor, has introduced an interesting and relatively simple solution that prevents conversion hijacking, particularly by coupon websites. Wayfair.com has altered the method of how they attribute conversion to affiliates in its program.
Instead of rewarding the last affiliate that a visitor clicks on before making a purchase, they attribute the conversion to the last source that a visitor clicks on before adding something to the cart. Thanks to this, they compensate a content affiliate who was earlier in the funnel rather than all of the coupon sites that jumped in at the last minute. For more details, see this Acceleration Partners blog post.
Curious whether it matters in your case? In your Google Analytics, for the “converters” segment, compare the traffic sources effectiveness for “purchase” vs. “add to cart” goal – and see how the attribution changes.
Keep in mind that scammers can use camouflage. They may mix traffic coming from different sources, which will make some metrics look completely normal. Most probably you will only be able to detect a small share of fraud attempts. Each activity should be assigned to a responsible publisher and used to evaluate their credibility.
Fraud is not a mistake or coincidence. It is a planned and deliberate activity. You should immediately terminate your partnership with any publisher whom you catch red-handed. No excuses.
A large share of responsibility for detecting and fighting scams falls on advertising/affiliate networks. They usually have access to more data about the traffic coming from publishers, which allows them to detect suspicious activity more quickly and cut scammers off from the possibility to extort money from advertisers.
It seems as if renowned networks such as Facebook or Google, actually effectively take action against fraudsters.
Unfortunately, in many other networks, partner validation procedures and monitoring of their activity are often insufficient. Sometimes it looks like they turn a blind eye on some unfair practices because they do increase their revenues.
For this reason, when choosing sources of traffic, you should rather verify and accept publishers on your own, and monitor how they deliver traffic.
Terms and conditions of your affiliate programs should clearly define forbidden practices and allow for blocking payment of the entire due commission in case you discover even a single case of manipulation.
You should approach anonymous publishers with much scrutiny. Why do they not disclose their identity? Remember that some sources of traffic can be staged (doorway pages). Is it possible that an unknown website with average content generates so much traffic and conversion?
When it comes to monitoring and validation, don’t rely solely on the advertising/affiliate network. Unless you don’t mind becoming an easy target for the scammers of this world.
One million zlotys of annual revenue is 83,333 PLN per month. If you have a subscription-based…
B2B companies often have long sales cycles. Ours is one of the exceptions, because the average…
Bigger companies usually have resources to produce large amounts of diverse content, but often this doesn’t…