Pay-per-click fraud is costing top tech companies, and you, hundreds of millions of dollars

Click fraud prevention company PPC Shield has released the results of a study that concludes the biggest companies in the U.S. have lost a combined $717 million dollars to abuse of pay-per-click (PPC) advertising fraud. 

PPC click fraud involves repeatedly clicking on a website banner advertisement for, broadly, one of two purposes: Depleting an advertising budget, or artificially boosting ad revenue. Regardless of the reason, click fraud is malicious and has a negative impact on both ad networks and advertisers. 

SEE: Google Chrome: Security and UI tips you need to know  (TechRepublic Premium)

PPC Shield’s study focused on Google’s advertising network and looked at Fortune 500 companies’ consumer-facing websites to find the total estimated cost of their PPC activity over the past twelve months. Combined with what PPC Shield said is an industry-expert calculation that 14% of PPC clicks are fraudulent, the study arrived at some massive losses for the biggest Fortune 500 companies by advertising spend. 

Google, the top spender, invested an estimated more than $680 million, resulting in a potential loss greater than $95 million. Dell Technologies list an estimated $73 million, and Amazon approximately $48 million. 

PPC Shield said that its figures show top companies consider PPC an important part of their advertising strategy. “It also demonstrates the considerable threat that click fraud poses, highlighting that every company, no matter the size of its budget, should ensure that its spend on pay per click advertising is properly protected from fraud,” PPC Shield said. 

Businesses aren’t necessarily the ones being targeted by PPC fraudsters, said Gartner Senior Research Director Jonathan Care, because the attack is actually against the pay-per-click system itself. “The target is actually the ad network offering the ad; in many cases a click fraudster will set up their own “victim” site and self-click,” said Care. 

That may take a load off the mind of anyone who is simply hosting ads and not advertising themselves, but ad networks and those who pay per click to have their ad displayed should still be concerned, particularly for their reputation, Care said. 

“If a web business is seen by advertising networks as particularly vulnerable to click fraud, they are also likely to be vulnerable to other attacks such as scalper bots,” Care said. That means that ad networks may start reducing or delaying payments as a way to combat what it sees as fraud.

“The evolution of e-business in journalism, music publishing and other creative businesses has resulted in ad revenue being particularly important in these areas, and Gartner sees that many media distribution networks are taking direct action where click fraud is detected,” Care said. 

Click fraud makes itself more of a nuisance by being hard to fight, Care said. He described click fraud as just another type of deception attack, which means attackers are probably trying to hide their tracks and appear like a legitimate customer. 

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Care said the only good way to fight click fraud is to set up an identity system that monitors device and behavior to look for anomalies. “This would allow undesirable participants to be identified and therefore excluded from any revenue payments,” Care said. 

Outside of implementing a system of the type Care described, it’s also a good idea to know what click fraud looks like. PPC Shield said there are three red flags to watch out for when examining your PPC ad campaigns: A clickthrough rate that is abnormally high, lower engagement and shorter bounce times than expected, and a sudden drop in ROI.  

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see