Click bots present a very real and present danger to PPC (Pay-Per-Click) Advertisers. To understand the issue better, we examine Pay-Per-Click advertising, how click bots work, and click fraud. For those who are unfamiliar with bots in general, we start there first.
What Are Bots?
The term ‘bot’ comes from ‘robot’ but here we use it to describe an ‘internet bot’ or a bot that is operational online. A bot in this sense is a computer program. Bots consist of sets of algorithms that direct their activity so that no human intervention is needed. At their most basic level, bots perform automated tasks that free up human time for other work and are much faster than us. Others, like Google Assistant, interact with people. They use machine learning to advance themselves so that their acts become more accurate.
While we usually obtain utility from bots, some have been programmed to be malicious and take the form of malware. Bad bot traffic of 67% has been traced to USA public data centers. It is these types of bots we are concerned with, specifically those that target marketing strategies.
Pay-Per-Click (PPC) Advertising
Social platforms (e.g., Twitter using Twitter Ads, and Facebook using Facebook Ads) and search engines (e.g., Google, using Google Ads) normally offer the PPC option to marketers. The business, through its marketing department, accepts the offer and places its ads on one or more of these sites. The company (the advertiser) pays the site (the publisher) every time someone clicks on one of their ads. The more clicks an ad gets, the more revenue is likely to be generated as potential customers may buy its products or services.
To use PPC, marketing must find keywords most relevant to their products (for example, 24-hour plumbing). When consumers search these keywords, the ads which have linked their websites to these keywords pop up on the search engine and the consumer may click on that ad.
The publisher benefits by getting paid for each click while the advertiser spends less on their marketing campaign and attracts customers, which is more valuable to them than what they pay for clicks.
How Click Bots Work
Click bots are designed to commit fraud. They are difficult to detect because they each have their own IP address, the same as any human user does on their device. This masks them as individuals. If the same IP address was used to click repeatedly on a link, the click bots could be noticed. As a result, many bots work together. A collection of bots working as a network is known as a botnet. The click bots infect the devices of multiple users as a type of malware to have many individual IP addresses. Most users are unaware of their devices being infected. One well-known botnet (Clickbot.A) infected over 100,000 devices.
Click bots are programmed to hide as ordinary users by mimicking human actions online, such as pauses, varying the time they take to click on the link on each site, etc. If not, they would be a lot easier to detect by running programs to check for identical behavior. Being part of a botnet also helps them stay hidden. However, there are ways to find and stop botnets. Additionally, there is a software called bot management that companies can use to identify bot traffic.
Click fraud can be carried out by humans too, and not only by bots. They set up web pages containing the ad and perform multiple clicks on it to get paid by the advertiser as PPC. Thus, the advertiser is paying for clicks that do not represent potential customers and will not lead to sales and revenue.
Recall that not all bot and human online fraud targets PPC advertisers. There are many other types of fraud being perpetuated. However, in one type of ad fraud, the purpose of clicking on the PPC ads is to make the business pay the publisher much more than it should. The intent behind this type of attack is to weaken the company’s financial assets. This could be a form of revenge for some real or perceived harm done by the business to the fraudster, who is not making any money from the scam.
A company may be responsible for one type of click fraud. Search engines, such as Google, take note of the click-through rate. This is the proportion of users to the search engine who click on a link. They aim to achieve a higher ranking on Google so that their link is one of the first in the list, and hence more likely to be clicked on by genuine users in the hope of boosting their sales.
Click farms are groups of humans involved in click fraud. They are generally paid very poorly. Thus, they tend to originate in developing countries with cheap labor.
Along with clicking on ads, they also select the ‘like’ button on social media sites to make them more visible. The nature of the Facebook page, for example, that is ‘liked’ and receives increased attention will indicate whether they are trying to garner support for a political or ideological group or to give an opinion more coverage. This can be seen with Russian trolls on various sites such as Quora trying to override the veracity of events in the war with Ukraine.
Scammers prefer click farms to botnets as human actions are less likely to be repeated exactly or arouse suspicion. On the downside, for them, is having to pay some of their ill-gained earnings to their labor force. Bots are also more efficient and will therefore be more productive.
Click bots are dangerous to PPC advertisers for several reasons. For example, click fraud causes the loss of billions of dollars, with advertisers losing $19 billion in 2018. Businesses end up paying for fraudulent clicks, which knocks their advertising budget without the benefit of attracting customers. It can also seriously skew website analytics and make it impossible to gauge the success of a marketing campaign.