Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Click fraud
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Organization== Click fraud can be as simple as one person starting a small Web site, becoming a publisher of ads, and clicking on those ads to generate revenue. Often the number of clicks and their value is so small that the fraud goes undetected. Publishers may claim that small amounts of such clicking is an accident, which is often the case.<ref name=":0" /> Much larger-scale fraud also occurs in [[cybercrime]] communities.<ref name="techcrunch">Schonfeld, Erick; [https://techcrunch.com/2009/10/08/the-evolution-of-click-fraud-massive-chinese-operation-dormring1-uncovered/ The Evolution Of Click Fraud: Massive Chinese Operation DormRing1 Uncovered]". [[TechCrunch]]. October 8, 2009.</ref> According to Jean-Loup Richet, Professor at the Sorbonne Business School, click fraud is frequently one link in the large [[ad fraud]] chain, and can be leveraged as part of a larger identity fraud and/or attribution fraud. <ref>{{Cite journal|last=Richet|first=Jean-Loup|date=2022|title=How cybercriminal communities grow and change: An investigation of ad-fraud communities|journal=Technological Forecasting and Social Change|volume=174|issue=121282|page=121282|doi=10.1016/j.techfore.2021.121282|s2cid=239962449|issn=0040-1625|doi-access=free}}</ref> Those engaged in large-scale fraud will often run [[Scripting programming language|scripts]] which simulate a human clicking on ads in Web pages. <ref>{{Cite journal |last=Richet |first=Jean-Loup |date=2011 |title=Adoption of deviant behavior and cybercrime 'Know how' diffusion |journal=York Deviancy Conference}}</ref> However, huge numbers of clicks appearing to come from just one, or a small number of computers, or a single geographic area, look highly suspicious to the advertising network and advertisers. Clicks coming from a computer known to be that of a publisher also look suspicious to those watching for click fraud. A person attempting large-scale fraud, from one computer, stands a good chance of being caught. One type of fraud that circumvents detection based on IP patterns uses existing user traffic, turning this into clicks or impressions.<ref name="indiana">Gandhi, Mona; Jakobsson, Markus; Ratkiewicz, Jacob;[http://mobiusrobot.com/badvertisements Badvertisements: Stealthy Click-Fraud with Unwitting Accessories] {{webarchive|url=https://web.archive.org/web/20160304230345/http://mobiusrobot.com/badvertisements |date=2016-03-04 }}", [[Anti-Phishing Working Group|APWG]] eFraud conference, 2006</ref> Such an attack can be camouflaged from users by using 0-size [[HTML element#Frames|iframe]]s to display advertisements that are programmatically retrieved using [[JavaScript]]. It could also be camouflaged from advertisers and portals by ensuring that so-called "reverse [[Web crawler|spiders]]" are presented with a legitimate page, while human visitors are presented with a page that commits click fraud. The use of 0-size iframes and other techniques involving human visitors may also be combined with the use of incentivized traffic, where members of "Paid to Read" (PTR) sites are paid small amounts of money (often a fraction of a cent) to visit a website and/or click on keywords and search results, sometimes hundreds or thousands of times every day<ref name="businessweek">{{cite web |author1=Grow, Bryan |author2=Elgin, Ben |author3=with Herbst, Moira |url=http://www.businessweek.com/magazine/content/06_40/b4003001.htm |archive-url=https://web.archive.org/web/20061004202255/http://www.businessweek.com/magazine/content/06_40/b4003001.htm |url-status=dead |archive-date=October 4, 2006 |title=Click Fraud: The dark side of online advertising |publisher= [[BusinessWeek]] |date=October 2, 2006}}</ref> Some owners of PTR sites are members of PPC engines and may send many email ads to users who do search, while sending few ads to those who do not. They do this mainly because the charge per click on search results is often the only source of revenue to the site. This is known as forced searching, a practice that is frowned upon in the Get Paid To industry. [[Organized crime]] can handle this by having many computers with their own Internet connections in different geographic locations. Often, scripts fail to mimic true human behavior, so organized crime networks use [[trojan horse (computing)|Trojan]] code to turn the average person's machines into [[zombie computer]]s and use sporadic [[URL redirection|redirects]] or [[DNS cache poisoning]] to turn the oblivious user's actions into actions generating revenue for the scammer. It can be difficult for advertisers, advertising networks, and authorities to pursue cases against networks of people spread around multiple countries. Impression fraud is when falsely generated ad impressions affect an advertiser's account. In the case of [[click-through rate]] based auction models, the advertiser may be penalized for having an unacceptably low click-through for a given [[keyword (Internet search)|keyword]]. This involves making numerous searches for a keyword without clicking of the ad. Such ads are disabled<ref>{{cite web|url=https://www.theregister.co.uk/2005/02/03/google_adwords_attack/ |title=Botnets strangle Google Adwords campaigns, Keyword Hijacking Risk |publisher=The Register |access-date=2005-02-04}}</ref> automatically, enabling a competitor's lower-bid ad for the same keyword to continue, while several high bidders (on the first page of the search results) have been eliminated. ===Hit inflation attack=== A hit inflation attack is a kind of fraudulent method used by some advertisement publishers to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites. It is more sophisticated and harder to detect than a simple inflation attack. This process involves the collaboration of two counterparts, a dishonest publisher, P, and a dishonest Web site, S. Web pages on S contain a script that redirects the customer to P's Web site, and this process is hidden from the customer. So, when user U retrieves a page on S, it would simulate a click or request to a page on P's site. P's site has two kinds of webpages: a manipulated version, and an original version. The manipulated version simulates a click or request to the advertisement, causing P to be credited for the click-through. P selectively determines whether to load the manipulated (and thus fraudulent) script to U's browser by checking if it was from S. This can be done through the [[HTTP referer|Referrer field]], which specifies the site from which the link to P was obtained. All requests from S will be loaded with the manipulated script, and thus the automatic and hidden request will be sent.<ref name="Anupam">{{cite web |url=http://www.id.uzh.ch/home/mazzo/reports/www8conf/2149/pdf/pd1.pdf |author1=V. Anupam |author2=A. Mayer |author3=K. Nissim |author4=B. Pinkas |author5=M. Reiter |title=On the Security of Pay-Per-Click and Other Web Advertising Schemes. In Proceedings of the 8th WWW International World Wide Web Conference |pages=1091–1100 |year=1999 |publisher=Unizh.co |access-date=2014-03-11 |archive-url=https://web.archive.org/web/20171010023048/http://www.id.uzh.ch/home/mazzo/reports/www8conf/2149/pdf/pd1.pdf |archive-date=2017-10-10 |url-status=dead }}</ref> This attack will silently convert every innocent visit to S to a click on the advertisement on P's page. Even worse, P can be in collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of P, the non-fraudulent page will be displayed, and thus P cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exists, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible.<ref name="Anupam" /> Another proposed method for detection of this type of fraud is through use of [[association rule]]s.<ref>{{cite web |url=http://www.cs.ucsb.edu/research/tech_reports/reports/2005-13.pdf |author1=A. Metwally |author2=D. Agrawal |author3=A. El Abbadi |title=Using Association Rules for Fraud Detection in Web Advertising Networks. In Proceedings of the 10th ICDT International Conference on Database Theory |pages=398–412 |year=2005 |access-date=2013-03-01 |archive-date=2020-07-31 |archive-url=https://web.archive.org/web/20200731205901/https://www.cs.ucsb.edu/research/tech_reports/reports/2005-13.pdf |url-status=dead }} An extended version appeared in a University of California, Santa Barbara, Department of Computer Science, technical report 2005-23.</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)