Click Fraud Analysis

Click Fraud

A Pervasive Problem

Click fraud is much more prevalent than anyone would like to think. When a competitor finds out that they can burn you by vaporizing your advertising budget and destroying dollars, by clicking on your paid search or other advertisements, the allure of putting you one step closer to being out of business, is strong enough to compel many dishonest people to engage in fraudulent clicks and other tactics that are easily obscured in the attribution vector. Clicks cost advertisers like attorneys $100 per click much of the time, hence a single click can set back a law firm’s competition by a significant amount of money, producing a significant loss. And, to make that spirit more despicable, this is only one flavor of click fraud. Criminals don’t have to burn up your ad dollars to harm you. They can poison your data and use a number of other exploits to try and set you back. This is why you always want to keep your server logs available, even if you have to store them offline. The logs on your server can reveal information that clickstream analytics tools cannot (or chose not to provide for privacy reasons). Don’t make the mistake of using a web host that won’t store your logs or chooses not to do so to reduce their need to deal with criminal activity. This will become a more common activity on the part of web hosts. Until the attribution vector is regulated by standards that protect individuals, anyone in this realm of the web is a potential victim.

Pattern Detection and Smart Protection

If you wish to find out if you are experiencing click fraud, you’ve come to the right place. Verticle Leap can help you analyze your data to see if there are strong patterns of click fraud present. We employ a number of different methods to determine if there is the likelihood of click fraud or to find out if another cause might exist. Most importantly, we help you put into place methods that will help thwart this activity.

Pattern detection is one of the keys to finding the existence of click fraud. Fraudsters engaging in the act of trying to hurt advertisers and others will often unwittingly leave behind clues in the form of strings. These unique strings allow us to tie together various segments of data to make clear and unmistakable connections between certain types of activity.Cyber Fraud Menace

Verticle Leap uses cascading pattern scans to find server log and analytics data that signals the presence of activities that have particularly high velocities or frequency of occurrence and varying densities. The co-occurrence of unique patterns across data sets also allows for detection of malicious activity by finding anomalies and outliers. Environmental server variables are also tied to detection points to further validate the patterns. These very same triggers can be used at the server level to limit, mark, segment, reroute and trap traffic. This also allows for the logging of particular traffic and cross comparison with other data such as click stream data from Google Analytics. With enough detectable activity, it becomes increasingly likely that ISPs can be issued subpoenas that force them to reveal account holder details (which is a relatively uncomplicated layer of the subpoena process). With this information tied to criminal activity such as click fraud, it then becomes much more likely that personal communications (via the second layer of the subpoena process) and hardware can be accessed to reveal concrete ties to crimes carried out with the intent to harm a business

IP Addresses: Enough to Mean So Little

IP Addresses are increasingly of little value in detecting click fraud, as it is relatively easy to hide behind a proxy server if one chooses to carry out this form of criminal activity. There are other methods used to make it difficult to pin down click fraud perpetrators. However, in recent times, the IP address has become an increasingly unnecessary first-stage element in detecting patterns that signal fraudulent activity. Though you will want to have the IP address for identifying the end points in the attribution vector. Verticle Leap uses a process that is able to sniff out click fraud without relying on IP addresses. Our proprietary methods are effective in many cases in finding enough evidence to make a determination as to the presence of fraudulent clicks and other malicious activity surrounding campaign-specific data corruption and other such tactics.

Click Fraud Cyber Crime

Google requires IP addresses in order to refund click costs associated with “invalid” clicks. The same is true of Microsoft adCenter policy. After nine months Google erases IP addresses that it collects, as well as the related cookie data. Other data is maintained, however. Google is relatively good at detecting click fraud and could choose to be even better, and the stated numbers in detection rates are impressive only outside of such a limited scope in methodology. And, Google only ties fraud to IP addresses in its dealings with those who suspect this activity and report it. An IP address is only considered to be in violation of invalid click policy should that  IP address be found to repeat click on ads or click multiple times on the advertiser’s ads. Considering that there are apps that will rotate proxy IP addresses as frequently as needed and in abundance sufficient to eliminate invalid click repetition per IP address and that header do not have to have valid proxy request fields.

Any criminal intent to get away with PPC click fraud will seek out varying means of IP address change or rotation. Tor, for instance, offers  a SOCKS proxy interface for any application (not just browsers), so any application capable of supporting SOCKS implementations v4, 4a and  v5 can be used with a high level of anonymity. There are a number of dubious service providers who harbor criminal activity in IP blocks large enough to be considered diverse to the point of lacking attribution potential. Add to this the possibility of VPN connections, and it’s not surprising that fraudsters can get away with “invalid” clicking. So, the chances of finding a thorough validation of click fraud are almost nonexistent if you are looking to Google for validation of invalid clicks. Google has no short-term incentive to adjust policy, and few people understand the needs well enough to even propose a fitting policy. Where should Google and other ad networks draw the line?  Do they allow clicks on ads when there is not a valid user agent or other header fields in the request made to ad servers? Does Google AdWords or Microsoft adCenter allow clicks from known Tor nodes?  Why is it that one cannot block specific network domains on advertising networks? Why limit the use of IP blocking when keywords can be blocked from triggering ads without limits to how many are blocked? Would it not make more sense to block suspicious IP addresses as desired or take the cap off the ability to do so? In the future, will it be possible to seek prosecution for something that has intangible costs such as data poisoning or network abuse of other kinds, or is it something that can be done now (should one be ready to make a case for the losses incurred)? Are there experts available in all layers of law enforcement and the judicial system to allow for qualified investigations?

Invalid Click Fraud Cyber CrimeFortunately there are other ways to validate the presence of click fraud and to produce evidence that is sufficient to carry out a course of action that is geared toward criminal prosecution, in cases where the damages are sufficient to merit investigative involvement from federal, state or local law enforcement. The best way to stop this illegal and unethical behavior is by making sure that real criminals are caught and punished. Public knowledge of the consequences involved in such activity will set a normative climate that curtails the crime by exposing the risk to the criminals behind it.

Degrees of Click Fraud

It is important to note that you must have a fairly significant level of click fraud to find recourse through legal or other channels. Stopping a competitor from engaging in click fraud can be a difficult process. But, at the very least, you can mitigate the activity. And, if you are convinced of the presence of click fraud and have enough evidence there are channels that may serve you and take on the burden or proof once substantive circumstantial evidence is provided. There are varying degrees of information available to pin criminals, and much of it exists offline. Social engineering is one tool you may have at your disposal, and if so, we can guide you on using it to counteract the activity or gather information to accumulate the needed preponderance of evidence with which to establish credibility in your attempts to kick down these cowardly white collar crimes. We can help you assess whether or not this is a viable path and guide you in finding the proper channels to seek the authorities best suited to carry out an investigation should these authorities find your case to be worthy of investigative involvement. Verticle Leap has a goal of being a voice of advocacy for victims by petitioning for oversight and thoughtful, fluid governance to deal with this malicious use of network assets to destroy capital.

Call the click fraud experts at Verticle Leap for a free consultation, and start dealing with click fraud today! 214.499.9998