When the first incarnation of Google AdWords was launched in October 2000, it’s safe to say that it changed online marketing forever. Now fifteen years later it is an integral part of many business marketing activities.

However, just as thousands of companies across the globe are enjoying the benefits of using AdWords’ pay-per-click service, there are certain individuals and organisations out there who are willing to exploit it in more negative ways.

As a digital marketer, you may already be aware of the problem of ‘click fraud’ in Google’s publishing CPC network, AdSense. This involves AdSense publishers automating the clicking of ads that appear on their own websites which increases their share of revenue. At first, this was done by publishers themselves, but as Google is an organisation that continually tries to prevent such scams, these fraudsters were quickly identified and banned from the AdSense program.

This quickly led to these fraudulent publishers looking for other ways to exploit AdSense, and this in turn led to the development of ‘click farms’ offering such services. Staffed by teams of low paid workers in countries such as India and Bangladesh, according to a Guardian investigation in 2013, click farms run 24 hours a day on a three shift system, with workers being paid as little as $120 per year. As well as clicking on AdSense ads, other services offered include fake Facebook likes, YouTube views and Twitter followers.

There is of course a corresponding scam involving the AdWords network. The ‘click fraud’ in this case is where an advertiser clicks on a competitor’s ads, raising their costs and exhausting their ad budget. In 2014 Brian Krebs, the international cybercrime expert, unearthed a scam involving an established AdWords fraudster operating on a Russian crime forum. With prices ranging from $100 to $1000, services ranged from a handful of ad blocks being blocked for 24 hours to having unlimited access to their software and service to attack a number of ads indefinitely.

We’ve found no trace of GoodGoogle, but a cursory search of Fiverr revealed hundreds of profiles offering AdSense click services. We made enquiries with several and it wasn’t long before we uncovered several offering fraudulent AdWords services too. We spoke to several people, from individuals in Asia simply willing to click on anything you ask them to, to seemingly more professional setups. One such service even offered packages. Their Regular offering being up to 300 clicks for $5, their Extreme/Bombard offering promising up to 1000 clicks in a day for $10. Understandably, Google are tightlipped about the issue of AdWords fraud, so is there evidence that there is an increase in it being used as a tool to harm or even destroy business competitors?

Although Google are actively monitoring for invalid traffic and have systems in place to combat fraudulent activity, there are always those that stay ahead of the game and we’ve noticed a small but significant increase in click fraud activity. The majority of companies using AdWords rely on Google to highlight any fraudulent clicks on their account, but there are lots of ways that companies can protect themselves, so it’s crucial that they take a proactive attitude to AdWords click fraud.”

Whether these ‘extreme click’ attacks are fully effective or not, it’s unsettling to think that there are people out there willing to maliciously attack your company for just a few dollars.


By Roy Dovaston, Click Guardian

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus