July 28, 2004
Case Study

How to Stop Click Fraud (Or at Least Get a Refund)

SUMMARY: Are your competitors clicking on your paid search links? We just met a marketer who was losing thousands of dollars to click fraud... until he brainstormed up a clever way to track and stop it. Find out how, plus see a sample of his fraud log.

John Carreras, President Impact Displays, Inc., is a self-admitted paid search advertising junky. "I'm kind of a freak. I spend way too much time on it - sometimes I stay up all night."

"I was one of the first people on Overture," he adds. "I used to pay just pennies for a top key word. They're going for $25-$50 now."

At prices like that, you need to make every click count. But, while carefully monitoring results last fall, Carreras noticed clear evidence of click fraud.

"I went to the trade show for my business in Las Vegas. All my competitors were there. For four days my pay per click charges went down to two-thirds to one-half of what they normally were. Then they went up again when I came back from the show and all my competitors were also back."

Carreras thought to himself, "That's not a coincidence." But what could he do?


Impact Display's Web Project Manager Lisa Thompson studied the site's logs scanning for clear evidence of click fraud. It wasn't as easy as she'd hoped.

"The problem was we couldn't identify it by IP address because it could be a proxy server. Sometimes thousands of people share the same IP."

With help from an outside programmer, she developed a program that would place cookies on nearly every visitor's computer. "We added several failsafes, if a cookie doesn't get written, we use session cookies. The program does a lot of things to keep that same cookie there."

She also made sure the program collected as much data as possible about each individual visitor, including IP address, user location (if available), the visitor's browser and operating system, the date and time of visit, the PPC search engine that sent the traffic, and the keywords the searcher used to find the site. (Link to sample report below.)

When the system collected several months of data, Carreras emailed the report with all the data to his reps at various PPC engines including LookSmart, Overture, and Google, along with a refund request for the obvious incidences of fraud.

Thompson explains, "You have to collect about three months of data per unique identifier. If you show the same person is pounding your site one day a week over three months from all search engines, it's obvious it's click fraud. You don't have to know who the person is in order to recoup the money, you just have to be able to uniquely identify them."

She also created a pop-up (using a javascript so most pop-up blockers wouldn't stop it) for the landing page. Carreras could set the pop-up to be activated after a single unique visitor had been to the site a few too many times for comfort. (Link to sample pop-up below.)

He decided to put the setting at five visits.

While it couldn't stop anyone from clicking on paid links again, Carreras hoped the pop-up would serve as a deterrent. "It's very professionally written. It doesn't say, 'You're busted.' We just let them know, 'Thank you for visiting our site. Next time please go directly to our URL. It costs money when you click on search links. We'll pass the savings on to our customers.'"


"Before I had the software, one guy clicked on me hundreds of times. It was unbelievable," says Carreras. "I've saved thousands of dollars, and I've gotten refunds."

Why aren't the search engines able to detect as much fraud as Carreras does? Turns out some fraudsters change search engines every few minutes so the pattern isn't obvious to the search engines. (See link below for an example of exactly that.) So, Google knows someone clicked on a link, but doesn't know the same person clicked from Yahoo and then MSN search a minute later in quick succession.

Carreras has never had a complaint from a prospect or customer about the pop-up, but he has had competitors sheepishly admit to him they had been clicking on his paid links.

Carreras let us review his paid click logs, and we definitely saw some interesting patterns. Many times someone would click on the link repeatedly over a few minutes until they hit the number five (when the pop-up appeared) and then abruptly not click again.

After implementing the pop-up, Carreras' fraud incidence went down to about 1.5% of total paid clicks. (In some industries, the average may be as high as 10 times that amount.)

We also noticed that many clickers, who appeared to be true prospects instead of fraudsters, tended to visit three times in a row and then stop. The first two visits were generally five to fifteen minutes apart in time. The third visit was often an hour later, or at about the same time the next day.

We suspect this is a pattern in the way executives researching high-ticket items online use search. (Carreras sells trade show booths which can easily cost thousands.) So, when you build your landing page, or budget per click, assume that a certain percent of probably the most interested prospects will circle around, clicking by several times before they make the call.

Useful links related to this article:

Excel spreadsheet showing five instances of probable click fraud; plus sample of Impact Display's anti-fraud pop-up box: http://www.marketingsherpa.com/imdis/ad.html

WhosClickingWho?™, the audit service Carreras founded in January offering his software to other marketers worried about fraud http://www.whosclickingwho.com

Impact Displays http://www.impact-displays.com

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions