Research Paper – Click Fraud & Future of Online Advertising

Executive Summary

Online advertising spending plummeted after the “dotcom bubble” is recovering with Google leading the industry in search marketing. However, this rising star is faced with a serious problem, click fraud. That is clicking on ads without any intention to buy the product but with the intention to generate revenue or to waste competitors’ advertising budget. This problem has implications on all parties involved in the process including the advertisers, publishers, search companies and the fraudsters. Additionally, it initiated an array of businesses providing service to prevent, protect or to assist these frauds. It has both business and technical issues that needed to address quickly before the confidence in online advertising begin to erode.


Internet advertising is not a recent innovation; it has been around since 1994 with HotWired launching the first banner ads on the Internet (Riedman 106). However, Google recently lead the improvement to suit the new media era. Online advertising services offered by Google, Yahoo and Microsoft enable smaller advertisers to compete with big-budget media buyers. During and before the dot-com period, online visitors were exposed mainly with mass branding campaigns by large advertisers. Effectiveness was justified with potential higher brand exposure (Briggs 44). Advertisers were paying upward of $70 per 1,000 impressions. With both click and sale conversion rates of less than 1%, the result is an expensive acquisition cost of $700 per customer (Hoffman 180). Ads were displayed everywhere yet yielded low returns, both in term of visitors coming to the site and the end sale revenue. Few or no company focused into delivering relevant messages to the right consumers or offered what consumers really wanted and when they wanted it. Click-through rates (CTRs) from advertisement banners, defined as the number of clicks divided by the number of ad impressions, were declining sharply (Dreze 9) as users learned to ignore and considered advertising as a distraction from their web browsing activities (Cho 94). Therefore, marketers explored different ad delivery methods to get back visitors’ attention. One of which was the infamous pop-up advertisement format. Pop-ups were too intrusive for many users and they widened the relationship gap between marketers and consumers. On the road to uncover the ideal online advertising model, that is not only highly effective for advertisers but also welcome by consumers, marketers will continue to experiment with different formats. One of the current successful ad formats is text-link, which is currently used as the main ad type in Google and Overture. The focus switched from exposures, views, and impressions to clicks when measuring the effectiveness of an advertising campaign.

Google is a good example to examine the online advertising model and its biggest issue, click fraud. Google currently implements an advertising model similar to that of Overture and other search-advertising firms (Exhibit 1). It has several types of entity including advertisers, publishers, online visitors and the search engine firm. Google started out as an excellent search engine with quick and accurate access to information. Google observed there is a high correlation of user interest in information and commercial offers from advertisers about the search keywords. Therefore, search results from Google contain paid ads with short text descriptions and a link to the advertiser’s website. Advertisers pay Google to broadcast these messages to targeted online consumers. To keep the ads relevant, Google only serves ads that meet a pre-defined threshold click-through rate. Both relevance to the search terms and bid price determine the position in search results. To expand its reach, Google also pays publishers, who operate websites with enough traffic, for displaying ads related to their site contents. As more advertisers and publishers participate to this advertising program at Google, Yahoo or Microsoft, this model reveals a major problem.

Case Study

“It did not make any sense. Kevin Steele, co-owner of Karaoke Star, a Phoenix retailer of karaoke equipment, noticed that the number of people clicking on his paid search-engine ads had shot from 200 to 800 a day. But despite the apparent jump in traffic, sales had not budged. Steele and his partner, Diane Frerick, had built their business on Internet advertising, and more clicks almost always meant more revenue which the pair had invested in a new office, more inventory, and a call center to field technical questions.
Steele thought he had pay-per-click advertising down to a science. Karaoke Star spent about $2,000 a day on search-engine ads at Google and Overture, a subsidiary of Yahoo focusing on keywords like ‘karaoke’, ‘karaoke player’, ‘karaoke song’ to generate about $6,000 a day in sales. Suddenly, it had to budget the same amount just to get $3,000. With each keyword costing anywhere between 40 cents and $3 a click, Karaoke Star found itself being nickel-and-dimed to death. ‘One day we were doing great,’ says Steele, ‘and the next it was as if someone had turned off the lights.’ ” (Penenberg 29)

Karaoke Star experienced click fraud, a rising problem with online advertising. Click fraud “occurs when people click on paid search ads with no intention of buying anything” from the advertisers (Penenberg 29). This problem has different effects on all the parties involve in the advertising process. Publishers, advertisers, some alleged search firms and certainly the professional fraudsters are all possible sources of click fraud.


Click fraud lowers the Return On Investment (ROI) because artificial inflated number of clicks gives no projection to the revenue generated from these visitors. For Karaoke Star, Steele says the fraudulent clicking has cost him nearly $400,000 over the past two and a half years (Penenberg 29). With little or no protection from click fraud, confidence in the promising future of online advertising will decline and advertisers will spent less on online advertising. Comparing with the low ROI rate from online advertising, other advertising opportunities could become more effective. That was the case with CharterAuction, an advertiser with both Google and Overture. After realizing monthly spending of up to $20,000 on paid clicks did not yield enough sales and losing confidence in the investigation of search firms, CharterAuction now “spends the minimum to keep their accounts open while exploring other avenue such as print ads” (Quiton 14). The majority of Google revenue comes from paid search ads. For the third quarter of 2005, 56% of total revenue was from ads on its own websites and 43% of total revenue was from partner sites through its AdSense program (Mills). With 99% of total revenue from paid search advertising, Google must prove to advertisers that their investments generate reasonable returns.
Because click fraud directly affects advertisers, they need to be on the front line in the fight against these illegal activities. One of the detection methods is to implement a click-tracking program on their own system. AdSpeed is a business service provider that uses Google to advertise its products. Because current Google statistics reports (Exhibit 2) do not have enough details, AdSpeed employed a tracking program (Exhibit 3) to understand more about the clicks and visitors from these clicks. The tracker separates clicks into several main sources including “Affiliate”, “Google” and “Overture”. For each source, individual clicks were logged with information about the search keywords, Internet Protocol (IP) address, and the clicker’s country. The “Using” column shows information about the browser and the operating system (OS). Besides these technical details, this tracker also displays the referring pages, from which visitors clicked on the ads. Details from click tracker could help identify potential click fraud and provide the source of fraud like certain IP addresses or countries. With this information, the advertiser could log into Google to block serving ads to these countries or send a complaint to Google for further investigation. Furthermore, this could serve to match records from Google’s reports and dispute any discrepancy between the two reports.

The biggest problem to click tracking programs is that not all data sources are reliable. IP addresses and originating countries can be altered through a web proxy that is in a different country than the fraudster’s location. Browser and OS information could also be manipulated to any text string. The referring page can be blocked or modified easily and is not a requirement in the web request. Even though fraudsters can easily forge individual fields, these fields are useful in a large aggregated report. More and more companies are looking to implement similar tracking systems. This spawned an entirely new niche market for applications and services to monitor click fraud. Upon detection of fraud, advertisers could choose to arrange it with search companies to dispute the charge or sue the other party, whether it is a publisher, an advertiser or a search firm.

On the negative side, there are incentives for advertisers to commit click fraud. When a visitor browses through search results, there are paid ads from an advertiser as well as ads from its competitors. With many advertisers bidding on any keyword, click fraud could take out a competitor by raising advertising expenses beyond their budget. From the case study, Karaoke Star received “an anonymous email tip from someone claiming to be a former employee of Ace Karaoke”, a direct competitor. “Attached to the email, according to Steele, was a video that showed an automated click fraud program employed by Ace Karaoke” (Penenberg 30).


The publisher earns more revenue if his or her website generates more clicks. With this incentive, some publishers encourage visitors or hire people to click on paid ads on their sites. Google recently won a $75,000 court judgment against Auctions Expert International LLC for abuse of Google’s AdSense advertising program (“Click Fraud Lawsuit“ A6). “Auction Expert allegedly recruited as many as 50 people to click on online advertising, generating about $50,000 in ad revenue” (Vise, F01). Publishers with the intention to make money using this method will try to find the right balance, safe enough so they do not get caught yet generate the maximum amount of revenue. On the other hand, if search companies were too aggressive in scrutinizing clicks, good publishers would be afraid that some valid clicks are ignored and they could join other ad networks that can generate higher revenue.

Search Engine Firms

All major search companies realize click fraud is a serious problem that needs effective and immediate solutions. Google CFO George Reyes said at an investor conference in December 2004, “I think something has to be done about this really, really quickly, because I think, potentially, it threatens our business model.” (Crawford)

To address this problem, major search firms like Google and Yahoo should utilize both technical and business strategies. The strategies could be defensive, offensive or a combination of both. Defensive strategies look to detect and prevent click frauds while offensive strategies use lawsuits to punish the fraudsters and raise public awareness.

To prevent click frauds with technology, IP addresses should be logged for every click and any concentration of clicks from one single IP address should raise a warning. Information stored in cookies could help identify the individual users from multiple computers accessing the Internet through a proxy or internet gateway. Google Adwords program currently allows advertisers to target their ads to certain countries, languages and even down to certain cities. However, city-level targeting is not available to all countries. This geographic targeting feature has at least two benefits for advertisers. First, they can choose a more relevant market to target. For example, a national insurance company in the U.S. would not want to waste its advertising budget on visitors from other countries than the U.S. Second, this gives advertisers some control to minimize the potential fraud by blocking suspicious locations, those that generate many clicks with only few sales.

Another valuable tool Google and other search firms should add is the detailed record, which contain detailed information about the clicks. This log should be similar to the click trackers with information about the referring pages, IP addresses and other technical data about the visitors. Even though Google privacy policy explicitly states that information can be shared with third parties to prevent frauds (“Google Privacy Policy”), all statistics reports in Google Adwords only contain aggregated non-personal information. At the time of this research, Google and Overture, the two major paid search companies, only have simple counters for clicks, views, positions and costs for the keywords (Exhibit 2). To identify frauds, both search firms and advertisers need information. Search firms most likely have these data internally to analyze the effect and extend of the problem. However, to show advertisers they are putting the effort to fight frauds, Google and other firms should provide additional information to advertisers who have to pay for all the click fees. Even though advertisers could install a click-tracking system on their web servers, it would be much simpler and more effective if the search firms internally support it. One of the reasons against this practice is that Google might afraid to show the referring web pages if these pages contain sensitive or private information, such as email messages in Google’s Gmail.

These techniques are not bulletproof and fraudsters will always try to outsmart the search companies. This problem represents the overall situation of Internet security. Attackers do the damage then the authority develops techniques or regulations to detect and prevent these activities. However, the circle repeats itself with the attackers figuring out a new method to bypass the protection or a loophole with the new regulation.

To calm and raise the confidence of their stakeholders, search firms has to invest more resources into the research of effective methods to identify and prevent click frauds, actively investigate reported cases by advertisers and publishers. Without the commitment and real actions against this problem from search firms, advertisers would lower their spending and consider other marketing channels. Publishers would choose another advertising network where they could earn higher ad revenue.
There is an interesting argument by Vise that search engines have little incentive on their own to prevent click frauds. If search companies were too aggressive in blocking clicks, it would ultimately hurt their bottom lines because they charge advertisers for these clicks (Vise F01). As for Google, failing to meet the ever-rising Wall Street expectations might crash Google’s stock. With rising pressure from advertisers, Google, Yahoo and other ad networks need to be more proactive in stopping fraudulent activities. The goal is to protect the confidence in online advertising.

Click Fraudsters

With the intention to defraud and to diversify the risks, some publisher and advertiser hire external contractors to perform these illegitimate activities. There are programs, “hit bots”, designed to imitate visitors surfing from one web page to another and clicking on advertisements. IP address can provide useful information during investigation because it resolves to the Internet Service Provider (ISP) and the location of the user. Dial-up accounts normally have dynamic IP addresses, a different number for every session. In contrast, broadband connections generally have static IP addresses. Dynamic IP address makes it difficult for search engines to detect the fraud. For example, multiple clicks from one single IP address should raise alerts for potential click fraud. However, with IP address changing frequently, there is no concentration of clicks from one IP address. The clicks are masked as from many users instead of from a single one. Cookies are also a useful tool in detecting and preventing click frauds as history of clicks can be stored in a session and traced back to one user. However, with “58% of online visitors deleting cookies manually or using software to delete them” (Marshall 1E), the fraudsters could clear these valuable traces. The low cost of labor in countries like China, Vietnam, creates profitable businesses, “pay to click” programs, with clicks made by real people. As soon as search companies detect and block a method, it is only a matter of time before the fraudsters develop a new technique to bypass the detections.


To diversify and limit the damage of click fraud to the industry, there should be multiple performance metrics and enough information for all parties. There are evolving online advertising approaches that are not vulnerable to click fraud. One of them is Cost-per-Action (CPA), in which the focus shifts from counting clicks to evaluating actions. Actions are flexible and can be defined as registering a new user account, signing up for newsletters, or ultimately, placing an order (Liedtke). Companies like Google, Yahoo and Microsoft will continue to refine their models and offer advertisers and publishers with more diverse and effective options. The future of online advertising contains many uncertain yet exciting opportunities for those in search for a consumer-friendly and financially sound advertising model.


Briggs, Rex; Hollis, Nigel S. “Advertising on the web: Is There Response before Click-through?” Journal Advertising Research 37 (1997): 33-45

Cho, Chang-Hoan; Cheon, Hongsik John. “Why do people avoid advertising on the Internet?” Journal of Advertising 33 (2004): 89-99

“Click fraud lawsuit brings a $75,000 court judgment.” Wall Street Journal (Eastern Edition). 6 Jul. 2005: A6

Crawford, Krysten. CNNMoney. “Google CFO: Fraud a big threat.” 2 Dec. 2004. CNN. 24 Oct. 2005

Drèze, Xavier; Hussherr, François-Xavier. “Internet Advertising: Is anybody watching?” Journal of Interactive Marketing 17 (2003): 8-23

“Google Privacy Policy Highlights.” Google Privacy Center. 14 Oct. 2005. Google Inc. 24 Oct. 2005

Hoffman, Donna L.; Novak, Thomas P. “How to acquire customers on the web.” Harvard Business Review 78 (2000): 179-188

Liedtke, Michael. “, ‘cost-per-action,’ coming after Google.” 19 Jul. 2005. The Associated Press. 25 Oct. 2005

Marshall, Matt. “Which way will the cookies crumble?” Mercury News. 18 Apr. 2005: 1E

Mills, Elinor. “Google shares soar on healthy revenue report.” 20 Oct. 2005. CNET Networks, Inc. 24 Oct. 2005

Penenberg, Adam L. “So many clicks, so few sales.” Inc. Magazine. Aug 2005, Vol. 27 Issue 8: 29-30

Quiton, Brian. “CharterAuction alleges click fraud.” Direct Magazine. June 2005: 14

Riedman, Patricia. “In the beginning.”Advertising Age 71 (2000): 106

Vise, David A. “Clicking to steal.” Washington Post. 7 Apr. 2005: F01


Exhibit 1: Current Google’s Online Advertising Model

Exhibit 2: Google AdWords’ Statistics Report – Source: Google Inc.

Exhibit 3: AdSpeed’s Click Tracker – Source:

Comments (0)

› No comments yet.

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Pingbacks (0)

› No pingbacks yet.