Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
GPS Devices
Rackmount LCD Monitor
Shop Online
Auto Insurance Quote
Promote Your Website
Corporate Gifts
Online Shopping
Disney World Tickets
Imprinted Gifts
Best Price
Remote Online Backup
Prepaid Phone Card
Hurricane Shutters

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Fraud Stalks Google and Overture Advertising

Hyper-V: The Killer Feature in Windows Server 2008
It's fair to say that while many of the other new features are evolutionary, Hyper-V, by contrast, is revolutionary. Paul Rubens explores Microsoft's big step into virtualization. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Reduce Complexity and Costs with Microsoft Identity and Access Solutions
Your organization depends on making digital information accessible to a broad spectrum of users over range of devices and networks. Register now for free Identity and Access Solutions from Microsoft. »

Virtualization from the Data Center to the Desktop
Integrated virtualization solutions from Microsoft can help you meet evolving demands more effectively as you transform your IT infrastructure from a cost center to a strategic business asset. »

Related Articles
Can You Bid on Ads Without Bid Management?
The Boom is Back -- Let's Party
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Keep up with the latest business and technology news and information! Visit

Fraud Stalks Google and Overture Advertising
August 17, 2004
By Brian Livingston

Brian Livingston Somewhere around 10 percent of the billings charged to pay-per-click advertisers by and Overture (a subsidiary of are based on fraudulent activity, according to some advertising experts — and the cost to many advertisers may be much higher.

"Click fraud" is a dirty little secret that threatens to undermine the financial success of the paid text ads that appear alongside the ordinary, "editorial" links in many search engines. I wrote in this space on Aug. 3 and Aug. 10 that the Internet e-conomy was hot again and that search-engine advertising was growing as a result. But if the click-fraud problem keeps growing, too, pay-per-click (PPC) advertising will become ineffective or even disappear, as have many other paid-traffic schemes in the past.

Gaming the Advertising System

The scam is remarkably easy to set up but can be damnably difficult for an advertiser to detect:

Paying For Keywords. Advertisers first give Google, Overture, and other search engines a list of the search terms that are to cause their ads to be displayed. The advertisers also specify that each click on an ad is worth so many dollars and cents. Overture displays the ads for each query in bid order, from the highest bid on down. Google sorts the ads by which ones will produce the highest revenue for the search engine. (To do this, the bid for each ad is multiplied by its click-through rate.)

Low-Tech Thieves Weigh In. The average pay-per-click ad costs the advertiser about 45 U.S. cents per click, according to search-engine specialists. But in many highly competitive industries, ads command several dollars per click. These lines of business attract unsophisticated fraudsters, who click manually on competitors' ads several times in a row. These bogus clicks, though low-tech, can still drain thousands of dollars from the budget of a business that's in a high-bid sector.

High-Tech Thieves Smell Dollars. More sophisticated schemes are motivated by greed rather than harming a competitor. To implement these con games, shady operators set up hundreds or thousands of "affiliate" Web sites. These sites contract with Google or Overture to display paid ads alongside other content. Fraudulent clicks are then generated. In one type of fraud, The Times of India reported that some companies are paying low-wage workers up to 9,000 rupees per month (up to U.S. $200) to manually click ads on affiliate pages. Hackers have developed even more efficient methods, using specially programmed computers to click their links.

These schemes may seem like minor annoyances. Unsolicited bulk e-mail, or spam, was once a minor annoyance, too. But it now comprises as much as 90 percent of all e-mail in the U.S., according to security firm MessageLabs.

Furthermore, most spam is no longer sent from massive servers controlled by spammers. Instead, up to 80 percent of spam now originates from millions of "zombies" — home computers that are running Trojan-horse software written by hackers, according to a study by Sandvine Inc., a broadband equipment manufacturer.

With the money to be made from PPC affiliate sites, what's to stop these same hackers from making their zombies execute pay-per-click links? A broadly distributed pattern of click-throughs would be hard to identify as bogus but could drive click fraud to more than 50 percent of all advertiser billings.

What a Great Business Model

Pay-per-click advertisers are finding that they have to take matters into their own hands to detect fraudulent clicks and request refunds from the search engines.

Turning Consultants Into Detectives. Danielle Leitch, marketing manager for search-engine consulting firm, says her company monitors its clients' statistics to detect click fraud. "With two different clients, it probably would be about 8 or 9 percent over one month that we experienced as click fraud," she says.

"The people who are doing this have gotten much more sophisticated," Leitch adds. High-tech fraudsters, as opposed to dishonest competitors clicking links by hand, now dominate click fraud "80-20 or 75-25," in Leitch's view.

An Automated Defense is a Good Offense. The click-fraud problem has even spawned a small industry of third-party tools that try to detect bogus click-throughs for advertisers. One of the entrants,, has attracted more than 200 customers, according to president John Carreras.

His customers often experience far more than a 10 percent rate of fraud, he explains. "One says that click fraud is half of his click-throughs," Carreras says, "while another says that it's over 25 percent."

Carreras first learned the cost of click fraud in his other job, as president of Impact Displays, a trade-show supplier. The search term trade show displays is currently costing the top advertiser $14.10 per click at Overture, he says. That's a rate that attracted fraudsters to his ads until he developed WhosClickingWho in defense. Other terms are even pricier. The word mesothelioma, a kind of cancer that can fetch big settlements (and big fees for trial lawyers), currently has four bidders paying $100 per click, Overture's maximum.

WhosClickingWho doesn't detect merely the IP address of the clicking party, according to senior project manager Lisa Thompson. Instead, the software writes a "cookie" to the visiting PC to identify it. If that fails, Thompson says, the software writes a "session cookie," which lasts until the visitor's Web browser is closed. WhosClickingWho also tracks the "referrer URL" of each affiliate site that's sending visitors. Patterns of fraudulent click-throughs can sometimes be traced to individual affiliates in this way. In simple cases, warning messages can be displayed to offenders via the browser, which usually discourages casual thieves, Carreras says.

What Google and Overture Can Do

The search engines don't strike me as particularly eager to talk about the percentage of their revenues that are fraudulent. A Google spokesman told me that due to the "quiet period" related to the company's IPO, no one could be interviewed on this subject. He referred me instead to the firm's filing with the U.S. Securities & Exchange Commission. "We have regularly paid refunds related to fraudulent clicks and expect to do so in the future," the filing says. "If we are unable to stop this fraudulent activity, these refunds may increase."

An Overture spokeswoman gave me a written statement. "We believe our systems are the most sophisticated in the industry for identifying and filtering these types of clicks," the statement says. "Overture has a dedicated team consistently monitoring clicks, updating our systems and technologies and working directly with our advertisers to protect the integrity of our marketplace."

These search engines and others could stop click fraud in its tracks, however, by making a simple change in their business model. By using techniques similar to those of MoreVisibility and WhosClickingWho, search engines could uniquely identify their visitors, sessions, and affiliates. Instead of charging advertisers for every single click, the engines could bill for only one click from a single entity within, say, a 30-day period. This would eliminate the monetary incentive for affiliates to cheat. It would also improve the return on investment (ROI) for advertisers, who hardly need to pay over and over to acquire the same new visitor.

Many legitimate e-commerce programs that reward affiliates for delivering buyers to them already have similar policies. These are known as return days. Say an affiliate sends a visitor to an e-tailer on Day 1, but the visitor doesn't buy anything until Day 30. The affiliate can still receive a commission on the sale if the e-tailer has a policy offering 30 return days.

Google and Overture wouldn't suffer a significant drop in revenue by charging advertisers for only one click per entity. The bids on ads would certainly rise to reflect the improved ROI from genuine click-throughs, unencumbered by fraud.


Previous attempts to monetize pay-per-click schemes on the Internet died an agonizing death due to early forms of today's click fraud. One news aggregator,, for example, once represented numerous publishers who paid one-half a cent up to several cents per click for qualified traffic. That ended when hackers developed automated click-through techniques. Similarly, some e-commerce affiliate programs offered pay-per-click models at one time. But these have almost entirely been replaced by pay-per-action, in which a commission to affiliates is generated only after a product has been purchased, which is harder to fake.

If the pay-per-click model that finances Google, Overture, and other search engines is to survive, it won't be enough to simply follow Google's much-hyped motto, "Don't Be Evil." These search engines will have to take technical steps to eliminate click fraud entirely, following the admonition, "Thou Shalt Not Steal."

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live