Hacker with outreached hand over laptop showing threat of click fraud

Why Has Click Fraud Had a Busy 2020?

As if the global disruption of 2020 wasn’t enough, it seems that this year has also seen the biggest growth of click fraud. Analysts were predicting an increase in fraud on paid search, in line with trends, however it seems that it truly has been a bumper year.

During the early phase of the coronavirus pandemic, with national lockdowns taking hold in March and April 2020, data from ClickCease shows that rates of fraudulent traffic overall jumped by 21%. When looking specifically at mobile traffic this peak in fraud jumps to 62%.

This alarming jump has been underlined by the exposure of a number of high profile ad fraud bots, malware manipulations and click fraud court cases. Maybe we’ve seen more activity because the technology to expose these fraudulent practices is improving, or perhaps it really has been a big year for click fraud.

Click fraud and ad fraud trends throughout 2020

It’s well known of course that fraudsters are a resourceful bunch and often take advantage of global disruption. But it also seems that many of the click fraud campaigns that have been exposed have been running for a while.

As an example 404Bot, which has been operating since at least 2018 has had a busy year. 404 Bot works by defrauding advertisers using outdated ads.txt lists. By spoofing sites in a similar manner to the famous HyphBot, this botnet generates fake impressions on video and display ads. A report in February 2020 from IAB Labs found that 1.5 billion video ad impressions had been generated by 404 Bot since its inception.

This year has also seen Tekya, a mobile app malware – part of the Haken malware family- targeting children games, which has made a sizable impact.

And, in August 2020, it was revealed that the iOS platform had been compromised by malware within the Mintegral SDK. It’s alleged that the SourMint malware generated false clicks on ads and stole user data through over 1200 apps. Apple denied that there had been a breach and has, so far, not removed any apps from their store or issued any other warnings to users.

For any business spending money on paid search or social ads, surely this continuing fraudulent traffic is cause for concern.

The problem with paid search

Paid search remains one of the most popular means of promotion for businesses, large and small. The problem though is that the industry still remains woefully under protected, with the ads.txt initiative one of the few in place to tackle the rampant ad fraud.

However, ads.txt isn’t, and was never going to be, a magic bullet to defeat fraud. And, adding to it’s woes, most publishers and advertisers aren’t even using it correctly. Advertisers not checking lists, publishers not updating them and even the alleged issue of fraudulent sites hiring ads.txt lists to host ads are all contributing to a dwindling reputation for ads.txt.

As Dr Agustine Fou, an independent ad fraud investigator notes, it’s possible that ads.txt has been causing more problems than it’s solved. In fact IAB, the lab that created ads.txt, has even stated that it was only meant to help advertisers identify authentic ad platforms.

The recent US elections have also highlighted a huge flaw in political ad campaigns which it turns out are ripe for ad fraud. In 2020, $2.9 billion was spent on digital ads by the Trump and Biden campaigns, and it’s estimated that $377 million of that was siphoned off to fraud.

With little in the way of verifiable KPIs, political ad campaigns are easy pickings for fraudsters. A simple search for ‘buy USA traffic’ highlights just how easy it is to hire an army of click farms and bots to click on whatever paid ads you want.

Clicking away the ad budget

Think click fraud is just for the big boys? In fact, one of the most damaging aspects of click fraud is inter-business rivalry. Competitor click fraud is where a business owner clicks on (or hires someone to click) their rivals ads with the aim of depleting their budget. It’s a simple yet effective way of racking up a big bill for your rival, exhausting their marketing spend and even knocking them off the top of the search results. But does it really happen like this?

As Ilan Missulawin, co-founder of ClickCease, says, “In some industries such as on-demand services like locksmiths, the non-genuine clicks can be especially damaging. We’ve had a number of clients come back to us and tell us how using our service has highlighted the fraudulent clicks. And it’s not just isolated incidents. In 2020 it’s really come to the fore that fraudulent clicks are costing advertisers big, and people are starting to become jaded (with programmatic advertising)”.

As businesses are becoming increasingly aware of the perils of fraud, what can be done? And is there anything the industry is doing to combat click fraud and ad fraud?

How does the future look for marketers?

Research from Cheq shows that the cost of click fraud for digital marketers is on track to hit over $35 billion this year. That’s a substantial jump compared to the predicted $24 billion at the beginning of 2020.

A combination of the Coronavirus pandemic and the US election is likely responsible for this sharp increase.

The issue is that Google and the major ad platforms do actually have processes in place to prevent click fraud and ad fraud (which they refer to as invalid activity). However, these efforts continue to fall short, with a plethora of ad manipulations and malware infestations in 2020 highlighting how the independent fraud prevention services are becoming crucial for any advertiser serious about their ad targeting.

So how does the landscape look for 2021?

“Fraudulent traffic has been growing consistently year on year since the advent of programmatic marketing, and 2020 has been especially busy”, says Ilan Missulawin. “The industry as a whole hasn’t necessarily identified one thing that needs to change, but the conversation is getting louder. Click fraud isn’t a niche subject any more, it feels like more and more businesses are looking for ways to reduce their exposure to it”.

And what is being done to tackle click fraud as we move forward?

Cost of #clickfraud for #digitalmarketing is on track to hit over $35 billion in 2020. Likely due to a combination of the pandemic and the US election. #respectdataClick to Tweet

“At the moment, by the main programmatic platforms, not much. It’s still down to companies such as us (ClickCease) to pick up the baton for marketers”, he says.

“If 2020 is anything to go by, we’re going to see more record breaking click fraud activity for the foreseeable”.


Content and Marketing Manager at ClickCease