虽然大多数网站所有者诚实地努力从在线广告中赚取更多收益,但也有网络欺诈者使用非法技术来赚取巨额利润。本文讨论了什么是在线广告欺诈(online advertising frauds)和点击欺诈(click frauds)——还涉及点击轰炸(click bombing)和无效点击(invalid clicks)的相关问题,以及如何尝试保护自己免受此类恶意活动的侵害。
首先,让我们看看“按点击付费”广告方法的实际工作原理,然后谈谈犯罪分子如何利用该系统赚取巨额资金。
按点击付费的工作原理
每次点击付费 (PPC)(Pay Per Click (PPC))广告有一套工作方法,如果用户点击广告,它们的报酬会很高。然后是基于展示的广告,按广告展示的次数付费。 Google AdSense是按点击付费模式(Pay Per Click model)的完美示例。您作为内容的创建者,在您的网站上展示Google广告。如果您使用YouTube来展示您自己制作的视频,您也可以在那里使用AdSense来展示广告。当访问您的网站或观看您的视频的人点击广告时,您每次点击都会获得一定的报酬。因此,如果您有大量访问者访问您的网站,或者有很多人观看您的视频,那么您就会赚到一些钱。
在线广告(Online advertising)公司检查用户键入的关键字以访问您的网站或视频内容(website or video content)。然后,他们会展示与用户输入的关键字相关的广告。作为广告公司,他们假设所有印象都显示给真实的人,即人类用户。
在线广告欺诈和点击欺诈(Online Advertisement Frauds and Click Frauds)
作为广告商,您投资于使用Google AdWords或任何其他在线广告公司在不同网站和视频上展示广告。您很自然地希望您花的所有钱都将用于向人类展示广告印象——真实的人,而不是机器人(BOTs)。
但是,由于广告公司展示广告的大多数方法都是自动化的,因此它们无法区分真人和点击机器人(click bot)。这意味着您的大量资金可能会浪费在向不真实的人(点击机器人(click bot))展示广告上。一些犯罪分子或人们从自由市场雇佣低薪工人,使用“给定”搜索词访问他们的网站或视频。这些低薪工人然后点击出现在网站和视频上的广告。这用于击败竞争对手的网站和他的广告帐户(advertising account)。
Click BOT(Click BOTs)是使用“预先输入的搜索词”在虚假网站上显示广告并点击(website and click)那里的广告的小程序,以便虚假网站所有者(website owner)赚取大量金钱。点击欺诈(Click Fraud)是此处使用的术语。犯罪分子会建立一个虚假网站,并让AdSense或其他公司在网站上展示广告。当您将资金投入广告时,他们(广告公司)会在这些虚假网站上展示您的广告,因为点击机器人或非常低工资的工人使用搜索词来访问虚假网站。不仅如此,他们还点击广告为网站所有者(website owner)赚钱。
在另一种方法中,网站所有者创建 3×3 像素的较小广告,并在整个网站上展示其中的许多广告。作为用户,您肯定会因为点击超小型广告而犯错,因为您认为您正在点击其他内容,但最终点击了这些几乎不可见的小型广告展示。由于大多数公司现在都提供标准的、预定义的广告尺寸(ad sizes),因此这种方法太受欢迎并且不会过时。尽管如此,犯罪分子仍会利用广告代码,使它们足够小以放置在网站上的按钮或其他文本上,以便您“不小心”点击(” click)广告而不是点击其他内容。
简而言之,点击欺诈是网络犯罪分子利用您的广告预算赚钱的在线广告欺诈。虽然您认为您的广告钱花(advertising money)在了真人身上,但大量金钱却浪费在向点击机器人和使用某些搜索词访问虚假网站并点击(website and click)广告。
阅读(Read):什么是点击劫持攻击。
可以防止点击欺诈
不是真的 - 不是当前处理在线广告的方式。但有些公司会不时运行自动化脚本来找出虚假网站和虚假点击。如果检测到,虚假网站将被列入黑名单,并且这些网站上不会显示广告。但是一旦网站被列入黑名单,犯罪分子就可以关闭该网站并创建一个新网站。虽然一些广告公司,如谷歌(Google),对新网站有严格的选择方法,但其他公司只允许任何人设置广告代码。但是,如果犯罪分子可以创建一个机器人来点击或在网站上显示广告,她或他可以轻松设置机器人来显示新(假)网站正在获得大量流量,从而说服广告公司在其上展示广告新的(假的)网站。
因此,一方面,一些欺诈者可以通过欺骗广告商进行点击欺诈在线赚钱,还有另一组不法分子会瞄准竞争对手的网站并点击炸弹,以期暂停他的帐户。(So on the one hand, some fraudsters can perpetrate click frauds to make money online by cheating the advertisers, there is yet another set of unscrupulous people who will target a competitor’s website and click bomb it with a view to getting his account suspended.)
点击轰炸
点击轰炸(Click bombing)是一种网络攻击(cyber attack)形式,用户可能出于恶意点击(intent click)您的广告,例如 100 次。有些人甚至更进一步,使用BOT 和 BOTNET(BOTs and BOTNETs)进行点击轰炸。
但是像谷歌(Google)这样的广告发布商已经非常重视这个问题,并且有一些很好的技术来检测这些活动。他们可以立即检测到此类无效点击(invalid clicks),并在计算您的付款时忽略它们。所以在某种程度上,这在很大程度上保护了网站所有者。
无效点击
无效点击(Invalid click)活动包括可能人为增加广告客户成本或发布商收入的任何点击或展示,并且我们决定不向广告客户收费。这包括但不限于由发布商点击自己的广告、发布商鼓励点击其广告、自动点击工具或流量来源、机器人或其他欺骗性软件产生的点击或展示。如果您认为自己是无效点击的受害者,可以在此处(here)向 Google 举报。(here. )大多数广告公司都有这样的表格来报告此类活动。
(Prevention & Protection)点击轰炸(click bombing)的预防和保护
如果Google在您的网站上检测到大量无效点击(Invalid Clicks),他们会提醒您注意。密切关注点击率或点击率(CTR or Click Through Rate)。请参阅国家/地区列表(list country-wise)。如果您认为自己是受害者,请查看您的Google Analytics(分析(Analytics))和服务器日志并暂时屏蔽IP 地址或国家/地区 IP。(IP address)
ClickBomb Defense是一个 WordPress 插件,它承诺通过监控您网站上每个访问者的活动来帮助保护您的(s activity)WordPress 站点(WordPress site)免受Click Bomb攻击。当它们达到最大点击次数(您在设置区域中指定)时,AdSense广告将被禁用,如果您选择了替代广告,则会显示该广告。AdSense 点击欺诈监控(AdSense Click-Fraud Monitoring)是另一个可用于WordPress网站的插件。Who Sees Ads 是(Who Sees Ads is,)另一个WordPress 插件(WordPress plugin),我们只定义可以看到您的广告的访问者。因此,如果您将其设置为仅向自然访问者展示您的广告,那么只有从搜索引擎访问您网站的人才能看到广告——无论如何,这都是付费流量。
使用像Sucuri或Cloudflare这样的(Cloudflare)网络防火墙(web firewall)也可以在很大程度上帮助缓解这个问题,因为它可以阻止BOT 流量(BOT traffic)。它甚至可以让您轻松控制要阻止的IP或IP 组(IP or bunch)或国家 IP(IPs or country-IPs)。
欢迎提供意见和意见。(Inputs and observations are most welcome.)
What are Click Frauds and Online Advertising Frauds
While most website owners struggle honestly to earn more from online advertising, there are cybеr fraudsters that emploу illegal techniques to make huge profits. This article discusses what are online advertising frauds and click frauds – and also touches upon related issues of click bombing and invalid clicks and how to try and protect yourself against such malicious activities.
First, let’s see how “Pay Per Click” ad method actually works and then talk about how the criminals make use of the system to make big money.
How Does Pay Per Click Work
Pay Per Click (PPC) ads have a set method of working, and they pay well if a user clicks on the ads. Then there are impression-based ads, which pay by the number of times the ad gets displayed. Google AdSense is a perfect example of a Pay Per Click model. You, as the creator of content, display Google adverts on your websites. If you are using YouTube to display videos created by your own self, you can use AdSense there too, to display ads. When people who visit your website or watch your videos click on the ads, you are paid a certain amount per click. Thus, if you have a good number of visitors coming to your website or if a great many people watch your videos, you make some money.
Online advertising companies check out the keywords that a user types to reach your website or video content. They then display ads relevant to the keywords typed by the users. As advertising companies, they assume that all impressions are shown to real people, that is, human users.
Online Advertisement Frauds and Click Frauds
As an advertiser, you invest money in displaying ads on different websites and videos using Google AdWords or any other online advertising companies. It is natural that you expect that all the money you spend will go towards showing the ad impressions to humans – real people, and not the BOTs.
However, since most of the methods of showing ads by the advertising companies are automated, they do not distinguish a real human from a click bot. That means a considerable amount of your money may get wasted in showing ads to unreal people – the click bots. Some criminals or people hire low-wage workers from freelance marketplaces to use “given” search terms to reach their websites or videos. These low-wage workers then click the ads appearing on the websites and videos. This is used to beat down a competitor’s website and his advertising account.
Click BOTs are small programs that use “pre-fed search terms” to have the ads displayed on a fake website and click on the ads there so that the fake website owner makes a good amount of money. Click Fraud is the term to use here. A criminal will set up a fake website and get AdSense or other companies to display ads on the websites. When you invest money into advertisements, they (the advertisement companies) show your ads on these bogus websites due to search terms used by click bots or very low-wage workers to reach the fake websites. Not only that, they then click on the ads to make money for the website owner.
In another method, website owners create smaller ads of like 3×3 pixels and present many of them all over the websites. You, as a user, will certainly make mistakes by clicking the ultra-small adverts as you think you are clicking on something else but end up clicking on these small, almost invisible ad impressions. This method is too popular and is not getting old as most companies now offer standard, pre-defined ad sizes. Still, the criminals exploit the ad codes and make them small enough to place on buttons or other text on the websites so that you “accidentally” click on the ads instead of clicking on something else.
In short, click frauds are online advertising frauds employed by cybercriminals to make money out of your advertising budgets. While you think your advertising money is being spent on real humans, a good amount of money is wasted on showing ad impressions to deliberate searches by click bots and very low-wage workers who use certain search terms to reach the fake website and click on the ads.
Read: What is a Clickjacking attack.
Can Click Frauds Be Prevented
Not really – not with the current way of handling online advertisements. But some companies run automated scripts from time to time to figure out fake websites and fake clicks. If detected, the fake websites are blacklisted, and ads are not shown on those sites. But as soon as a website is blacklisted, the criminals can take down the website and create a new website. While some advertising companies, like Google, have strict selection methods for new websites, others just allow anyone to set up advertisement codes. But if a criminal can create a bot to click or display ads on a website, she or he can easily set up bots to show that the new (fake) websites is getting a good amount of traffic and thus convinces ad companies to display ads on the new (fake) websites.
So on the one hand, some fraudsters can perpetrate click frauds to make money online by cheating the advertisers, there is yet another set of unscrupulous people who will target a competitor’s website and click bomb it with a view to getting his account suspended.
Click Bombing
Click bombing is a form of a cyber attack where a user may with malicious intent click on your ad, say 100 times. Some even go steps further and employ BOTs and BOTNETs to engage in click-bombing.
But ad publishers like Google have taken this issue very seriously and have some great techniques in place to detect such activities. They can immediately detect such invalid clicks, and they just ignore them while computing your payments. So in a way, this protects the website owners to a large extent.
Invalid Clicks
Invalid click activity consists of any clicks or impressions that may artificially inflate an advertiser’s costs or a publisher’s earnings, and for which we decide not to charge the advertiser. This includes, but is not limited to, clicks or impressions generated by a publisher clicking on his own ads, a publisher encouraging clicks on his ads, automated clicking tools or traffic sources, robots, or other deceptive software. If you think you have been a victim of invalid clicks, you can report them to Google here. Most advertising companies have such forms to report such activities.
Prevention & Protection from click bombing
If Google detects a large number of Invalid Clicks on your website, they will bring it to your notice. Keep an eye on the CTR or Click Through Rate. See the list country-wise. If you think you are a victim, go through your Google Analytics and server logs and blackout the IP address or a country-IP temporarily.
ClickBomb Defense is a WordPress Plugin that promises to help defend your WordPress site against Click Bomb attacks, by monitoring each visitor’s activity on your website. When they reach the maximum number of clicks (which you specify in the settings area) the AdSense ads are disabled, and if you have chosen an alternative ad, that ad is displayed. AdSense Click-Fraud Monitoring is yet another plugin available for WordPress sites. Who Sees Ads is, another WordPress plugin, lets only defines visitors who can see your ads. So if you set it to show your ads to only organic visitors, then only people who visit your site from search engines will see the ads – which in any case is the paying traffic.
Using a web firewall like Sucuri or Cloudflare can also help mitigate this problem in a large way, as it can stop BOT traffic. It even lets you easily control which IP or bunch of IPs or country-IPs to block.
Inputs and observations are most welcome.