How To Fight Click Fraud - Sellbrite

How To Fight Click Fraud

If you don’t advertise your ecommerce website using paid clicks (PPC), you can look away now. If you do, you might just want to continue down the page…


Just before Christmas, I noticed a slightly worrying stat in my Google Analytics account. —————>

This might not mean a whole lot to you, but in simple terms, it means roughly 6/10 paid clicks brought a new visitor to my website. Hang on a minute, only 6/10 visitors are actually new?

In that case, why is 40% of my traffic not new, and why the heck am I paying for it?

Buyer behavior

The way your buyers behave can greatly affect the number of new visitors your website receives through PPC. Ideally, we all want a scenario where buyers click your ad, add an item to their basket, then proceed to checkout and pay. In the real world, though, this doesn’t always happen.

Sometimes, buyers will click an ad, browse your website, then become distracted or disinterested. They might click your ad again later on that day, or even later in the week – they may then complete their purchase. In this scenario, you’ve paid for the user to click your ads twice, while only making the one sale. While this isn’t ideal for you, it’s not click fraud, it’s just normal buyer behavior (indecision, distraction and hesitancy all rolled up in one.)

On other occasions, you’ll have people that have purchased from you in the past click your ads. They’ll hit your site again and make another purchase. You’ll have made two sales from two separate clicks – but your new visitor count won’t total 100%, because that person has been on your website before.

Clearly, the new visitor percentage is something you’d need to extrapolate and play around with to better understand. With that in mind, don’t get too hung up on it. But do pay attention to the figure at least once a week. If your PPC spend is getting higher but the new visit figure is getting lower, it’s time to take action.

Remember, you can isolate PPC clicks in Google Analytics, so it’s possible to see the proportion of new visitors emanating from all of the different traffic sources you use. You can see in the image above that my site’s overall average new user count is a lot higher than the PPC average.

What is click fraud?

The behavioral examples above are less than ideal, but they’re not click fraud. Instead, click fraud is where someone deliberately clicks on your ads, with the sole intention of causing you monetary loss – and with no intention whatsoever of making a purchase or benefitting from your content.

Click fraud is orchestrated in many different ways. Sometimes a competitor might make it a part of their morning ritual: Get out of bed, make a coffee, click on your ads 25 times. Sometimes, click fraud is a result of clever scripts, automated tools and bots. Once they hone in on your ads, your wallet is essentially open!

A lot of the time, click fraud attacks emanate from your competitors – but sometimes they come from someone who just doesn’t like you, or someone with a grudge. The internet is an expansive place – there are people lurking in all corners, waiting to do nasty things to you. That’s just how it goes.

Now that you know what click fraud is, you can look for ways to identify and prevent it. Before monitoring for click fraud, I knew that in theory people could cause me monetary losses by repeatedly clicking on my ads, but I didn’t think anyone would actually do it.

Let’s get one thing straight: click fraud can happen on any PPC network, to any advertiser. The only time you might not care about click fraud too much is when you’re paying networks on a CPM basis. If you’re paying on a CPC basis, however, it’s a serious, potentially costly, issue.

Click fraud detection tools

There are lots of click fraud detection tools out there, the one I use is Ad Watcher. The interface is easy to use, and setting up tracking URLs across all of my ad groups took just a few hours. It was then just a case of sitting back, relaxing, and waiting, so I had some data to work with.

Remember, I didn’t necessarily expect to be a victim of click fraud, I just wanted to eliminate the possibility, having seen how high my PPC spend was, and the fairly low number of new customers hitting my site from PPC.

When I logged into my Ad Watcher account the next day there wasn’t much to report, at first glance. It did flag a couple of possible fraud reports though, so I had a closer look. There were various instances where users had clicked the same ad more than once. Not ideal, but these things happen.

Further down the page, I noticed one report that a certain person had clicked the same ad SEVEN times, then went and clicked on another ad SIX times. Thirteen clicks over the space of an hour or so. I crosschecked with my analytics and those clicks were real, each time, the same user had been referred to my website. You can bet your bottom dollar that I was charged for those clicks.

These are some recent click fraudsters in Ad Watcher.


I know people can be indecisive when making a purchase, but there’s really never any need to click ads leading to the same website on thirteen different occasions within 60 minutes of each other.

I had thirteen potentially fraudulent clicks from the first 24 hours or so that my fraud watcher had been in place. That’s not a bad day’s fishing right there!

DIY fraud analysis

If you don’t want to spend money on a click fraud detection tool, you might not have to. A lot of analytics applications and website content management systems allow you to view raw statistics, you can see things like referrers and IP address. Providing your site doesn’t get too many hits each day, you can manually fight click fraud by looking for IP addresses that constantly click your ads.

It’s a very primitive way of fighting click fraud, as soon as someone changes their IP, you’ve lost the scent. Whereas with a click fraud application, a cookie is dropped on the user’s machine, so even if they’re on a dynamic IP, you can tell when they’ve clicked on your ads multiple times.

IP Address Exclusion in Google Analytics
IP Address Exclusion in Google Analytics

One of my sites gets less than 20 hits per day, but the CPC for paid clicks is about $15. Every day I have a quick scroll through the raw analytics data, once or twice a month I can usually pinpoint someone that has clicked my ads 3+ times. My favorite manual fraud setup is the WordPress CMS using the Wassup stats plugin. I’ve caught lots of my competitors throttling the ads for that particular site (and of course banned their IPs, to prevent them from doing it again).

Manually fighting click fraud is not as effective or easy as using a fraud detection tool, but a little effort and diligence goes a long way!

Claiming money back

Although most PPC networks have systems and safe guards in place to detect and prevent click fraud, there’s no legislating for a competitor, bent on costing your business money. If you have genuine proof of click fraud occurring, don’t be afraid to speak up and contact the network concerned, directly. Some of the detection tools even generate reports automatically for you, all you need to do is forward them to the relevant network.

When I first setup ads on the Bing Ads network around a year ago, my campaign was “click bombed” – about $60 were spent in the space of one hour. Clearly this wasn’t normal, or legitimate. I spoke to Bing at the time and they applied a credit to my account for the sum I had lost. Most PPC networks are receptive to requests for assistance, and they’ll do everything they can to put things right for you.

Blocking users

Sometimes, you’ll see a certain user clicking your ads on four, five maybe more occasions. You don’t have solid proof to make a claim for click fraud, but you don’t want this user to deplete any more of your PPC budget. So, what can you do?

Most PPC networks offer the facility for advertisers to manually block IP addresses. This means your ads won’t be served to these individuals, so they can’t click them again and again going forward. Just remember, if their IP address does change, your ads will be served to them again. This is a band-aid fix, it’s not long-term but it does work and it can save you money.


Just remember that on networks like Google AdWords, you can only block an IP at campaign level. You have to go and block the IP for each campaign in your account to prevent ads being served to that particular person and IP address.

How much have I saved since monitoring potential click fraud?

Since using the click fraud detection tool, I’ve saved around 20% on my monthly PPC spend. That’s not a huge figure for my business, but if you’re spending $10,000, $50,000, $100,000 or more each month on PPC, a 20% saving could be a game-changer. What would you do with a couple thousand extra dollars each month?

Don’t just assume your business is immune to click fraud, because it’s not – any business that employs the use of paid clicks is susceptible to this schemey, underhanded practice. Find time to play around with a click fraud tool like Ad Watcher in order to see how much money you can save. Paid clicks aren’t cheap, so be extra vigilant; be mindful that there are people out there looking to deplete your budget and ultimately put you out of business.