Everything in this article:
Click fraud is the process of clicking on adverts with clicks that are not real customers, hence artificially inflating the amount an advertiser pays.
There is a lot of click fraud on the internet, even on large platforms such as Google Ads and Facebook.
Historically, ad platforms have been slow to act, as unfortunately they unintentionally benefit from click fraud.
A headless browser is a web browser that has been designed to be operated in an automated fashion, with robots clicking on links and ads.
Usually these are ‘headless chrome’ browsers that run on servers in data centers.
These tend to be easy to detect as datacenters have well known IP addresses.
These are normal people’s computers that have been infected with malware that run headless browsers in the background.
In these circumstances, people are typically unaware that their computer has been hijacked.
These are tougher to detect, as the IP address is that of what would otherwise be a legitimate user’s computer.
In what amounts to organized crime online, we see cheap human labor being used to browse and click on ads.
Astonishingly, click fraud has become a major business for organized crime, with some reports suggesting it tallies just behind the drug trade.
The obvious indicator of click fraud is low conversion rate, but this can be difficult to pick out when multiple streams of traffic are blended together on a website.
Detecting Click Fraud by IP Address
An IP address is 12-digit number that references a particular computer on the internet.
IP address are provided to computers by the computer’s internet service provider (ISP).
The most common click fraud is performed with headless chrome robots running on servers.
These are normally easy to detect, as they commonly use cloud internet service providers, such as Amazon Web Services, Azure or Google Cloud.
The IP addresses of the ‘clickers’ can be looked up in public directories of IP addresses which indicate which internet service provider they IP address belongs to.
Traffic coming from a cloud provider is almost always non-human traffic.
Tor, otherwise known as the anonymous internet, is a global anonymizer service that makes it difficult (if not impossible) to determine who is requesting a web page.
People may use Tor for legitimate privacy reasons, but typically, these aren’t customers.
Helpfully, the Tor Project publishes a list of Tor Exit Nodes.
These nodes are the IP addresses that belong to Tor, and visitors will appear to have one of these IPs addresses.
It is fair to assume that any clicks originating from Tor will be unlikely to convert, and may be fraudulent.
Another way is to see how quickly things are being clicked.
There’s normally a significant delay between a human’s first and second click, whereas most click fraud robots are not as sophisticated.
In this scenario, we might see a visitor click an element on page right after it has loaded, rather than waiting the few seconds that a human would take to read the page.
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) are the challenges we’ve all seen online to help prevent bots.
In short, these old fashioned Captcha’s are no longer effective at all, and also degrade the user experience.
They are normally easily beaten by captcha solving services, which utilise free or cheap labour to solve these in realtime on behalf of spammers and fraudsters.
ReCaptcha is Google’s implementation of Captcha. There have been three versions, of which v2 and v3 are currently supported.
Google’s ReCaptcha v2 is the one that asks users to click on items in a photograph:
Google’s ReCaptcha v3, however, is completely invisible. It works by profiling the browser, IP address, and behaviour of users.
It is remarkably effective, and as it is invisible, produces a seamless user experience.
Google ReCaptcha v3 works well thanks Google’s huge reach on the internet.
It can see the behaviour of individual IP addresses across websites, and consequently can build a much better profile of the nature of the activity by that IP.
Google ReCatpcha v3 returns a score between 0 and 1, with 1 being very likely human, and 0 being almost certainly automated. Most scores are either 0.1 or 0.9, with little in between, suggesting Google ReCaptcha v3 can discern traffic with little uncertainty:
Google ReCaptcha v3 has an Admin dashboard, which allows you to see the distribution of traffic and its score. Numbers greater than 0.5 indicate likely human, whereas numbers closer to 0 indicate likely bots or other abusive traffic.
Google ReCaptcha v3 **really is the gold standard of online click
Google Recaptcha v3 is integrated with Linkly, and forms the core of
Linkly’s click fraud protection.
Notable mention- preventing Click Fraud with Cloudflare
**Cloudflare**, the world’s largest DNS and CDN provider, has an
enterprise product for [bot
Unlike Google’s ReCatpcha, which runs in the user’s browser, this works by inserting Cloudflare as a proxy between your website and the user.
Cloudflare, thanks to being one of the internet’s largest edge providers, can see which users exhibit bot-like behaviour, and flag them accordingly.
Like ReCaptcha, Cloudflare’s bot protection provides a score, which is provided alongside the request for a page from your site.
Unlike ReCaptcha, however, Cloudflare’s bot protection & mitigation service is currently an enterprise only product.
**Click fraud happens with Google Ads. **
Anecdotally, some say as much as 20% of the traffic purchased from Google is fraudulent.
It might be a competitor trying to waste your budget, or a publisher clicking on on-site ads to inflate their Adsense revenues.
It happens so much that an entire industry has been set up around trying to mitigate click fraud specifically from Google Ads.
The issue with using these services is that they rely on overly simplistic methods of detecting click fraud.
Generally speaking, using Linkly’s ReCaptcha V3 Click Fraud Protection is an effective solution here, and has the added advantage that it has a free plan.
It’s incredibly difficult to catch all forms click fraud and other abusive behaviour online.
There are financial incentives for fraudsters and ad networks, with the advertiser being left to foot the bill.
Using tools like Cloudflare or ReCaptcha, or Linkly’s own ReCaptcha integration, can help reduce click fraud overall.
Track 1000 monthly clicks with all features included.
No credit card required