Here, spyware on a user’s PC monitors the user’s browsing to determine the user’s likely purchase intent. Then the spyware fakes a click on a Google PPC ad promoting the exact merchant  the user was already visiting. If the user proceeds to make a purchase — reasonably likely for a user already intentionally requesting the merchant’s site — the merchant will naturally credit Google for the sale. Furthermore, a standard ad optimization strategy will lead the merchant to increase its Google PPC bid for this keyword on the reasonable (albeit mistaken) view that Google is successfully finding new customers. But in fact Google and its partners are merely taking credit for customers the merchant had already reached by other methods.

Do you cosider click fraud a big concern? Discuss here.

Edelman details all of the specifics about his dicovery, pointing to an example perpetrator – Trafficsolar, which he blames InfoSpace for connecting Google to. He also suggests Google discontinue its relationship with InfoSpace and other partners who have their own chains of partners, making everything harder to monitor. In his example, he finds an astounding seven intermediaries in the chain between the click and the Google ad itself.

"Furthermore, Google styles its advertising as ‘pay per click’, promising advertisers that ‘You’re charged only if someone clicks your ad,’" says Edelman. "But here, the video and packet log clearly confirm that the Google click link was invoked without a user even seeing a Google ad link, not to mention clicking it. Advertisers paying high Google prices deserve high-quality ad placements, not spyware popups and click fraud."

As Andy Greenberg with Forbes points out in an article, which brought Edelman’s findings to the forefront of mainstream exposure (and likely to Google’s attention), Edelman has a history of criticizing Google, is actually involved with a lawsuit involving misplacement of Google ads, and has served as a consultant to Microsoft, but maintains that this research is not funded by Microsoft or a company involved in that lawsuit. Greenberg reports:

As for its ability to detect the new form of click fraud, Google has long argued that it credits advertisers for as much as 10% of their ad spending based on click fraud that the company detects. While the company wouldn’t comment on Edelman’s TrafficShare example, a spokesperson wrote that the company uses "hundreds of data points" to detect fraud, not just clicks.

In a report last October, click fraud research firm Click Forensics measured click fraud at around 14%, significantly higher than Google’s estimates. But even Click Forensics may not be counting the sort of click fraud Edelman accuses TrafficSolar of committing. Because Click Forensics’ data is pulled from advertisers, the company can’t necessarily detect click fraud that is disguised as real customers and real sales, according to the company’s chief executive, Paul Pellman. Pellman believes, however, that the kind of click fraud Edelman discovered is likely mixed with traditional click fraud to increase the scheme’s traffic volume while keeping it hidden.

Click Forensics’  own Steve O’Brien says "it was probably a fairly low-volume scheme to begin with.  It’s limited to machines of users that are infected with spyware who also visit select Google advertisers…It’s a problem, but probably not a huge one.  What would make it more serious is if there were another version of the spyware that simply clicks on paid links in the background without the user’s knowledge…"

As for Edelman’s suggestion that Google sever ties with Infospace and the like, O’Brien doesn’t think it is worth going that far. "A better solution would be for Google and InfoSpace to deal only with reputable partners who provide verified, audited clicks to ensure advertisers get what they pay for," says O’Brien.

Though Click Forensics appears to downplay the threat compared to Edelman’s own analysis, it shows the increasing sophistication with which fraudsters are carrying out their plots. Good times.

Do you think Google should take more action in trying to prevent new kinds of click fraud? Share your thoughts here.

Related Articles:

> How Search Engines Manage Click Fraud

> Botnets Driving Click fraud Traffic

> Massive Click Fraud Ring Shut Down

The Internet Corporation for Assigned Names and Numbers (ICANN) got Internet security guru Ben Edelman to conduct a study on this practice after some concern had been raised. Edelman conducted ten months worth of research, only to find no evidence of this actually happening.

Edelman conducted three rounds of testing with over 600 tests. He formed a list of sites to be tested based on top organic search results (using Google and Bing) for domain-related search terms like "register a domain," "check whether a domain is available," "domain availability," and "get a domain name". He then checked whether each site provided a domain search function, and discarded ones that did not. Further details on the testing strategy can be found here (pdf).

In his report, Edelman says:

My tests offer no evidence of front running. Not one of the domains I requested, in any of the three rounds of testing, was registered during the seven?day period during which availability was checked twice each day. Furthermore, at the time of conclusion of the second round of testing, not a single domain from the first round of testing was registered. At the time of conclusion of the third round of testing, not a single domain from the first round of testing was registered. One domain from the second round of testing (performed in September 2008) was ultimately registered in February 2009, but in circumstances that do not suggest squatting (individual registrant, bona fide non?advertising content posted, approximately 5 months between my prior request and the registrant’s registration).

Edelman does acknowledge that his testing doesn’t prove that front-running is non-existent. In fact he makes it quite clear that his test failed to find evidence, but it is quite possible that it is occurring through other means. Either way, it looks like it was a noble attempt at researching the issue.

Researcher Ben Edelman looked beyond what the New York Times had revealed about the practice in December 2006. He found a half-dozen examples beyond those noted by the Times.

“Harm may accrue to advertisers — by overcharging them as well as by placing their ads in spyware they seek to avoid,” said Edelman. “Harm may accrue to investors, by causing them to overpay for sites whose true popularity is less than traffic statistics indicate.

“In any event, harm accrues to consumers and to the public at large, through funding of spyware that sneaks onto users’ PCs with negative effects on privacy, reliability, and performance.”

Through analysis of packet logs and observations of various spyware packages in action, Edelman was able to specifically cite six examples of video sites that enjoyed traffic above and beyond their usual visits, thanks to the nature of the spyware delivering ads about them.

Here are the sites Edelman detailed in his report:

Bolt.com
GrindTV, owned by PureVideo Networks
Broadcaster.com
Away.com, run by Orbitz
Roo TV
Diet.com

Edelman suggested why video sites may be resorting to these tactics:

Video sites are strikingly prevalent in the preceding examples and in other forced-visit traffic I have observed. Why? Google’s $1.65 billion acquisition of YouTube inspired others hoping to receive even a fraction of YouTube’s valuation. So far no competitor has gained much traction. But the expectation that video sites grow virally creates an incentive to try to jump-start traffic by any means possible — even spyware-originating traffic.

Though a new video site is unlikely to attract the goo-gobs of money YouTube made in its deal with Google, being able to claim a modest fraction of its value would make a video site’s backers immensely wealthy. It isn’t hard to understand why that would motivate them to seek traffic by any means possible.

Edelman Critiques Google AdWords

Edelman took particular notice of ads that appear to violate Federal Trade Commission rules on ad composition, as well as ads that make false claims. He discussed his findings in a story titled False and Deceptive Pay-Per-Click Ads.

“Read Google’s voluminous Adwords Content Policy, and you’d think Google is awfully tough on bad ads,” he wrote. “What kind of scam could get through rules like these?” Edelman then knocked down that straw man with a number of examples.

First there is the issue of advertisers selling “free” products. “These ads are particularly galling because, in each example, the specified program is available for free elsewhere on the web, e.g. directly from its developer’s web site,” Edelman said.

Ringtones have been another target of advertisers who bill them as “free,” yet victims end up paying a monthly subscription fee. True conditions of such “free” offers are buried in fine print, and violate FTC rules (emphasis added):

Faulting the advertisers for these ads showing up in AdWords does not get Google off the hook either, in Edelman’s opinion:

Google profits from the ads, as do those who bid for their placement. Edelman noted the profit pendulum swings heavily in Google’s direction based on one part of his research:

If Google does follow through on rumors it will buy Facebook for $2.3 billion, it may be advertisers like the ones found by Edelman paying for it.

—

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.

Search engines may process as many as 285 million clicks to unsafe sites every month, a study by Ben Edelman and SiteAdvisor reported. Sponsored sites were from two to four times as dangerous as organic results, meaning that malicious site owners are paying to attack unprotected visitors.

“To compare the safety of search engines’ listings, we compiled 1394 popular keywords using lists of common searches from Google Zeitgeist, Yahoo!, AOL, Lycos, Wordtracker, and other industry sources,” the study said.

“Some lists included adult search terms, which we excluded to maintain consistent keyword content. We considered the first five pages of results for each keyword from each of the five biggest search engines: Google, Yahoo!, AOL, MSN, and Ask.”

Out of those search engines, MSN proved the safest with only 3.9 percent of results proving unsafe or risky. Yahoo followed at 4.3 percent, and there was a tie between AOL and Google, 5.3 percent; that duplication is likely due to AOL using Google search results. Ask proved the least safe of the group, with 6.1 percent results in the test being unsafe.

“We recommend extra caution when searching at Ask,” the study said.

The paid search dangers prove unsettling. Search advertising sellers should be able to impose safety requirements when it comes to who buys ads from them. Apparently adware and spam purveyors can purchase ads with impunity, so the guidelines in place for those major ad sellers may not be strong enough.

—

Add to | DiggThis | Yahoo! My Web | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.