Our posts earlier this week about the alarming amount of click fraud at Facebook left more than a few unanswered questions. The problem is real and was confirmed by Facebook. But what wasn’t clear is exactly how or why it was happening. Now, after we’ve interviewed a number of advertisers and fraudsters, we know exactly how and why they are doing it.
First the why. Click fraud is serious business on the big search engine advertising networks because the bad guys can make serious money. Sign up for an Adsense account and put those ads on parked domain names or wherever. Then all you have to do is start clicking those ads like crazy, using bots or cheap labor. The search engines fight this via obvious and not so obvious means, and an arms race begins. To win you need access to a lot of good IP addresses and not get too greedy. And like inflation and the government, a little click fraud is tolerated by Google and others. It keeps the dollars flowing.
But Facebook is a different story. As of now they don’t really have an Adsense equivalent – Some App developers can run Facebook ads for a revenue split, but that’s it. Those guys wouldn’t be able to get away with click fraud for very long because there are too few of them and it’s too easy to monitor spikes in performance.
So what’s the incentive? We’ve spoken to a number of Facebook advertisers who have explained exactly what’s happening – advertisers are clicking on competitor ads to drive up their costs and drive down their ROI. As advertisers leave the system in disgust, prices go down and the people left win.
At least that’s the theory. But what’s really happening is better explained by game theory stuff that we all learned in micro economics courses. The advertisers know they’d all collectively be better off if they didn’t engage in click fraud against each other. But anyone that “does the right thing” is put at a severe disadvantage competitively. So unless and until Facebook can put a stop to this, advertisers argue that they are actually forced to engage in click fraud to have a fighting chance at making any money.
Some of these guys are spending $30,000 a day on ads on Facebook alone (the maximum for self serve advertisers) and put significant capital at risk. They’re not particularly worried about much more than keeping that capital safe, and earning a living.
And for the most part these are affiliate marketers – middleman arbitragers that don’t create or sell products but simply pass leads and orders on to others who monetize users directly. They have to monitor ROI carefully, particularly because they are paying Facebook per click and in turn getting paid for conversions (sales, leads, etc.). Click fraud puts them out of business fast.
Facebook Click Fraud 101:
Here’s how advertisers are engaging in click fraud:
First, its hard to even see the ads in the first place. On search engines they are there on the parked domain page, or you see them when you type in a query. But on Facebook ads are hyper targeted to users based on deep demographic data – like single men who live in San Diego and like the Xbox and U2, for example. If you aren’t a user who fits that description on Facebook, you don’t see the ads.
So the bad guys just create thousands of fake Facebook accounts with a wide variety of demographic information. This sounds like a lot of work, but it’s highly automated. One advertiser told me how he paid $200 to an Indian operation for 2,000 Facebook accounts. Another said the going rate was just $10 per 100 accounts if you supply the unique email accounts. Once the accounts are created, they use software to fill out the varied demographic information, and that software also manages all these accounts.
The fraudster then logs in to Facebook via these accounts and views the ads that are displayed. The right competitive ads come up and Bingo, the software then clicks them. Facebook rules allow an account to click any advertisement up to six times in a 24 hour period, and all those clicks are charged. All you need is a few accounts to view the ads and then click to the max. Facebook even makes it easy to find the ads. They have an “Ad Board” that shows all ads targeted to that user (mine has 15 ads on it).
Often the fraudsters have their art down to a science and their software clicks ads so fast and moves on to the next one that it doesn’t even hang around long enough for the underlying URL to resolve. Facebook still sees (and charges for) the click, but the advertiser’s server never registers a page view. That’s what bugs advertisers the most. In our original post we quoted one advertiser who at least wanted to see the traffic from the spam bots: “If I were at least getting bot traffic or something that would be one thing, but right now Facebook is simply stealing 20% of clicks that I paid for, which adds up to thousands of dollars.”
The people we spoke with say they’ve been doing this since last year, and have had almost no account profiles shut down. “Just 2 of my 2,000 accounts were closed” said one source.
How Facebook Is Fighting This:
We’ve spoken to Facebook a number of times this week to understand how they are fighting click fraud. We also wanted to wait on this story until Facebook felt comfortable that we weren’t going to make the situation worse by mapping out how fraud is done.
Facebook says the fraud is now under control. One way they monitor fraud is to view conversions off ad clicks – some ads ink to other Facebook pages where surveys and offers are completed, and Facebook can monitor if a click results in a conversion. Conversion rates have stabilized since the changes they made last Sunday, Facebook tells us, meaning fraud has decreased.
Facebook has told us a few ways that they are combating the fraud. They’ve asked us not to publish all of those methods because fraudsters may have an easier time bypassing the defenses. But we’ve checked with experts who agree that the protections Facebook has put in place make sense.
One thing Facebook is willing to talk about on record is that they are heavily monitoring click rates on ads and flagging accounts that are statistically out of bounds for human review. It doesn’t sound like they intend to close known fraudster accounts down, though. Just keeping an eye on them and reversing any ad clicks may in fact be a smarter way of combating them and gathering more data. I agree.
Advertisers who’ve been affected will have credits applied to their accounts automatically, Facebook says. And they can also contact Facebook directly with concerns.
Some advertisers are saying click fraud rates haven’t declined this week at all, but others are saying they see a significant decline in fraud over the last few days. We’re working with one group who’ve set up test ads to monitor fraud on Facebook as well. As of tonight they are still seeing discrepancies in the number of clicks Facebook says they sent and what their server logs show. So clearly the problem has not been fixed entirely, and it probably never will be. It’s an arms race, but at least Facebook is admitting to the problem, and actively fighting it.
I think, it is high time, FaceBook should take Google’s help regarding this issue! But, their ego appears to be stopping them! There is not much time remaining for FaceBook to Doom…Twitter is its sure-shot successor!
Google isn’t much better, they make an awful lot of money off of fraudulent clicks, and possibly even more off of scams that directly impact legitimate advertisers. I have contacted Google on several occasions about advertisers who were not only violating their TOS but running outright scams.
Google’s moral algorithm is clear: advertisers that make them more money are always right, regardless of TOS compliance or whether they are within the boundaries of the law.
If your campaigns are effected by these advertisers you get no recourse, you get no voice, and Google won’t even talk to you. All you get is a canned response.
Rule: if someone spends thousands of dollars on your website a canned response is never appropriate, never.
this is the first good article that you have written since the launch of twitter and I love it. Can you please write such informative articles more often? I guess all the readers will appreciate that.
Haha, true!
Excellent. This is the type of article I would expect from TC! This is the type of tech journalism I want and expect. Thank you Michael
Great article.
Well researched and written.
No bs tying it back to other issues that really aren’t related or any other douchey blogger tricks.
Just great… dare I say it… journalism.
More like this, please.
You guys have got to be kidding. This article should have the headline – TC in the FB tank again. Who cares about FB fraud, a fraudulent company who enables its users to join in on the fraud.
Screw holding back info, publish the details, then maybe FB will start to clean up its act.
I agree, this is a great article. Actually today has been a good day for TC, lots of great articles.
Love the game theory parable: winners outweight losers, so the game continues. FB wins more revenue and more members (which means: inflate its valuation). Clickfrauders win too (bankrupting rivals & cheaper ads). The only loser is the victim, who was expendable & ignorable.
But along came TC, screwing up the equilibrium. haha!
Wonder how many of those 200 million facebook users are actually bots…
i think that would be interesting to see for quite a few sites .
Probably ~90%
Or did you mean only non-human bots?
That’s very informative. Although I wonder how a large company can conduct such dishonest policy?
Great topic to discuss. I’m really curious about the “few ways they are combating fraud.”
And can someone more clearly explain the prisoner’s dilemma here. If everyone doesn’t click, then everyone wins. If party A engages in click fraud, then party B gets a lower ROI and might leave so prices are driven down.
I don’t understand why party B would decide to retaliate and do click fraud also.
To realize any “benefits” from committing click fraud the transgressing party must be in for the next round of advertising to take advantage of the lower rates.
Therefore, if B knows that A is committing click fraud then B also knows that A is going to be in the next round of advertising–and won’t drop out and lower the rates. So what does B gain at all from committing click fraud other than damaging A’s ROI?
great article, very interesting reading
“advertisers argue that they are actually forced to engage in click fraud to have a fighting chance at making any money.”
amusing they claim their stealing is ok because other people do it
I’ve seen ads that claim to have found friends that are complete BS. One was like “Add Person X as a friend, you both attended school Y”, except the person in question was my cousins teenaged daughter and I live in a whole other country and we have never met let alone been to the same school.
@Facebook Better to use Google Adsense or Microsoft or Yahoo ad Service than Creating its Own
Facebook needs ConnectU’s help.
Great article Mike, and I have to agree with T, this is one of the best since the launch of Twitter and onslaught of Twitter related articles. I read TC daily and this is the first time I have commented.
Once again, great article.
Jonny
Funny that a forum full of charlatans and script kiddies are now crying wolf because they’re the victims of click fraud.
Couldn’t have happened to better people.
Instead of removing the usernames associated with users for no real reason (experimenting was my fault), they should be stopping click fraud… Maybe they should set up timers and captchas from time to time at varied places to get the bots to get stuck… And maybe if the US could outlaw captcha entry and user account sales and purchase and at sites like getafreelancer.com, scriptlance.com etc, the world wide spam and fraud will reduce by 50%
Hey Michael,
This is a much better article than the first one — and also confirmed some of my thoughts:
1.) The tracking script part as a source of the problem.
2.) The cui bono question — those “greg makes money” and other ebook fellows are always prime targets for competitive fraud. It’s mildly amusing none of them seemed to bring up competitive click fraud as a potential issue in the comments of your last article.
In regard to competitive fraud, I know it’s always an issue on Google with the very competitive terms — there is simply no good way to combat it other than “scoring” (”smart pricing”) the traffic sources; however, that is something facebook can’t do.
Also, I think your game theory analysis is a bit off — the players are not collectively better off with no fraud. They are all selling the same product, no fraud means non advantage, no advantage means perfect comp. and “no profits.”
I think people should cut facebook a little bit of slack — PPC fraud is a really difficult thing to tackle, but my guess is that fb should have an advantage b/c all the users are logged in… as a result they can build up behaviorial profile of the users and “sandbox” users from affecting ad accounts; yet not hurt the users experience if they turn out to be real.
In fact, given the statisical analysis available for fb you should be able to “score” whether a user fits within two dev. of the mean profile assuming a gaussian distrn of behaviorial scoring features etc…
It’s a very interesting statistical + statistical learning problem. I wish I knew more about the problem and also how to solve
Follow up:
Check
http://www.geta...eyword=facebook
to see facebook captcha entry and bot, add 5000 users to group etc…
http://www.scri...open&desc=1
These are the sources of all fraud… (Disclaimer I used to do some freelancing there)
My theory is you should not link facebook and twitter accounts together, you can still maintain both accounts but keep separate entries. I already have noticed huge amounts of additional spam on twitter since the marriage to FB. Very dark clouds are prowling.To many doors to the same content is not good……………
I’ve even got an offer to hack into GM and Ford and I got an offer of 3000$+ at getafreelancer, I just made the guy a fool and declined…
First, kudos to Micheal, I agree with others that this is a well-done, very informative post and one we’d all like to see more of at Techcrunch.
As for the FB-related fraud, one does have to wonder how much action FB would have taken had advertisers not started bitching about it, and had Techcrunch not posted about it. Their relative lackadaisical, vague and late response helps to support the common notion that FB does not really care about giving advertisers a good advertising solution. Maybe they start to need to treat advertisers like, you know, the people who are ultimately paying their salaries.
I agree with your statement to a point Jon; however, consider:
Remember if what M.A. is saying is true — that the SAME population cmplaining are the ones doing the fraud well it kind of explains the slow disclosure by fb.
Also, having seen click fraud first hand, people will try to cheat you in really obvious ways (like 50 clicks on a $1 term from the same static IP address) AND COMPLAIN that you are not paying them money etc.
We had some early success getting users through Facebook Ads and also saw a number of paid clicks that never registered on our servers. It was not an overall positive experience and we stopped that advertising.
Where is your server?
I believe the real core of the click fraud problem is the whole ad delivery mechanism as it currently stands. Simply tracking and charging for clicks or single ad impressions is pretty lame and it’s about time a better idea was implemented whereby advertisers get real value from their ads and click fraud is dealt with once and for all. Unless something is done globally across the entire web then ultimately we’ll just keep going round and round the same problem – just like trying to filter porn – lots of talk but little action.
The future of the web as a commercial platform is tied to advertising – why are we stuck with such a archaic concept right now when our PC’s, the web technologies available today and the legions of developers out there can offer so much more?
I agree! Pay-Per-Chat is a new real-time advertising concept and model that addresses all those short comings.
Check it out here:
http://www.sear...y-per-chat.html
Tht’s really worrying. Hope this thing gets resolved soon..
I spent over $4000 with Facebook this month over the course of four days, and got credited back $59.
Ridiculous.
Very Good Article TechCrunch.
One thing you didn’t point out however is this very simple fact:
* In search advertising, click through rates can be very high – like nirvana high – if you have the right offer.
* on social ads like on facebook, click through rates on average are VERY VERY low. like less than 1% on average.
Less than 1% is not a business model, it’s a ROUNDING ERROR. So in short, fraud may affect google et al in the search space, but the underlying ad unit is so valuable that us buyers will tolerate it as cannon fodder.
But when it comes to these social ads, I mean c’mon 20% on 1% is not just material, it’s borderline suicidal!
Wow the CTRs are that bad? I’m used to a different channel with 30-40% CTRs
Google is no better. We used to own an online retail store five years ago. We sold children’s products and represented about 50 mfg companies. Every morning, competitors would click on our Google ads until our daily budget was blown through. Seriously, by 10am eastern, our budget was blown and no sales. We were spending thousands a month on google and gave up after two months. There are some businesses that simply operate this way.
Did you do it back to them?
We just pay per impression. It turned out cheaper anyway. When you insist on paying per clicks as an attempt to guarantee ROI, you are just playing a fools game anyway.
I guess our competitors could create thousands of accounts that fit our criteria and jack it up that way, but they’d be hurting themselves because they are going after the same criteria.
Michael – good article – and begs the question – how many FB registered accounts are actually real people.
And given the recent growth in FB users is overseas – and most of these $10 deals on click fraud accounts are run from basements around the world – what do you think is the percentage of accounts that we should be discounting from FBs hockey stick growth charts?
Most of us have been discounting the users who register, but seldom use FB. Now add to that an exponential growth in fraudulent accounts (which are considered active – but the bots have taken over) – and the picture does not look too pretty anymore.
Any thoughts here….
Good question… Why is Facebook specifically not closing down the fake accounts?
Any estimates on how many fake profiles there are, and what % of their growth is generated by software scripts and freelancers who create 2000 accounts for $200?
G – so right. With about 25% – 32% “registered” bots traffic on Twitter for example (that’s like unemployment figures — just double it to get a real number) one might assume we live in a world in which Indian tech slave labor + endless bots would glut the Net as a whole, not only Facebook, Twitter and such…
I work on a case study re: click fraud on Twitter and cannot believe my own eyes, even now, at study’s very early stages…
great piece. nice followup to first post.
really investigative reporting / educational writing.
kudos.
What is Google doing to avoid similar fraud? I know they will occasionally credit back so called “bad” clicks but it seems like this would be even more prevalent with their AdWords advertisers.
very interesting, another challenge for facebook as it learns the advertising space from scratch.
and agree, good piece Mike – this is the more investigative reporting that i miss from the early days at TC.
Awesome article! It’s great to learn about this kind of thing.. I really didn’t grasp the complexity of these click fraud bot networks. That’s amazing.
great piece of news. Gives an insight how things were working
Michael,
Thank you so much for doing these articles, its the only way facebook would even acknowledge what many people have been complaining about. Your work has been very much appreciated.
Let’s see if facebook actually issues any credits.
How is this different than when a TV is on in a house, but no one is watching it? The station still counts that as a “viewer” and the advertiser still pays as if someone viewed it.
“Fraud” in advertising is about as old as time. The fact that people are doing it online shouldn’t be a surprise.
Probably the worst comparison, ever! It’s different in the respect that CBS doesn’t have a warehouse with 75,000 televisions tuned into their station.
You should know by now that viewing numbers are based on surveys by Nielsen. So it doesnt really matter if you watch or not.
Wouldn’t a solution to this problem be to group users by the number of friends they have/the amount of activity on their wall/other means of measuring “human” activity, and then charge a click-thru-fee depending on how active the user is on Facebook? That would almost completely eliminate the value destroyed by all the ghost accounts set up via mechanical turks, or at least make their job so much harder.
So what you are saying is that these people are blaming Facebook for not preventing the dodgy strategy they have all been using themselves. Something like: “Hey Facebook why dont you try harder to block those fake clicks we have all been engages in generating”
It’s more like “Help us, we can’t self-regulate!”
Ad costs are higher when everyone engages in competitive click fraud. These guys simply want a fair system where they can lower their ad-spend and get a decent ROI.
If Facebook were like Google (i.e. the only real game in town), they sit back and collect on this nice increase in revenue. But they can’t, because Google is the default ad platform should Facebook advertising fail to generate a return. Facebook basically has to achieve some kind of equilibrium here… tolerating just enough fraud to line their pockets while not driving advertisers nuts. They also have to balance against the ROI that the same advertisers could get from Google.
If you ever wanted to know what the smartest people in the world are working on right now… this is probably it.
There are a few simple solutions to this problem.
1) Ban all affiliate links and campaigns from facebook. Only unique and verified website owners will be allowed to participate in Facebook’s ad program.
2) Minimize the number of ads clicked by each account. In one sessions, it’s highly unlikely that a “real” account will click on 20 ads per day, everyday.
3) When an ad is clicked by a user, do not allow that user to click on the same ad twice. While fraud may still exist using this method, it limits the advertiser’s exposure to these fraudulent clicks.
4) Identify bot trends by connecting login attempts and click sequences for these new accounts.
Why will Facebook admit there is a problem while continuing to ignore it? Affiliate marketing is a HUGE source of PPC revenue. Closing out this advertising segment would be a significant loss of revenue. They will address the problem but, similar to Google, will never find the right solution.
So mierdas,porque no poneis,que esta en inglés o en chino y pasamos de las gringadas.
I’m Hispanic and your comment makes no sense? Is that Spanglish you are writing? Tech Crunch is for Geeks and educated people. No reason for profanity ” Ignorante”
Solution: only show ads to accounts that have completed the mobile verification SMS. This would make it too expensive and logistically impossible to automate the registration of thousands of accounts for clickbots.
Then all you have to worry about is genuine accounts being hijacked and used.
It would be nearly impossible to get 200+ million accounts verified through SMS. I also believe most accounts would intentionally not enter the SMS verification to avoid seeing advertisements.
Advertisers are clicking on competitor ads to drive up their costs and drive down their ROI. I couldn’t have said it better than that.
Competitors are clicking on competitors’ ads in order to get their competitors to leave. I’ve seen too many advertisers try Facebook and leave because they spent of ton of money but didn’t get any sales. No wonder!
Great article! It’s amazing that this model still exists. I stopped using any type of PPC advertising due to all the fraud. I advertise my products using mostly engines that are free or CPA based such as Google product search, Bing etc.
I have also been working with a shopping search engine called Sortprice.com that has a very unique model as they charge a Flat rate per month for unlimited clicks. This certainly avoids the whole click fraud mess and the ROI is quite decent. They even setup a Facebook store application for me for free which allows me to tap into the Facebook userbase with my products. http://www.sort.../facebook_store.
For the small-mid size advertisers I recommend diversifying your advertising and marketing efforts to not exclusively rely on PPC. If you must do any PPC make sure to add tracking codes to each one of your ads so you can later check your server logs and dispute any fraudulent clicks.
Under a PPC advertising model there are two inherent flaws:
1) Unethical competitors have incentive to click on your ads –> driving up cost –> driving up frustration –> driving away customer.
2) Companies which serve the advertisements ultimately profit on such clicks. They turn a blind eye until there is an overwhelming outcry or in Google’s case — until a better service makes them change their ways (this has not happened yet).
Additionally, since PPC is a function of the amount of eyeballs, it is more valuable for these companies to serve irrelevant ads rather than no ad at all.
All of our advertisements are monthly contracts. There are no surprises, costs are fixed and both publishers and advertisers are very pleased.
so basically we now know they really dont have nven close to 200 million ‘real’ users. i wonder how the russian investors will take the news lol
thank you for a real article about real things that impact real people.
Very nicely written. Definitely a hard problem to solve.
Good article. Hope to see more like it.
ask Facebook why they haven’t disabled the “Ad Board”.
what possible purpose does it serve other than laying out (almost) every advertiser’s ad on a silver platter? i guarantee that virtually 100% of Ad Board visits are from marketers and bots.
what possible motive would Facebook have to keep it around? hrmm.
$10B valuation for a business whose core revenue source is selling poor performing ad space to shady, fly-by-night affiliate marketing companies and is highly susceptible to a wide range of fraudulent practices?
Sign me up!
Well put!
Michael’s in trouble. Everyone wants more articles like this, but it took at least ten times more effort than the usual TC article.
I don’t understand why Facebook doesn’t put a heavy discount on clicks from people with no friends or no friends that have more than 100 friends… It seems trivial for FB to estimate the chance that a user is real and bake this into their click fraud tracking. This should be a major advantage for FB versus other ad networks in the long run.
We get fairly good response rates for http://www.Live...aseballChat.com but yeh i do have an issue with peopel who click through outside of game hours and leave after 30 seconds when it cost me 50c to have them click through.
We need more granular delivery cotrol of ads being served like i have with adsense that i can restrict to only display between 6pm and 11pm.
I also think the prices for CPC have to fall on Facebook.
Cheers,
Dean Collins
http://www.Live...aseballChat.com
Why won’t facebook give out logs of which IPs an advertiser is being charged for clicks from and then let advertisers block IPs as they see fit? Seems like it would fix this problem completely.
Why are advertisers being charged for repeat clicks from the same user? That seems silly to me. Obviously, Facebook knows who the users are and can track their click activity. Once a user clicks on an ad, all future clicks on that same ad should be free. That will cut down on click fraud immediately.
It’s exactly how our new video advertising platform works at uVizz.com. Advertisers are only charged the first time a user clicks on a video or image (and they have to meet the advertiser’s demographic requirements). If a users watches/clicks a video more than once, the advertiser isn’t charged. Even if they come back and watch/click a video in 2 weeks, the advertiser isn’t charged.
Advertisers shouldn’t have to pay for repeat clicks from the same user.