The Rise of Click Fraud: Is Everyone on the Internet a Criminal?

We’ve written quite a bit about online identity theft here at Freakonomics. But there’s another form of crime that’s been spreading through the Internet over the past few years: click fraud. As its name suggests, the crime involves clicking on a Web site’s ads repeatedly (or, in some cases, employing a software program to do it) in order to pad their per-click revenue

Services like Google Ads and Chitika, which serve as middleman between Web publishers and advertisers, have developed sophisticated means of detecting click fraud. But as with spammers, those determined to do it tend to find a way. And, according to MediaPost, the percentage of ad clicks that are fraudulent is rising every year:

The overall industry average click fraud rate rose to 16.6% in fourth-quarter [2007], up from the 14.2% click fraud rate for the same quarter in 2006 and 16.2% for third-quarter 2007.

The average click fraud rate of PPC advertisements appearing on search engine content networks, including Google AdSense and the Yahoo Publisher Network, was 28.3% in fourth-quarter 2007 — up from the 19.2% average click fraud rate for the same quarter in 2006 and 28.1% for third-quarter 2007.

If nearly seventeen percent of the billions of total ad-clicks on the Internet are fraudulent, it’s likely that a pretty hefty number of Web publishers, or their accomplices, are committing fraud. These figures are particularly surprising given that the total number of spammers worldwide is estimated to be in the hundreds. Granted, the barriers to committing click fraud are extremely low — all it takes is a few (or a few hundred) clicks of the mouse every day — and the monetary incentives, while small (profits-per-click usually only amount to a few cents) are always present. Add that to the very small likelihood of getting prosecuted, and you’ve got millions of Internet users committing the crime. If anything, more detailed stats on click fraud could provide an interesting data set for behavioral economists: if a criminal act is profitable, widely-practiced, seldom prosecuted and unusually easy to carry out, how many people will commit it?

[This post has been appended.]

Colin Toal

Thank you for publishing this story.


just clicking on the Amazon ad should have no effect.
I am pretty sure that once on the site from that click, you have "x" amount of time to select some items and then purchase them before any form of compensation is seen.


"[I]f a criminal act is profitable, widely-practiced, seldom prosecuted and unusually easy to carry out, how many people will commit it?"

Well, let's look as a crime with similar characteristics: Speeding. Widely practiced, check. Seldom prosecuted (compared to the number of instances involved), check. Unusually easy to carry out: check. It's of minor profitability (time is valuable). You can't drive on a road in any major city without seeing it (unless, of course, traffic isn't moving at all). It's actually more rare to see someone not committing this crime.

David G

This article is funny because the six-word motto poll below accused me of voting twice on my first vote. You guys are really concerned with this topic!


Even a poli sci major like me recognizes the poor reasoning in this post: ". . . if you calculate 17 percent of all ad-clicks on the approximately 156 million total sites on the Internet, you've got around 26 million Web publishers potentially committing fraud." Wrong. It's 17% of *ad-clicks*, not 17% of web publishers. Some publishers have more ads than others (and therefore more opportunities/incentives to click defraud), while others (e.g., the NY Times) are so well established that the chances they are engaging in click fraud is low.


I just clicked on your Amazon ad. You're welcome


Just because 17% of ad-clicks lead to fraudulent sources doesn't mean that 17% of all websites are fraudulent. I'd bet good money that 98% of those 156 million websites are responsible for about 1-2% of all Internet traffic, while the top 2% are responsible for the other 98-99%.


The question I have is: how does this affect the prevailing wisdom that web ads work better than more traditional ones? Also, how does the cost to advertising providers (eg, Google) compare to the rates they charge advertisers?


This ignores the fact that clickthroughs are not the only metric used in web advertising. It used to be the main thing advertisers focused on but as the Internet has evolved so has advertising, to where price per impression is paid more attention to than price per click. I'm sure someone more involved with advertising is able to discuss this further, but I just wanted to point out that clickthroughs aren't the sole metric, and these findings may well reinforce the value of impressions, and thus branding, further.


Also to be factored in is either drunken or just plain old sloppy surfing click throughs by unintentional users duped into the click. Impatience, for whatever reason, when coupled with "well" placed adds on web-pages (or even worse those adds that move or pop down just as you are about to click on the link of choice) often lead to a number of mistaken click throughs on my part, and I'm willing to bet I'm not alone.


You use the words "fraud" and "criminal" quite a lot in this post. I know the term "click fraud" is certainly a common descriptor within the online ad industry, but I would caution your tendency to equate "click fraud" with criminal fraud.

There certainly are potential civil contract breach claims that Google and other online ad sellers can bring against those conducting "click fraud", but it is not a criminal act as this post suggests.

Especially in the context of claims of criminality, terms of art and language choice are very important. I hope this blog will be more careful with such descriptions in the future.


And just to be clear, your citation of the BusinessWeek article on the likelihood of criminal prosecution was not about someone charged with "click fraud", but rather someone charged with extortion for threatening a "click fraud" attack if Google didn't pay them money.


The irony is delicious. The business model of music labels today is horribly outdated and everyone knows it and despises them for going after the little man instead of adapting with the times. Google establishes a faulty business model that cannot hope to remain stable, given the broken nature of web technologies, but goes after the people who break their model anyway. Sigh. Everything that has happened before will happen again.

The AccidentalPhysicist

CPA (Cost Per Action) is a much better model for advertisers. The action an advertiser migh seek is a purchase, a registration to an email newsletter, or something else concrete and measurable.

Affiliate programs are based on a revenue split between the ad promoting a product or web site, and the producer of the goods or services. It's pure commission-based compensation.

Having a lot of web traffic (or pretending to) is no longer a guarantee that you can monetize that traffic. Your site must be able to move a more demanding needle to make it in today's advertising market.


Whilst the increased rate of 'click fraud' quoted in the MediaPost article sounds excitingly apocalyptic, I would be interested to find out whether this increase may be the result of changing techniques in fraud detection.

That is, perhaps as the authorities become more adept at identifying click fraud, the incidence of it appears to increase.

Perhaps, also there are changes in the definition of what clicks are to be classed as illegitimate.

Unfortunately, the generalised definitions and mysterious operation of the "proprietary click fraud detection technology" as set out in the googiewoogie article leave me apprehensive about the data.


"Assuming that the vast majority of click fraudsters are individual site publishers looking to boost their revenues, if you calculate 17 percent of all ad-clicks on the approximately 156 million total sites on the Internet, you've got somewhere around 26 million Web publishers potentially committing fraud. "
The whole argument just does not make sense (as pointed out by #1 and #8). You could have every publisher cheating for 17 p c of their clicks... or 1 publisher cheating for all, using some highly efficient software. There is no relation at all between the 17 pc of cheated clicks and the number of publishers involved in it. It is rather likely that a few of them, using automated sofwares, cheat on huge scale (and at a much higher ratio than 17 pc), while most of them just don't.
And your line of reasoning is totally contradictory with the fact that spammers are only a few hundreds... Assume 50 pc of mails sent are spams (which does not seem overrated...), then 50 pc of email senders should be spammers, which would imply that only at best a thousand or so people use mails...
It seems to me that the conclusion is the reverse:
"if a criminal act is profitable, widely-practiced, seldom prosecuted and unusually easy to carry out, how many people will commit it? ". The question should become "why so few people cheating?"


Chris Harris

Click fraud is not nearly as big a deal for Google, Yahoo, or MSN as it is commonly believed to be.

This misunderstanding is due to the fact that most people think about it this way:

Two companies, A and B, advertise the same product. They each pay $1 / click and thus their ads are shown about equally as often. One day, the owner of company B decides he's going to really get the owner of company A. He goes to Google, does lots of searches for their similar product, and clicks on A's ads furiously. Then, he hires scores of people in 3rd world countries to click away day after day, increasing A's cost of advertising... bankrupting him. Click fraud brought down company A, right?

Well, this isn't quite accurate.

A better way to think about this is more like a grocery store. Walmart can charge less per item (low price per click - PPC) but sell a lot more items each month (high click through rate - CTR) and clear more money each month than its competitors.

Google (and the others), don't show ads based purely on who offered the most money for the ads. They show ads based on the product of the PPC and the CTR. This is how Google maximizes its revenue: (# clicks) x ($/click). NOT just $/click.

Therefore, what happens in real life is this:

As soon as company B's owner starts clicking furiously on company A's ads, company A will notice that their ad's CTR will skyrocket. Let's say it goes up by 10x. Two things happen simultaneously:

1. Company B's owner is clicking on most of those ads - so presumably since company B's owner is NOT buying company A's products - company A will see a 10x DECREASE in sales per clicked ad. This is obviously bad for company A -- in order to keep the same advertising ROI -- company A will have to reduce his advertising budget to only 10% of what it was before. If the number of times the ads for company A and company B remained unchanged... company A would be worse off. But this isn't what happens.

2. Company A's ads are now being clicked on 10x more... so Google "notices" instantly and starts showing company A's ads 10x more often than company B's ad in order to maximize their revenue.

So what's the net effect?

Since company A noticed they were getting lower sales, they decreased their PPC to 1/10th of what it used to be. Google noticed company A's ads were getting clicked on 10x more often.

Therefore, the net change is: PPC x CTR = 1/10 x 10 = 1 = NOTHING!

The only "problem" occurs in the time lag between when Google notices an increased CTR vs. when company A notices and decreases their PPC rate. During this time lag company A is really losing money. However, once company B notices he's not doing much to change the situation... then assuming there is a similar lag after company B stops committing "click fraud" most of this real loss will be offset by a similar real gain.

Therefore, in the whole scheme of things, click fraud is really not a big deal because the ad markets are so competitive (aka efficient) and most companies spend considerable time monitoring their ad spend & conversion rates.

Hope that helps. I hang out here every once in a while, but not as much as I'd like. However, I'm sure there will be quite a few thoughts on this, so I'd love to hear from you on my new venture outsourcing blog if you have any additional questions/comments about this!



I suppose that if this is really profitable, then people would set up outsourcing firms. Train workers in India or VietNam to click ads in patterns that are more natural than computer script programs.


I wonder how many people counted as "page views" are actually seeing the ad? I use the Adblock add-on and block all third-party advertising content at the domain level, and for a lot of adservers block them in my hosts file as well. So when I load a page, is it being counted as a "page view" even though I never see the ad? (I still occasionally get caught by a shifting page element and accidently click on an ad link.)