Anyway some of those banning messages seem to be automated or semi-automated; it seems likely to me that that your account will be reinstated upon investigation.

Maybe next time you'll just give a full refund as arguing with a customer is never worth the potential bad word of mouth and in this instance being banned from AdSense.

Anyone who threatens to damage a business through fraud can be arrested. If you are in the US I would contact authorities. Nice thing is, if you billed his credit card originally you can tell the authorities exactly where to find him....

Seems like that would be next to impossible if it was a real name.

Real name is not necessarily public name. My last name is originally Bosnian, very rare. I don't know anybody here in Vancouver with such last name, even in white pages. However, if you google "Omakovic" you will get more matches (english "ch" is how we pronounce Bosnian "c" with a checkmark above). James is my Canadianized name. Let's put my personal life aside.

If your in the US and the customer made threats, press charges! Threats like that are not on the civil side of court, they are on the criminal side......

Anyone who threatens to damage a business through fraud can be arrested. If you are in the US I would contact authorities. Nice thing is, if you billed his credit card originally you can tell the authorities exactly where to find him....

I am in Canada, and same rules apply. I will contact authorities first thing in the morning and see what can be done. I saved all copies of customer emails and threats. At least police can visit him and talk to him; hopefully that would make him think that internet is not a safe medium for threats.

Edit reason: Bosnian letter "c" with checkmark does not display properly

[edited by: James_M_Omakovich at 4:27 am (utc) on Mar. 13, 2007]

how easy it is for .. to hijack other company's publisher account

I think Google has measures against this, although they could allow us to declare our individual sites and make the pubid hijacking a thing of the past.

what can prevent mean individual to click your ads 1000s of times

Almost every one here at one time or another observed fishy behavior and reported it, and almost always they thank you and tell you they have systems in place to take care of this, nothing a publisher can do but keep their nose clean, fly low and report when shelling fish!

Did I just say fly low?
Yes, we fear not click fraud as if anyone can code against it, it is Google, and I personally have no doubt about their coding abilities, it is the bulk business inefficiency mistakes that forces uncertainty, they deal with hundreds of thousands of publishers, makes one feel uncomfortable. No risk no gain, say la veee.

You did well by informing them in time, and did better than what I would have done by removing the code from your pages, rest assured that if all else is clean you will be back in.

What I dont understand is why is Google so blind to not detect an obvious click attack? No wonder advertisers shy away from content network.

Google does detect them, and does not charge the advertiser. However Google doesn't know if the publisher caused the clicks or someone malicious caused them. It's probably more cost-effective for Google to close the AdSense account than to try to play detective in these cases, especially if the account is not a big earner.

What I dont understand is why is Google so blind to not detect an obvious click attack?

You're in the majority -- most people don't understand the difficulties. For example, you get 10 clicks from the same IP address in a 10 minute period. Isn't that an obvious click attack? Or did the local sewing circle meeting at the library find a bargain on peach-colored thread, which they all proceeded to enjoy after Mom said "hey everybody, just go to www.<somesewingsite>.com and click on the ad for Peach Thread Sale"? (Library multiplexes 32 workstations via a single, external IP address).

Tiny publishers can afford the collateral damage that comes with indulging in the myth that IP address == human. Large commercial ops like Google cannot.

Of course, Google is detecting many obvious click attacks -- that's how they are able to automatically ban publishers. This means some innocent folks get shut down, but that's simply unavoidable with any kind of automatic banning process (and Google does not do anything manually for long without trying to automate it). For example, in the OP scenario, poor Google must also allow for the cases where Bad Publisher #1 is probing Google's auto-detection abilities by a) sending letter to Google claiming imaginary bad guy is threatening to attack then b) initiating attack to see if it is detected. To beat a dead horse: no algorithm can discern human intent.

Google can't win this war, they can only try to win enough of the time to keep the business model from collapsing.

Maybe next time you'll just give a full refund as arguing with a customer is never worth the potential bad word of mouth and in this instance being banned from AdSense.

I don't want to work for incrediBill's consulting company! A large refund on intangibles, or recoverable tangibles is one thing, but a lot of consulting companies live hand to mouth and a "no questions asked" policy can leave your employees asking you plenty of questions about why their paycheck isn't going to clear this week.

As Hobbs pointed out, click attack does not have to result in 1000's of clicks from same IP address. All malicious user has to do is click 10 times or more within a short period of time and that's it - you are click attacked without even realizing. And what else can you do when a malicious user threatens to click-attack? We reported it to Google (and I also reported it to local authorities, Vancouver Police Department, yesterday. I will not comment on that, but a threat is a threat and it's a crime).

I still trully believe Google will reinstate our account. It's just a matter of days. I believe Sandpetra pointed out it took 5 business days for him to hear back from Google, and then they reinstated him. I have a good feeling that the outcome will be to our satisfaction.

Edit Reason: little annoying spelling error

[edited by: James_M_Omakovich at 2:31 am (utc) on Mar. 15, 2007]

Having experienced multiple clicks by a single surfer, I can say that G discounts most clicks and will not normally ban.
There must be some sort of a 'pattern' detected by G before their automatic algo would autoimatically ban.

Also IMHO, small publishers with say 50 - 100 clicks a day would be more suceptible to this kind of a ban. Larger publishers would normally get away unless there is suspicious activity over a longer period of time.

Also as EFV is fond of saying, if the site goes in for a human review, it must be able to pass the 'SNIFF TEST' . If site is made for adsense, it may not pass such a review.

As far as I know google is not a sovereign nation and cannot impose thought crime laws on its subjects.

You need to look up the legal definition of fraud.

From [dictionary.law.com...]

n. the intentional use of deceit, a trick or some dishonest means to deprive another of his/her/its money, property or a legal right. A party who has lost something due to fraud is entitled to file a lawsuit for damages against the party acting fraudulently, and the damages may include punitive damages as a punishment or public example due to the malicious nature of the fraud.

In this case someone stated that they were going to make a click attack for a malicious reason. Since they stated this, they would have to go to great lengths to prove that the reason that they clicked all those times was NOT fraud.

Doubtful it's a crime, but it sure sounds like tortious interference. It's a deliberate, premeditated, and malicious attempt to interfere with a business relationship: your company + Google.

Even if it were a crime, the cops are far too busy with bigger cases. They don't have the time or money to deal with this.

Good luck with the account reinstatement. Internet terrorists be damned!

p/g

Another good news. We just got email from Google.
Google stated they are still in the process of reviewing our account with the additional information that we have provided. Things are looking good.

If they reinstate, I am definitely going to use professional click-tracker so we can prevent suspicious clicks and save our face with Google.

Things are looking good. Keeping my fingers crossed. I've always been optimist, even in tought times. Five years ago, I opened a business in Vancouver, I had my office on Granville Street (high prime downtown area) and it collapsed within 9 months. I did not give up, I was optimistic and I pushed for another business. My consulting firm slowly grew from 2 employees to over 20 employees in less than 3.5 years. Had I realized that e-commerce is a gold-mine earlier, I would never go into traditional types of businesses. Now, I have given a task to my employees to create 4 big projects just for our company. One will be similar to newsvine.com (I absolutely love their concept and have been in touch with Calvin for some time and praised their team for creating awesome web site); the second will be similar to digg/spotlex but with a twist; the third project will be website similar to hotscripts with software and script contributions and programming; and the fourth project under development will be totally new concept that I butt my head against the wall to come up with. I trully think these projects will be successful. I am 150% sure, absolutely sure, they will be successful.

I am going to stop bothering you with my plans. My brain is factory of ideas, they are boiling like crazy.

There is no law against clicking on adsense ads.

There is when you send someone a threatening letter claiming you're going to cause harm via click attacks when you don't refund his money, then it's blackmail. Not only that, it's FRAUD for the advertisers involved, not to mention tortious interference with a business.

It's open season for criminal and civil suits.

And without their cooperation, even if it was an intentional click attack, there will probably be no real consequences for the perpetrator. Unless maybe if they have an AdSense or AdWords account.

Not so sure about the fraud, as the people who are doing the clicking are not profiting (and do not intend to profit) from the clicks. They are merely trying to muck things up for someone else out of spite.

Google's policies and business practices are neantherthalian (sorry cavemen).

Google obviously knows that there was click fraud and it should be equally as obvious that it wasn't you who was doing the clicking.

The nerve of them seeking information from you from your logs - how absurd is that. They have every freaking piece of information that you could possibly give them and a whole lot more.

Google! quit being such buttholes and simply discount the clicks like you do in 99% of the other cases and leave the poor op alone.

ps. I'd like to see Google try to cancel a major advertiser's account because some customer did a bunch of ticked-off clicking.

Keep in mind that it's highly unlikely Google will divulge the exact nature or source of the invalid clicks.

That's why you file a criminal case against the guy that threatened you and they subpoena that information. Once it's entered into open court as evidence, then you have it for your civil case ;)

[edited by: incrediBILL at 11:57 pm (utc) on Mar. 15, 2007]

Google obviously knows that there was click fraud and it should be equally as obvious that it wasn't you who was doing the clicking.

Of course, since Google can use reverse-optic-transference technology to see who is on the other end of each IP address. BTW, please put some pants on when you're posting here.

Actually that's an important reason why (IMO) such click attacks are rare -- it exposes the attacker to significant civil and even criminal liability, and not many people are clever enough to launch a click attack and not get caught one way or another.

I wouldn't be too sure of that. In principle, anyone who has either implemented an HTTP client or server knows how to launch such a click attack. While the number of such people as a percentage of the world's population is very small, there are a substantial number of people who can implement HTTP clients or servers. I'm not suggesting that all, or even most of such people would commit click fraud, but that the knowledge is not as rare as it might seem.

G should make the "whitelist" system so we do not see such a cases in future.

please put some pants on when you're posting here

Proposing a change in the WW Charter?