It's a sobering statistic, to say the least. If nothing else, it reinforces the need for all active PPC advertisers to be proactive about measuring ROI and monitoring clicks. It also, I believe, reinforces just how perilous the PPC business model upon which Google arguably derives the bulk of its revenue is based.

they really need to start taking this seriously before they lose my whole ad spend!

Where's the peril? If click fraud really is 17%, why can't advertisers just take that into account in their bids and budgets? To me, and maybe I'm naive, that doesn't seem like a lot and is also easily compensated for.

If there were more fraudulent clicks out there than valid, I'd understand the concern, but unless I've interpreted this wrong, 5 out of 6 clicks are valid, according to Click Forensics (and they're a biased source...).

Disclaimer: I'm just a guy with a small content site that goes back to 1996 (so not MFA!), so if I'm missing something obvious please explain in simple terms.

It's a sobering statistic, to say the least.

Let me add to the joy. These statistics are only about detected clickfraud. Real numbers are possibly far worse.

Oh goody, the sky is still falling. Thanks for the update, Click Forensics. See ya' next year. :P

A fuller report is here on WebGuild [webguild.org].

Here's Click Forensic's CEO explanation for the rise:

According to CEO Tom Cuthbert, three components contributed to the rise: more dollars filtering into pay-per-click (PPC); increased competition in the click firm industry; and rises in cybercrime and botnet activity resulting from the poor economy.

1. I thought the reason Google was laying off thousands of workers was because there was a decrease of dollars entering PPC. Add to that the reports over at the AdSense forum where the plunging economy has coincided with a precipitous drop in earnings for many publishers, it may be fair to assume the opposite is occurring.

2. Google has removed thousands of arbitrageurs from it's program. That would indicate less competition, not more. There have been several low profile cullings throughout the year where many publishers were booted out for violations of the terms of agreement, and many others have been given the chance to change their web pages to bring them into conformance with Googles terms.

3. Is botnet activity really tied to the poor economy? Does it go down when times are good?

From Click Forensic's blog:

In Q4 2008, the greatest percentage of click fraud originating from countries outside the U.S. came from Canada (7.4 percent), Germany (3.0 percent) and China (2.3 percent)

Canada? Click fraud center of the interweb?

Oh Canada!

I'm not for a moment saying click fraud is not an issue, however exactly how wise is it to take reports on click fraud from a company whose whole business relies on people worrying about click fraud (or the cynical might say even the suggestion of click fraud) to sell services.

Even on their own site the click fraud index doesn't go into any detail about the methodology. I'm sorry, but I'm calling BS on this.

According to them it's "the industry’s first independent third-party click fraud detection service". But, hang on, they sell software that helps people detect click fraud. Great PR and people are eating it up, but I don't see how their very limited and probably inaccurate data is adding anything to our understanding of click fraud.

If there were more fraudulent clicks out there than valid, I'd understand the concern, but unless I've interpreted this wrong, 5 out of 6 clicks are valid, according to Click Forensics (and they're a biased source...).

Disclaimer: I'm just a guy with a small content site that goes back to 1996 (so not MFA!), so if I'm missing something obvious please explain in simple terms.

if you were advertiser you will think differently...

I will fight fraudulent clicks any way i can even if it was 1%

Even on their own site the click fraud index doesn't go into any detail about the methodology. I'm sorry, but I'm calling BS on this.

Heh. Nobody goes into detail about methodology (except people outside of the online advertising industry who just approach the subject as an academic problem).

As always, my advice: Study the Internet protocols and the architecture; get informed about what can and cannot be known about HTTP traffic.

3. Is botnet activity really tied to the poor economy?

It certainly could be. After all, people who are out of work still need money. They may turn to crime when they can't legitimately earn money.

Does it go down when times are good?

Possibly. Why risk getting caught in criminal activity when you can make money legitimately?

Thanks, powerstar, I appreciate the response. I know if I were an advertiser I'd think differently. That's why I thought I should acknowledge that I'm not. However, you've really not explained why this is such a problem and why you can't just compensate for the click fraud.

I think click fraud is damaging to everyone but compromised computers are doing much more than allowing a path to generate them, they're opening a path for those computers to replace adsense with other ads entirely.

Webmasters have an easier time spotting this when they work on their own sites but visitors would never know.

Hmmm. I see a conflict of interest. If there was no click fraud to report, would this organization have anything to do? ;-)

Click fraud is there, regardless of what those that base their business on it say. For me, click fraud is anything that is outside of the scope of a regular searcher looking for information, including impressions and clicks coming from competitors doing a research on their opponents (a reason why I called to get AdWords preview tool make real links available on both paid and organic results).

On the other (aka Google's) side, to which extent any system can go in click identification and differentiation? A tough one.

Still, we want our money to be respected. Would you buy a car that spills gasoline around?

It's absolute common sense that click fraud is a massive problem. You don't need a study to give you a %. Some businesses may be robust enough to absorb the fraud and still get a decent ROI but I bet many small start ups lose heavily as they're testing the advertising waters.

Good point maximillianos! If I am in a business of selling prostate cancer cure products, I'll make a frightening press release that prostate cancer is one of the deadly diseases for men.

As a publisher I hate click fraud as much as the next guy, but as long as advertisers get a decent ROI, why worry about click fraud? If the ROI decreases, they will simply decrease the cost per click. It sucks for honest webmasters, but I just don't see the yearly panic every time they come out with their numbers to promote their product.

Personally, I think compromised PC should simply be disconnected by the ISP until it is fixed, especially those used in DOS or spam bot nets, a far worse problem.

It is a problem, especially since this sort of advertising is called things like "efficient", "measurable", etc

But guess, what, tv comercials are on and I am just leaving for s()itting on my throne. Who is going to measure this? The TP producers? They might then teach you that candy bar commercials might even be more effectfull on TP than on TV...

maximillianos, an interesting point. And we go back a little bit to whether online companies are acting ethically and whether we trust them to police themselves. Shill Bidding on Auction sites has been shown to be higher than reported figures at only 3rd person researcher observance, and its precisely because online companies are not developing ethical codes of conduct that they finding it more difficult to defend themselves when reports such as these come to light. Can I block IP ranges so they don't get shown if they request a Google results page?

Ethics in the eyes of a consumer is fairly straightforward at the end of the day, it is about removing doubt and convincing people that you are acting in their best interests. What business would say that they didn't do that? Google does have something, [investor.google.com...] but it's not exactly succinct! And it's written with business as the monolith.

I don't suppose there was any indication in the sectors where the click fruad was taking place? It would be good to frame this.

I spent some time on this topic 3-4 years ago with a startup and with one of the big three SEs and concluded that the ad networks are perfectly happy with the status quo and want nothing to do with anti-CF solution providers. If you search only for posts from 2004 you will notice the same three or four company heads who were clamouring for attention, month after month. I think they have all moved on to pursue something more lucrative, or have given up looking for free publicity.

Like MB hinted, watch out for the next buzz about click fraud in the usual newsletters -- it will have originated from one of these solution peddlers.

I also see some invalid clicks appear in Google adwords after using PPC Audit, it quite lot of expense especially expensive keywords.

I don't care one bit about it other than from the perspective that if they do start controlling it my ROI would go up and thus the amount I'm willing to pay for clicks would go up as well.

Our bids are based on how well the clicks perform regardless of whether they are legitimate or fraudulent. The only time I even think about click fraud is when the report comes out each year. Otherwise, if a site in the content network doesn't perform, they get cut. I couldn't care less why they aren't converting.

Click Forensics trots out its click-fraud allegations on a regular basis (the claimed figure is usually in the 16-17% range), and it gets a lot of publicity each time it sends out the latest version of its press release. Unfortunately, Click Forensics doesn't share its methodology, so for a better picture of what the big CPC networks are doing to detect and compensate for click fraud, we'll need to rely on a lengthy report in PDF format that a professor at NYU prepared a while back in a lawsuit involving Google and a plaintiff named Lane Gifts. (The study was commissioned by the court.)

[googleblog.blogspot.com...]

this is why i stopped managing PPC a few years ago when i saw my monthly budget dissapear in one week due to click fraud...

and no one could do anything about it for me...

its a losing battle on this end... the Advertising companies on the other hand, are just sitting back raking it in...

How many claims of "click fraud" are just whining by advertisers that can't write an ad that actually targets the people they want it to?

Clicks that are the result of poorly written ads and worse targeting are not fraudulent, but I'd guess that more than a few advertisers think they are.

Ken_b has a point. For instance, an advertiser targeting keywords using broad match and bidding it to the top of the page is setting themselves up for useless clickthroughs because Google searchers tend to click on the first result no matter what your ad copy says.

A more interesting report would be an investigation into click fraud that investigates the campaign first before taking the person's word that it's fraud. Then for that report to discuss how much of what is perceived as click fraud is actually a poor campaign.

Assuming:
- most of the click-fraud occurs via hacked computers,
- most of the hacked computer owners don't want to pay for quality security,
- this is costing Google a lot of money.

Google should sponsor a free GPL anti-virus / spyware service. Then armies of compromised computers could be protected freely - which would save big money for Google (and a lot of other corporations).

this is costing Google a lot of money.

How so?