Ad Fraud

How to Detect Ad Fraud with Google Analytics (for Free)

Pinterest LinkedIn Tumblr

Google defines ad fraud as “Any clicks or impressions that may artificially inflate an advertiser’s costs or a publisher’s earnings”. Invalid traffic covers intentionally fraudulent traffic as well as accidental clicks.

Ad fraud detection then becomes imperative for publishers. AdSense ad fraud can be demarcated into three broad subcategories:

Ad Placement Policies: This relates to the position of ad placements on your website. This includes placing ads that might encourage accidental clicks or near navigation/pagination menu.

Content Policies: This relates to placing ads on content that is not deemed viewable with the family or placing ads in places where illegal content is downloaded (like Torrentz).

Traffic Policies: This includes, but is not limited to:

  1. Clicks or impressions generated by publishers clicking their own live ads
  2. Repeated ad clicks or impressions generated by one or more users
  3. Publishers encouraging clicks on their ads (examples may include: any language encouraging users to click on ads, ad implementations that may cause a high volume of accidental clicks, etc.)
  4. Automated clicking tools or traffic sources, robots, or other deceptive software

Of course, most AdSense account holders will not try to inflate their metrics using the tactics listed above. But there are some nefarious business models lurking that may harm your site by indulging in ad fraud.

How to Know if You’ve Been Attacked? 

You have the option of using paid tools like IAS or Moat, which work by placing a wrapper around the ad unit and pinging its network of sites list where inventory is already classified as safe/malicious. Most of these tools are quite costly and outside the reach of what small and mid-size publishers can afford.

Thankfully, fraud detection in Google Analytics can help you verify if there is something fishy going on with your site. These ad frauds include but are not limited to Domain Spoofing, Cookie Stuffing, Ad Injection, and click farms. You can read more about these types of frauds in detail here.

Detecting Invalid Traffic and Ad Fraud

Given that Google Analytics is a free tool, there are certain trade-offs you’ll have to make here. You’ll never be able to be 100% accurate in detecting all ad fraud and come up with an exhaustive list of sources that are causing fraud but you can get really close. There are a lot of directional indicators in GA that can point to fraud on your site. A couple of these are:

Indicator #1: Bounce rate is 100% 

In analytics, a bounce is calculated specifically as a session that triggers only a single request to the Analytics server, such as when a user opens a single page on your site and then exits without triggering any other requests to the server during that session. There is very little chance that none of your visitors are going to the second page after visiting the first page. If your bounce rate is close to 100%, it’s an indication that most of your traffic is bot/invalid traffic.

Indicator #2: Average Session Duration close is 0 seconds

The average session duration is the total duration of all sessions (in seconds) divided by the number of sessions. Mathematically, the average can be zero only if all your visitors are on the site for less than a single second, which is highly unlikely. This scenario again, like the one above is an indication of bot traffic.

Sample GA Account with Session Duration and Bounce rate highlighted

To detect ad fraud in Google Analytics, you can access both these metrics under the Audience subsection of Google Analytics. 

Here is how you can get there:

  1. Log in GA
  2. Go to the Audience section
  3. Click the Overview section
  4. You’ll find both your average bounce rate and average session duration listed there

Now that you know that your site has bot traffic, how can you find out who is responsible and block the traffic source?

Filtering Suspicious Traffic Sources

You can apply a complex filter to figure out the IP address sending this bot traffic to your site so the source of ad fraud can be clear.

Spotting the source of bot traffic
  1. Log into GA.
  2. Go to Acquisition > All Traffic
  3. Select the Channels subsection
  4. Use Network Domain as a secondary filter. This will also give you the network ID connected to each domain

You will then begin to notice a trend of what website/ network domain sends you traffic that has 0 session duration with an average time on page <1 second. It is best to filter out this bot traffic by setting up a traffic filter.

Next, you have to filter out the network ID of the spurious traffic source. This can be set up via Filters in Google Analytics.

Setting a filter in GA to block fraudulent network ID
  1. Go to the Admin section.
  2. Click View > Filters
  3. Go to Create New Filter
  4. Enter the ID of the suspicious network
  5. Click Save

Given ad fraud detection in Google Analytics is fairly easy, more and more publishers should make use of this to publically call out IPs that are doing damage for the greater good of the publishing ecosystem.

3 Comments

  1. This is very helpful and will help me fight fraud from today. One of the problems must advertisers and publishers have been faced within the industry. An understanding of how to detect fraud and prevent potential fraud is well laid out here. Have not seen a detailed post about this topic before till today.

    Thanks for taking the time to educate us.

  2. Brian Rodriguez Reply

    Thank you for this. The “blocking” of bot traffic is only filtering it in reporting. There is no site blocking of this traffic, correct?

    • Shubham Grover Reply

      That is correct Brian. Once the filtering is in place, the Google Analytics interface will just filter out (and not block) the traffic coming in from a certain IP address. You’ll have to make use of more sophisticated tools to block those IP’s.

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.