50% click fraud on Yandex.Market or how to detect click fraud using standard tools
You begin to seriously think about the problem of click fraud only when the discrepancy between the data of your own statistics by more than 30% disagrees with the data of the advertising system.
In our case, the last straw was the discrepancy of internal counters with Yandex.Market statistics by more than 50%. Are there really more than 50% of bots that are deducted from our balance?
We decided to check this by analyzing the data from our server logs, Yandex.Metrica and Google Analytics.
Let's start in order. So,
')
Clickfod (click fraud) is one of the types of online fraud, which is a fraudulent click on an advertising link by a person who is not interested in an advertisement. It can be performed using automated scripts or programs that simulate a user's click on Pay per click advertisements. (Tnx 2 wiki)
Many of us launch advertising campaigns, work with them for years and don’t even think about click frode. But at a certain point strange things start to happen:
In our case, that is exactly what happened!
We knew that there should be no problems with the availability of our server, everything worked like a clock. The Analytics - Metrics link used by us showed approximately the same data on each counter.
We were alarmed by the fact that the difference in our statistics and the statistics of each of the advertising systems was no more than 10-15%, and on the Market it periodically jumped out at 30% (what the Metric looked like) and at one point reached 50% .
During the reporting period, Yandex.Metrica and Google Analytics showed approximately the same number of entries from Market, but this number was much (more than 40%) different from Market statistics.
A few words about how we tracked ads:
All advertising links were marked with utm-tags, moreover, we could track both total clicks by category and clicks on specific products;
we watched a report on traffic sources in GA and the reports “Sources -> advertising systems” and “Sources -> Tags” in Metric.
By the way, we noticed the discrepancy in the Market itself in the Orders report (+1 in favor of the established Metric):
Obviously, the contents of this tablet with the reasons for the discrepancy described in it did not satisfy me, and I immediately began to understand. This problem did not occur for the first time, and as soon as we noticed it, we immediately checked the settings and accessibility of the site.
In order to understand if these clicks really were, we decided to analyze the server logs .
Analysis of the logs showed that the actual number of server requests with the correct referrer was almost equal to clicks on Market statistics (less than 1% of the difference).
That is, there are clicks, but there are no users!
We began to analyze more deeply, and we immediately caught one strange fact. There were a lot of similar requests with the same system data, the same browsers and screen resolutions . At the same time, a certain logic of clicks was traced, the same product pages were pressed. Moreover, the user browser was suspicious.
I was also surprised by the fact that all IP belonged to regional cellular operators :
In the next step, we looked at whether our meters see transitions from these IPs .
And they hit the target - the meters recorded very few transitions from the IP of mobile operators . Moreover, having eliminated live users with the help of WebVizor in the Metrics, we just got the missing number of “lost” clicks from Market.
WebVisor still recorded some visits to the "bots":
It is obvious that such visitors are not interested in shopping on our site;)
Let's sum up . We have:
FINDINGS:
Is it really impossible to cut off such an easy way to cheat? Or is it not interesting to anyone?
To date, click fraud eats a huge part of the budgets of advertisers. But to prove it, or even more so to get your money back, is extremely difficult. At the moment, in our situation, Yandex.Market promised to sort it out, but we decided to get ahead of it and figured it out ourselves. We'll see if we can get something back.
I hope our experience will help you too;)
In our case, the last straw was the discrepancy of internal counters with Yandex.Market statistics by more than 50%. Are there really more than 50% of bots that are deducted from our balance?
We decided to check this by analyzing the data from our server logs, Yandex.Metrica and Google Analytics.
Let's start in order. So,
')
Clickfod (click fraud) is one of the types of online fraud, which is a fraudulent click on an advertising link by a person who is not interested in an advertisement. It can be performed using automated scripts or programs that simulate a user's click on Pay per click advertisements. (Tnx 2 wiki)
How to detect click fraud?
Many of us launch advertising campaigns, work with them for years and don’t even think about click frode. But at a certain point strange things start to happen:
- traffic increases, but conversion does not change
- statistics of the advertising system begins to differ sharply from the readings of its own counters
- there are some strange patterns in the click statistics of advertising systems
In our case, that is exactly what happened!
We knew that there should be no problems with the availability of our server, everything worked like a clock. The Analytics - Metrics link used by us showed approximately the same data on each counter.
We were alarmed by the fact that the difference in our statistics and the statistics of each of the advertising systems was no more than 10-15%, and on the Market it periodically jumped out at 30% (what the Metric looked like) and at one point reached 50% .
During the reporting period, Yandex.Metrica and Google Analytics showed approximately the same number of entries from Market, but this number was much (more than 40%) different from Market statistics.
A few words about how we tracked ads:
All advertising links were marked with utm-tags, moreover, we could track both total clicks by category and clicks on specific products;
we watched a report on traffic sources in GA and the reports “Sources -> advertising systems” and “Sources -> Tags” in Metric.
By the way, we noticed the discrepancy in the Market itself in the Orders report (+1 in favor of the established Metric):
Obviously, the contents of this tablet with the reasons for the discrepancy described in it did not satisfy me, and I immediately began to understand. This problem did not occur for the first time, and as soon as we noticed it, we immediately checked the settings and accessibility of the site.
In order to understand if these clicks really were, we decided to analyze the server logs .
Analysis of the logs showed that the actual number of server requests with the correct referrer was almost equal to clicks on Market statistics (less than 1% of the difference).
That is, there are clicks, but there are no users!
We began to analyze more deeply, and we immediately caught one strange fact. There were a lot of similar requests with the same system data, the same browsers and screen resolutions . At the same time, a certain logic of clicks was traced, the same product pages were pressed. Moreover, the user browser was suspicious.
I was also surprised by the fact that all IP belonged to regional cellular operators :
In the next step, we looked at whether our meters see transitions from these IPs .
And they hit the target - the meters recorded very few transitions from the IP of mobile operators . Moreover, having eliminated live users with the help of WebVizor in the Metrics, we just got the missing number of “lost” clicks from Market.
WebVisor still recorded some visits to the "bots":
It is obvious that such visitors are not interested in shopping on our site;)
So what are these clicks?
Let's sum up . We have:
- Clicks from the IP of mobile operators, suitable for the region (by the way, the mobile Internet is good because it constantly gives different IP)
- they are all made on devices that give the server the same parameters (browser, permissions, system)
- these are clicks that are not recorded by counters and do not run scripts
- similar action scenarios are traced (pages, delays in requests, number of requests)
FINDINGS:
- There is a typical click fraud!
- In fact, such a system is very easy to organize, having several mobile devices.
There is a question for Yandex.Market?
Is it really impossible to cut off such an easy way to cheat? Or is it not interesting to anyone?
Outro
To date, click fraud eats a huge part of the budgets of advertisers. But to prove it, or even more so to get your money back, is extremely difficult. At the moment, in our situation, Yandex.Market promised to sort it out, but we decided to get ahead of it and figured it out ourselves. We'll see if we can get something back.
I hope our experience will help you too;)
Source: https://habr.com/ru/post/118481/
All Articles