The difference in behavior between clicks arriving directly from the traffic seller, and the behavior after an ad click is striking, and fits with the observation that the screen clicking behavior of these bots when received directly from the seller indicates the bots’ expectation that it is landing on a publisher page with ads.
Comparing Human and Robotic Behavior on PureCaptcha
When examining suspected sophisticated Bot behavior it is necessary to study the post Click behavior. The following three charts compare the distribution of user actions on the PureCaptcha in different forms of online advertising with the behavior of the purchased traffic source in isolation. Click data presented here has been filtered to remove self-identifying bots, duplicates, and other un-billed traffic. Resolved clicks, shown in blue, remained on the ad landing page for at least 3 seconds. Unresolved clicks disappeared sooner.
User Behavior Categories:
Enter: A confirmed human visitor who successfully navigated the PureCaptcha
Return: A mobile specific human interaction indicating a mis-click.
Back: Page exited via the back button
Closed: Page existed via an unload event (window/tab closed)
Received: Time on page recorded but click vanished with no exit action
None: Initial HTTP request received but no further interaction
Google Search “PureClick’s Gold Standard” — No Partners (no revenue share)
PureClick has tested most major networks including Facebook, Yahoo, Apple iAd, AOL, and Google. Google Search without partners is considered by PureClick to be the “gold standard” of human traffic, based on our measurement of quality and the simple fact that there is no way Google would populate its own home page with bot traffic to make revenue, as seen in this chart:
Note: there is no revenue share component with publishers in Search with No Partners in the graph below.
In comparison, here is the behavioral breakdown for the purchased traffic of this test, which is 100% Botnet traffic:
US-Only Targeted Display (Ad Network & revenue share with publishers)
The comparison between Google Search and purchased traffic is stark, and provides a background against which to consider the meaning of the breakdown seen in US-Only targeted display campaigns on a major network, where, unlike Google Search, there is a revenue sharing component with publishers, who are incentivized to use purchased traffic to augment their revenue.
Increasing Sophistication of Botnets
During the period of this test we’ve observed an increase in the variety of bot types, identified by their behavior, as well as an increase in the sophistication of that behavior. Newer bot traffic demonstrates more sophisticated patterns of clicking, more realistic user behavior, and in some cases a wider range of user agents. This traffic supplier in particular is attempting to branch out into mobile traffic.
The evidence we’ve collected suggests that the problem of fraud in these sources of cheap traffic is getting worse. As partners of preferred network partners, publishers may trust these companies as sources of legitimate traffic, and without careful scrutiny, Botnets like those in this test easily hide in the messy data of PPC click traffic and remain largely undetected by major networks without post click analysis.
Distinguishing Human and Non-human Traffic from Botnet Hosts
Another well known issue in industry efforts to combat click fraud is the problem of distinguishing between human clicks from a malware-infected host and clicks from the same host which are generated by the malware.
As the sophistication of non-human traffic propagated by traffic sellers increases, a perfectly-branded PureCaptcha interaction before the visitor hits a brands landing pages, may be the only reliable way to distinguish a human click with intent from a robotic one when both originate from an infected host.