Google recently identified ‘Clickjacking’ as an emerging threat to cost-per-click display ads. This is a type of web attack where the appearance of a website is changed so that a victim does not realise they are clicking on one or more ads. For example, a user may intend to click on a video play button or menu item, but instead clicks an invisible ad unit. They reacted quickly by rolled out new defences to protect advertisers against this threat by using a combination of technology, operations, and policy.
Earlier this year when Google’s operations team identified Clickjacking activity on the display network, they moved swiftly to terminate accounts, removing entities involved in, or attempting to use, this technique to trick users. The engineering team worked in parallel to quickly release a filter to automatically exclude this type of invalid traffic across display ads.
This approach delivered a two-phase solution to publishers who violated Google’s policies: firstly, the operations team cleaned out publishers from the ad systems; secondly, engineers built a new filter as a durable defence to protect against Clickjacking traffic.
The combined Clickjacking defences operate at considerable scale, analysing display ad placements across mobile and desktop platforms, evaluating a variety of characteristics. When the system detects a Clickjacking attempt (or an normal ‘invalid click’), Google zeros-in on the traffic attributed to that placement, and removes it from upcoming payment reports to ensure that advertisers are not charged for those clicks.
Ad traffic quality has always been a priority to Google, which has consistently put in place sophisticated technology to detect and not charge for, or eradicate, ‘invalid clicks’. It’s swift to respond when such emerging threats appear and the combined defences work well to combat those.
If you want more information about how ‘invalid clicks’ and Clickjacking could impact your AdWords campaigns, please contact us now.