Blog

    What are click bots?

    Last updated: October 11, 2024

    The rise of click bots has made it harder to trust open and click data — or conduct marketing activities securely. 

    Bots made up 42.2% of Internet activity in 2021, making it more difficult for marketers and publishers to analyze their campaigns, create actionable audience segments, or accurately report ROI to their advertisers. 

    This has major costs for businesses: A study by the University of Baltimore estimated that bot-driven ad fraud cost companies more than $35 billion in 2020 alone. So publishers and marketers need to understand click fraud, identify the signs of click fraud, and how to minimize the impact of click fraud on their marketing efforts. 

    Stay ahead and read our Q3 2024 email engagement report to uncover trends & best practices for success:

    What is click fraud? 

    Basically, click fraud takes place when a click bot clicks a link within an email or website and “pretends” to access the promoted webpage, ad or app. This tricks the sender into thinking that someone is genuinely interacting with their business when that’s not the case. 

    Keep in mind: not all click bots are bad. Many of the fake clicks registered in email reports come from authentic security products, which organizations use to prevent spam and fraud among their systems and employees. 

    However, some click fraud is maliciously motivated. For instance, a website owner might drive fraudulent clicks of the pay-per-click ads displayed on their own site. Or someone might create fake websites and apps for the purpose of selling ads to real companies, who believe they’re paying for exposure on a legitimate platform. 

    What is the cost of click fraud? How much does click fraud cost companies? 

    Per our research, up to 65 percent of click bots can go undetected. This takes a serious toll on not just on your analytics, but your overall marketing activities, cybersecurity and reputation. Some of the most harmful effects include: 

    • Distorted marketing data: Click fraud inflates open, click and click-through rates, which left unnoticed can incentivize teams to stick with unsuccessful campaigns. 
    • Worse deliverability: Click bots can add thousands of real email addresses to a company’s email list in seconds, which can harm the company’s standing with ISPs and, in turn, its deliverability. 
    • Undermined advertising effortsClick fraud makes paid advertising less effective. This takes place when a competitor clicks on a company’s display ads via a bot farm, making the ad placement more experience, or when a bad actor sells ad space on “ghost websites” that are only visited by bots.
    • Misleading or fake leads: Click bots also spam lead and contact forms with false information, sometimes with the contact information of real people.
    • Altered marketing automation campaigns: Excessive clicks on emails can disrupt trigger-based activations and throw off A/B test results. 
    Chart, line chart Description automatically generated

    How can I tell if my website is being targeted by click bots? 

    The sooner you spot unusual activity on your website, the more quickly you can stop click bots in their tracks. Watch out for deviations from the norm that can’t be attributed to a new promotion, content piece or development, as any unexplained increases in traffic usually stem from click bots. This includes: 

    • Abnormally high pageviews: This is the first place to look, since click bots can click through pages much more quickly than any human. Look at traffic spikes occurring over a very short period of time. 
    • Abnormally high bounce rates: Bounces refer to users who visit one page, then immediately click out of the site. An unexpected bump in bounce rates suggests that click bots are being directed at a single page. 
    • Surges in traffic from unexpected locations: Click bot attacks tend to originate from a single location, often in other countries, so look out for a rush of visitors from far-flung locations. 
    • Fake conversions: Form submissions from fake-looking email addresses or domains are another sign that click bots are clicking through your website. 
    • Surprisingly high or low time on site: Most people, regardless of their interest level, won’t spend four hours or .0004 seconds on a single page. Any session duration that doesn’t reflect real human behavior is a symptom of click bot activity. 

    How can I tell if my emails are being targeted by click bots?  

    Fortunately, many Email Service Providers (ESPs) and advertisers have implemented rules that identify and negate suspicious clicks. 

    Some (including Omeda!) automatically remove them from all email and website traffic reports, then compile data about click bots into a separate report. This way, users can see where fake clicks are coming from, block the sending address, and better evaluate their email marketing success.  

    So what’s considered a suspicious click? While there’s no silver bullet for spotting and removing bots, here are some of the indicators we look for at Omeda

    ClickBot_WhatWeRemove_Chart

    How can I prevent bots from accessing my website? 

    Now that you’ve learned how to spot signs of click fraud, you’re probably wondering how to keep them off your website entirely. You can’t keep every click bot at bay, but through basic security measures, you can limit your website’s exposure to click fraud. Some steps include:

    • Closely monitor your API connections: If you use API connections to share data to and from your website, they could be vulnerable to click bot attacks. Make sure you’re always using the most recent version of your API and remove outdated connections from your site. 
    • Investigate traffic sources and watch out for traffic spikes: As mentioned, irregular traffic surges, especially from unexpected locations, are a strong indicator of click bot activity. Regularly monitor your website traffic so you can spot potential click bot attacks and block any offending IP addresses. 
    • Block old Internet browser: TechRepublic recommends requiring visitors to use the latest version of their Internet browsers, as click bots often use outdated browsers to skirt security protocols. 
    • Pay attention to data breaches: Finally, stay tuned to news about data breaches, as they often lead to a spike in click bot activity and click fraud. 

    How can I prevent bots from accessing my emails? 

    Since there’s no single source of click bots, there’s no single way to stop them from accessing your emails. (And that’s fine — some click bot activity is normal and even expected.) But by adding layers of security to your subscription forms and website, you can lower their impact on your email marketing metrics. Here’s where to start: 

    • Use CAPTCHA on your subscription forms: If you’ve ever needed to select the three buses from a selection of nine pictures before submitting a form, you’ve seen CAPTCHA in action. This is essentially a test that proves that form submissions are coming from human beings, and not a click bot. 
    • Add a hidden field or stealth link to your form: This is essentially a hidden registration field that is only visible to bots. So when you review your new email subscription reports, you can easily identify which new entries entered the value for that form, identify them as click bots, and remove them from your list. Implement this by using HTML to add the extra field to your form, then style it out of the regular audience’s view with CSS. Stealth links work the same way, except that offending bots will click a link that’s not visible to human users.
    • Clean your lists regularly: Email addresses signed up during a click bot attack will not open or click your message. This lowers the percentage of engaged users in your subscriber list, and increases the risk that you’ll experience deliverability issues. So if a recipient hasn’t engaged with your emails in the past six months, remove them from your list. (Good hygiene is the key to any healthy list.) 
    • Know your audience: If you own a local media site, it’d be unusual to have a sudden influx of email subscribers originating from foreign IP addresses. So if that occurs, chances are that they’re bots — and you can delete them from your list. To mitigate click fraud, compare new subscribers against the demographics of your known audience and look out for any irregularities. 

    (Note: Omeda’s Audience Search function compiles demographic and behavioral data from every known IP address that has interacted with your website, email or ads into one database, allowing you to easily identify and isolate members of key demographics within your audience set.) (style as a callout)

    Want to build an email engine that grows your business? Omeda’s end-to-end email marketing solution empowers you to build, automate and evaluate mass email marketing campaigns, then connect your data back to an integrated marketing database engine. Reach out to us at sales@omeda.com to schedule a demo and get started today!

     

     

    Subscribe to our newsletter

    Sign up to get our latest articles sent directly to your inbox.

    What you should do now

    1. Schedule a Demo to see how Omeda can help your team.
    2. Read more Marketing Technology articles in our blog.
    3. If you know someone who’d enjoy this article, share it with them via Facebook, Twitter, LinkedIn, or email.