Posted by Tim Cranton
Associate General Counsel, Microsoft Digital Crimes Unit
Online advertising fuels much of the Internet activity we enjoy today, enabling free services and unprecedented content flows. For this marketplace to continue enabling rich online experiences, it needs to be based on a trusted platform. Advertisers need to have confidence they are getting what they pay for.
Unfortunately, deceitful online activity known as ‘click fraud’ undermines the integrity of the online advertising market, skewing the platform decidedly against advertisers. For this reason, Microsoft’s Digital Crimes Unit has been working with Microsoft Advertising and others in the online advertising space to identify and address fraud as it evolves. Towards that end, Microsoft this week filed two federal lawsuits against perpetrators of what we believe to be a new and complex form of click fraud that we refer to as “click laundering.”
Click fraud typically occurs when a person or computer program imitates a legitimate Web surfer and clicks on an online ad for the purpose of generating a fraudulent “charge-per-click,” without having any interest in the target of the ad’s link.
Click laundering is a technically-advanced form of click fraud designed to circumvent fraud detection systems by hiding the origins of fraudulent clicks – “laundering” them through apparently legitimate intermediaries.
One form of click laundering involves computers infected with malicious software that delivers rogue search results. Without the user’s knowledge, the infected computer mimics a legitimate search engine, but returns search results adulterated with useless parked domains – i.e., Web addresses that appear to be relevant search results, but contain no meaningful content. The unwitting user opens one of the parked domains, clicks a link or two, realizes it’s not what he or she is looking for and closes the window. What seems like a harmless digital dead end is, in fact, a laundered ad click that appears legitimate to an ad platform provider such as Microsoft but offers no value to the advertiser who would be charged for it.
Some of these parked domains include invisible “iframes” that hide the software code that causes an advertisement to appear on a site. Consequently, a Web surfer can visit an ad without even knowing it. Technology can further disguise the origin of laundered clicks to make it appear that a user deliberately visited certain ads. Just like money laundering, in which the origins of ill-gotten gains are disguised as legitimate income, clicks from automated programs or virus-ridden computers are dressed up as real clicks by real customers, i.e., clicks that advertisers pay for.
Microsoft and other ad platform providers invest in techniques and tools to identify click fraud when it occurs, but the complexity of click laundering can make it difficult to detect. But as alleged in the complaints we filed this week, had the click laundering in these cases gone undetected, the perpetrators could have defrauded advertisers of hundreds of thousands of dollars. The lawsuits filed this week aim to help protect our ad platform, to promote the integrity of online advertising for the benefit of legitimate advertisers, to stop the fraudulent behavior and to recover the damages caused by click laundering.
At Microsoft, we take fraud very seriously and we will continue to invest in technology, processes and – when necessary – legal action to help ensure that Microsoft Advertising and adCenter remain a trusted platform for advertisers.