A massively large click fraud ring called DormRing1 was detected and shut down. The culprits were located in Singapore and China. The Chinese connection used over 1000 college students operating out of Shanghai Technology Institute and other Chinese technical colleges to scam advertisers for fraudulent click charges in pay-per-click advertising campaigns.
There are several types of click fraud. One way that click fraud occurs is when either someone repeatedly clicks on a pay-per-click ad with the intention of running up the click charges for an advertiser. This type of click fraud is usually committed by a competitor.
A second type of click fraud occurs when scam web sites are set up by perpetrators who join advertising networks and display ads for which they will receive a percentage of the click fees charged to an advertiser. While this is completely legitimate if random users click on the ads for which they are interested. It becomes a criminal act of fraud when the site owners or a group of partners click on the ads for the sole purpose of generating income for the site owner. This is the type of click fraud that DormRing1 was engaged in.
While attempted click fraud is believed to be a common occurrence, nothing of this scale has ever been detected. A click fraud detection company called Anchor Intelligence in California is credited with detecting their activities and working with the FBI and other agencies to shut them down.
This was a very sophisticated operation utilizing over 1000 students recruited through Chinese social networking sites. Most click fraud is prevented by advertising networks by monitoring the IP address and other identifying characteristics of a user clicking on an ad. All of the major advertising networks claim to have fraud detection systems in place and do not charge advertisers for any fraudulent charges that they detect. However, DormRing1 used a large network of over 200,000 compromised IP addresses in an attempt to circumvent click fraud detection activities. The IP addresses were probably run through a proxy system that made each click appear to come from a user in a different geographic location. In other words, even though the fraud ring was operating mostly out of China, a click could be made to appear as if the user is located in the USA or Germany or Canada, etc.
While no specific advertising networks were mentioned, it can logically be assumed that advertisers at several of the major networks were victimized. From the reports that we have seen, no fraudulent click charges were paid out from the time the ring was detected, but no one knows how long the ring was operating.
There are multiple ad distribution networks in most advertising networks. Google, Yahoo and MSN each have a search network and a content network. Search network ads are displayed on company-operated search sites, such as a Google search page, or a Yahoo search page or Bing. The ads may also appear on the search pages of trusted search partners, such as Ask.com. The content networks consist of ads displayed on the sites of companies who joins the network, displays ads on their sites, and earn a commission or a percentage of the click charges each time a user clicks on an ad.
The type of fraud generated by DormRing1 cannot be committed on the search networks because there are no commissions paid to site owners. That means that ads displayed as part of the content networks are most susceptible to this type of click fraud. For many years we have recommended that our advertising clients opt out of the content networks to avoid fraudulent charges like those run up by DormRing1.
The most interesting part is that although the FBI was involved and the ring was successfully shut down, no one was arrested. This means that all of the perpetrators are still out there and presumably planing a better system that may be harder to detect. It also makes one wonder whether the Chinese government is truly interested in policing fraudulent activities occurring within their borders. This one brought in millions of dollars in ill-gotten rewards.