In mobile marketing, click farms are deeply related to ad fraud. They are illegitimate resources intended to perform malicious marketing activities. In today’s data-centric world where everything is quantified and evaluated based on rankings and numbers, businesses exploit click farms because it helps them attain metric goals within a short amount of time. It can be used by the business itself or its competitors, which can either inflate brand engagement numbers or drain marketing budgets due to competitors’ fraud attacks.
Click farms are facilities storing hundreds of devices that generate clicks and activities to perform a desired action. Click farm operators employ cheap manual labor or a pre-programmed system to assign the task of clicking over and over again on a device to repeatedly perform an action. It can be used for a variety of purposes, from constantly interacting with an ad to collect the payout, to continuously installing an app to raise app store rankings.
With the stacks of devices in use, click farms assign predetermined tasks to real human workers or an automated script, whichever method they employ. To hide their fraudulent activities, click farms use virtual private networks (VPNs) to change IP addresses, proxy servers to change location settings, or reset Device IDs every time they perform a new install. This way, fraudsters can avoid being caught as click spamming, and it becomes harder to detect fraudulent activity among other pieces of real data.
Click farms can also switch between profiles to match the target segment of the ad they are engaging with. For instance, a click farm can create a new profile of a woman in their 10-20s interested in haircare if the ad they are interacting with is about women’s shampoo. Using these profiles, they can generate search traffic on specific keywords and artificially segment ads.
Although various fraud detection measures have been put in place, click farms are constantly evolving with algorithm and software updates, and they continue to find new ways to beat the system.
Despite the list of evidence displaying the illegitimacy of click farms, they are surprisingly not illegal and are continued to be used by many businesses around the world. They are also extremely difficult and require a manual procedure to detect since click farms are able to mimic real-user activities.
In order to detect click farming and prevent its aftermath, marketers generally use telemetry data such as IP addresses, phone models, browser or software versions, and network speeds. If there are an abnormal number of identical network speeds recorded, this is most likely a click-farming attack, and marketers can compare this with other telemetry data to validate the fraudulent behavior.
While this can be a starting point, using this technique can be very time-consuming and laborious, and marketers should be able to find a solution that best fits their business model.