It's not "fat thumb" it's "click-jacking" as detected by FouAnalytics

It's not "fat thumb" it's "click-jacking" as detected by FouAnalytics

A lot of people still pass off high click through rates on their ads as due to accidental "fat thumb" clicks. It's fine it you want to keep your head buried in the sand, but other advertisers using FouAnalytics to measure their ads can see entirely falsified clicks. These are either faked by bots or hijacked clicks or "click-jacking."


Fake clicks -- what bot clicks look like in FouAnalytics

Fake clicks are the ones generated by bots, not by humans. Here's an example of what that looks like. Large circles in the click tab in FouAnalytics means repeated clicks on the same x,y coordinate (same pixel on screen). Left side shows the click chart, right side shows the raw data. Dozens of clicks on the same x,y pixel. Humans can't physically do this.

click chart in FouAnalytics

Similarly, humans can't click something without touching the screen on their smartphone. In the following example, we see 485 clicks on a smartphone screen resolution of 320x568, but no touch events (middle chart). On the right, you see most of the clicks are repeated at 25x25.

clicks by declared bots

We can even see bot clicks on consent banners. Bots give consent so they can get cookies and get targeted by more ads.

consent banner clicks by bots


Real clicks, but hijacked

Recently I have been writing about attribution fraud, where adtech vendors claim credit for sales that had already occurred or that would happen organically without any ads. They do this by taking advantage of how attribution is done -- using cookies to make it appear that they helped drive the sale or the conversion.

Typically, when a human user clicks an ad, the click is tracked, and the arrival of the user on the landing page is also tracked by setting a cookie. Then when that user eventually buys something, or does some desired action like install an app, the vendor gets credit for that "conversion event" because the cookie made it appear that they caused it.

The following is a perfect example of real clicks, but hijacked. These are native ads that span the width of the mobile screen. You will note that these are real clicks, not only from the color coding (blue in FouAnalytics) but also because there are corresponding touch events. But these clicks were in the upper right corner, where the [x] is to close the ad. The users were trying to close the ad, not click the ad, but that click on the [x] was hijacked and treated as a click through on the ad. This artificially inflates the click rate, and when the landing page is loaded the conversion tracking pixel is also loaded and a tracking cookie is set. This artificially inflates whatever conversion KPI the advertiser is using, whether sales, app installs, etc.

See the following post by Jon Norris which shows how swipes in a video game are hijacked as clicks on ads.

With FouAnalytics measuring the landing pages of clicks, we see a LOT of this going on. For example, when we see strange mobile apps (usually casual game apps) loading the landing page that we are measuring, we know these apps are faking the clicks (by deliberately loading the landing page) or hijacking the clicks (by click-jacking a real user click meant to do something else).


So what?

If you see too-good-to-be-true click rates on your campaigns, you may want to look into it more closely. Your legacy fraud verification vendor can't show you the data above because they simply don't have these features. If you want to scrutinize the clicks you are getting in your digital campaigns more closely with FouAnalytics, so you can "see Fou yourself" which clicks are falsified and which clicks are hijacked, message me. You will recall the following charts from previous articles. The clicks in green are mostly in the upper right corner. The user was trying to click the [x] to close the ad, not click the ad. These should not be counted as "success" in the campaign. Whereas the clicks in blue further below are spread out across the face of the 300x250 ad unit. These are clicks on the ads that should be counted. And the other supporting data "clicked" shows the click tracking url -- adclick.g.doubleclick.net. These are the clicks that should be counted. And note they are dark blue (humans) too.


Happy Saturday Y'all


Vi Wickam

Managing Partner at Wizard of Ads Online

5d

It's kind of amazing how some of the games have managed to intentionally cause you to "click" on the ad when you are trying to close it. ;)

Like
Reply
Michael M. M.

Ad-Fraud Investigator & Media Expert, member of Digital Forensic Research Lab cohort "Digital Sherlocks" - Adding some fun when asking unexpected questions you were not prepared to hear

1w

Fat thumb… could be me.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics