With attention-grabbing figures like “$25 billion lost to click fraud each year”, you’d think that click fraud is clearly an illegal practice. The facts around whether ad fraud or click fraud is illegal are a little murky.
Yes, there have been arrests and court cases around the defrauding of online advertisers. And, yes, the PPC platforms are doing their best to close those loopholes that continue to allow PPC fraud to proliferate.
But can you really go to jail or be sued for click fraud?
Ad fraud vs. click fraud
Despite ad fraud and click fraud being part of the same family, they’re actually not mutually interchangeable. It helps to understand what these terms mean and how they relate to you, the advertiser.
Click fraud is any form of ‘invalid click’ (as the PPC platforms refer to these clicks) that has a malicious intention. This can be from your rivals looking to deplete your advertising budget. Or it might be an automated traffic source clicking on your paid links – for example, bots.
Competitor click fraud is probably one of the best examples of click fraud. This might also be one example where you might consider taking legal action.
Ad fraud tends to be run by more sophisticated operators, usually managing click fraud processes on a wholesale scale. This tends to include using huge ad clicker botnets, spreading malware, and using complex programming software to spoof websites to divert your marketing budget to their own pocket.
Invalid traffic is what the PPC ad platforms refer to when talking about any non-genuine click on your paid ads. This includes everything from organised fraud to genuine accidents such as finger slips.
The legal side
As mentioned, the laws around the legality of click fraud (or otherwise) are a little murky. Generally, although most countries don’t have specific laws against click fraud, they tend to have laws covering cybersecurity or ‘information technology.’
In conjunction with existing fraud laws, most court cases against click fraud focus on aspects such as wire fraud, data theft, deception, and money laundering.
China, for example, has the Anti-Unfair Competition Law, which is supposed to tackle issues such as stealing trade secrets and bribery. However, the ‘unfair advantage’ wording can also include fake clicks on paid ads, i.e., click fraud or ad fraud.
The European Union is one of the planet’s most progressive territories when it comes to digital rights. The GDPR was one of the first pieces of legislation to give internet users rights over their data. So surely click fraud and ad fraud will have some laws against them here?
In fact, the European Union does have some of the strictest anti-fraud laws in the world. At a federal level, there is solid anti-fraud protection from OLAF, the anti-fraud office.
However, individual states also do make some aspects of click fraud illegal.
Germany: German Cybersecurity laws do cover owning or operating software with the intention of committing ‘computer fraud.’ This covers a broad area, such as hacking, phishing, and data theft. There is no specific law against click fraud, but German fraud laws could be applied to their cybersecurity legislation.
India: The Information Technology Act 2000 (IT Act) covers many facets of click fraud. However, the most relevant law would be the Indian Penal Code (Section 420) which covers most practices related to fraud. There is no specific law against click fraud or ad fraud.
USA: The US has some of the strictest anti-click fraud laws. The Computer Fraud and Abuse was set up to cover mostly national security and personal data but has been amended numerous times. Almost all successful click fraud lawsuits have been prosecuted on US soil.
Depending on where you are, click fraud may not be illegal in and of itself. But you can likely find a way to prosecute. If you can get proof…
Click fraud lawsuits
There have been several high-profile cases around the world. These are some of the best examples of click fraud and ad fraud lawsuits, with wildly differing results.
An Italian national, Fabio Gasperini, was extradited to the USA in June 2016 to face charges related to operating an ad fraud botnet. He was alleged to have made millions by using a network of more than 150,000 computers to defraud advertisers, among other practices.
The Fabio Gasperini click fraud case was the first brought before American courts. The defendant was eventually acquitted of all felony charges and charged only with a misdemeanour, for which he served a one-year sentence and was fined $100,000.
Microsoft vs. Lam
Back in 2008, Microsoft was made aware of suspicious activity on ads on its platform for auto insurance. Looking deeper into it, they also noticed that keywords for World of Warcraft were following a similar pattern.
A complex pattern emerged whereby the defendants, Eric, Gordon, and Melanie Lam, were depleting the budgets of auto insurance companies to boost the click-through rates on their own auto insurance ads. They then sold the details of leads to low-level insurance companies.
Microsoft sued the Lams of Vancouver, BC, for $750,000.
Dubbed the ‘click fraud kingpin,’ Tsastsin operated a group of publishing companies that ran digital advertising on behalf of many agencies. By using malware, Tsastsin and his gang made over $14 million by infecting over 4 million computers and directing traffic to their websites and adverts.
An Estonian national, Vladimir Tsastsin, and six other men were charged in the US with wire fraud and computer intrusion over a ten-year period.
Facebook vs LionMobi & JediMobi
In late 2019, Facebook sued two software developers based in Singapore and Hong Kong for click-injection fraud. This practice used malware that was installed on Android devices to click on Facebook ads embedded in the apps.
LionMobi and JediMobi were both accused of running the fraud by Facebook, although the developers maintained that it was the software development kits (SDKs) distributed by them which was used for the fraud.
Pressing charges against click fraudsters
Although there is often a strong legal case against anyone committing fraud on your paid links, the difficulty lies in finding concrete proof.
Many of the cases listed above included investigations with the FBI or security companies to uncover what is often a very complex situation.
We recently looked at a case of competitor click fraud on this blog which involved cooperation between business rivals in uncovering one company’s fraud operation. Although this did put a pin in this particular click fraud case, the actual proof to prosecute the guilty party would have been very hard to find.
White-collar click fraud, that is, small-medium businesses clicking each other’s ads with malice, is hard to prove, even if it is illegal.
Protecting yourself against (and getting proof of) click fraud
So even if you can prove that there has been fraudulent activity on your pay per click (PPC) ads, proving who did it is a whole other ball game.
The best thing to do is to ensure your PPC ads are protected. This way, you don’t have to worry about it.
ClickCease offers industry-leading click fraud protection software, so you don’t need to worry about competitors, botnet operators, or (potentially) giant robots* stealing your marketing budget.
And, perhaps best of all, you can use ClickCease’s free trial to find out if you’ve been click frauded.
Spoiler alert; you probably are, as around 90% of all PPC ad campaigns are hit by fraudulent traffic.
(*not proven to protect against giant robots)