Google has stepped up its efforts to address an emerging type of online advertising fraud called “clickjacking” by rolling out various new defences.
Google revealed that its engineering and operations teams had recently identified the new threat to cost-per-click display ads and are working diligently to minimise its impact and protect advertisers. Clickjacking is a new form of web attack that changes the appearance of a website so users click through to a new page when they try to access content such as a menu item or play button.
Hackers do this by placing a transparent overlay on the web page so that it looks normal, and victims don’t realise they are taking an important action. Clickjacked pages are often used to enable click fraud on these invisible ads, boost likes and social sharing on Facebook and Twitter and trigger one-click orders on e-commerce sites.
Google will now remove any fraudulent traffic from these ad placements from upcoming payment reports when it detects their usage in the Display Network. This is to ensure that advertisers are not charged for any of the clicks made. Google is also removing publishers using the tactic and has recently added a new filter that excludes clickjacked page traffic on desktop and mobile.
In a blog post published yesterday, Google said: “Our Clickjacking defences operate at considerable scale, analysing display ad placements across mobile and desktop platforms, evaluating a variety of characteristics.” “When our system detects a Clickjacking attempt, we zero-in on the traffic attributed to that placement, and remove it from upcoming payment reports to ensure that advertisers are not charged for those clicks.”
Google added that its moves to terminate accounts and build a new filter to protect against the threat had “delivered a one-two punch to publishers who violated our policies” and that it would continue to be vigilant and fight against new types of ad fraud.
Clickjacking, which is also known by more technical names such as UI redressing and User Interface redress attack, is rising in popularity on mobile, with security company Skycure recently revealing that millions of Android devices could be in danger of the malicious malware technique.