There are various types of click fraud in online advertising. One form involves competitors clicking on your Pay Per Click ads. They do this to waste your budget on worthless clicks, discouraging you from continuing to advertise online. With typical per-click charges ranging from a few dollars to tens of dollars, it doesn’t take long to burn someone’s daily budget and take their ads off the air.
While both Google AdWords and Microsoft adCenter claim to refund charges for “suspicious” clicks, we have seen instances where consistent clicking by competitors has required manual requests for refunds. Both platforms allow IP address blocking of ads. Let’s review how this works to understand what can (and can’t) be accomplished with IP address blocking.
Every device browsing the web presents an IP address (for example 102.205.23.7) detectable by the site they are visiting. If you’re at home or work for a small company, your IP address is probably assigned dynamically (changes from time to time) by your Internet Service Provider (ISP). If you work for a medium to large company, your IP address might be a static (unchanging) IP that’s assigned to your company. If you’re on a network, your router assigns IP addresses to all internally connected devices. These “local” IPs typically begin with 192.168 and are generally not visible to the outside world. But all of these devices will present the same IP address to external sites.
A free and easy way to see what IP address you are presenting to the outside world is to visit the website www.whatismyip.com.
Not only does every user connected to the Internet have an IP address, but every website has an IP address as well. Some websites have a unique, dedicated IP address, but it’s also common to find multiple websites sharing one IP address because website hosting is typically cheaper with a shared IP address.
Larger companies are more likely to have one static IP address or an IP address range and host their own website. In this case, you can perform a reverse-lookup of the website to determine its IP address and then block this IP address in your AdWords or adCenter account. Once that’s done, if the people in that company present the same IP address as the website, then they will not see your ads. Of course, if they can’t see them, they can’t click on them.
Many companies do not host their own websites. For example, here at Market Vantage, we host our site with the WordPress hosting company WP Engine. Our site does have a dedicated IP address, 141.193.213.20. But if you block this IP address in your Google Ads account, we will still see your ads because our company uses a local ISP and we present a completely different IP address when we’re surfing the web or sending email. You would need to block our ISP-assigned IP address in Google Ads to block us from seeing your ads.
Unfortunately, while there are reverse lookup tools that can give you the IP address of a website, for example, http://www.networksolutions.com/whois/index.jsp, determining the network IP address of a company is not so easy. If you receive an email from a person within the company, you can find their IP address in the expanded header of their email. Their IP address is also readable by your webserver when they visit your site, including when they visit your site via an ad click. But anyone who takes their laptop to Starbucks or the public library will temporarily be assigned a completely different IP address.
While it would be nice to preemptively block all possible fraudulent clicks, we have found that the most effective way to use IP address blocking against unwanted clicks requires that you first detect repeated unwanted clicks. Most of your competitors probably won’t be engaging in this form of sabotage anyway, so blocking your ads from all of them is a waste of time. You need to block the repeat offenders. If you have the right tool, this is fairly easy to do.
Google Campaign Manager has a Click Tracker feature you can set up for free. You can also set up a paid web analytics tool like ClickGUARD that reports on individual visitors. Note that Google Analytics does not automatically do this and therefore is of little use in detecting fraudulent clicks from competitors. Once you’ve collected data from whichever service you choose, you can simply forward it to a Google or Microsoft account rep to request a refund.
Blocking fraudulent traffic yourself is easy enough once you know the source. Copy the offending IP address and paste it into the exclusion list on Google Ads, and you can sleep better knowing that your money will henceforth be going toward bringing prospects, not competitors, to your website.