Non-human interactions – or bot clicks – are responsible for almost half of all internet traffic – standing currently at 47.4 per cent. 

With the rise in the internet being at the heart of so many critical business functions, comes the rise of malicious bots deliberately programmed to act in bad faith. 

For the fourth year running, malicious bot traffic grew, rising to 30.2% of all non-human interactions – an increase of 2.5% over the 2021 figure* 

Another more concerning statistic showed the proportion of malicious bots classified as advanced or sophisticated, made up 51.2% of all bad bot traffic. Almost double the 2021 figure of 25.9%. 

What is a bot click? 

At its simplest, a bot click is when a script or software program using an auto bot commands information from a website link in the same way a human clicking on a link with their mouse would do.  

Many of them are harmless, they help us order food, they’re used in apps to support customer service, and a lot of them exist to help the internet to work as it should do. 

Google and other search engines use bots to crawl the web and index web pages for their search engines. 

But even good bots can cause issues. They can skew web analytics, making your key pages appear more popular than they actually are. 

In email campaigns or banner ads, it’s known as click fraud, where having too many non-human bot clicks can frequently mean you – or your client – is paying for traffic to a website which isn’t from real people and therefore aren’t potential customers for your goods or services. 

This can mean high volume traffic never actually converts into the sales funnel, lowering performance for adverts, leading to incorrect marketing analytics and influencing decision making based on inaccurate data. 

Half of online ads are never seen 

If you’re paying for online advertising, then bot clicks can be a real issue.  

Google revealed as far back as 2014 that more than half (56.1 per cent) of online display ad impressions were not seen by consumers. But the average publisher’s viewability at the time was 50.2%. 

That meant a small number of publishers were serving the majority of non-viewable impressions and dragging down the served impression viewability average by almost 6%. 

Interestingly, the Internet Advertising Bureau (IAB) standards for an ad to be “in-view” in a desktop/laptop environment are:  

• 50% of the ad unit in view for a minimum of 1 second for standard ad formats such as leaderboards and MPUs;  
• 30% of the ad unit in view for 1 sec for large canvas formats such as skyscrapers and takeovers;  
• 50% of the ad unit in view for 2 consecutive seconds for video ads. 

It’s not a long time is it for your ad to be considered viewed, especially when it might not be a human actually clicking on the page. 

Non-human click behaviour is a serious issue 

Malicious bots are constantly looking for ways to interact with applications or websites in the same way a legitimate human user would, but their purposes are quite different. 

They enable high-speed abuse, misuse and attacks on your website, mobile apps and APIs, leading to the bot operators being able to perform a variety of unsavoury acts including click fraud, competitive data mining, information scraping and more. 

The most common actions for malicious bots include: 

• Crawling web pages and stealing content; 
• Serving spam, scraping information, and generating fake ad impressions in online marketing campaigns; 
• Driving bad ad placements in fraudulent programmatic platforms; 
• Filling out forms with fake information to create bad leads; 
• Spamming your organisation’s contact or survey forms with bad messages—which can keep you from responding to genuine inquiries; 
• Gathering up-to-date information from websites to aid more convincing phishing & vishing campaigns; 
• Posting fraudulent reviews on websites to make products and services look better or worse than they actually are to potential customers. 

And there are financial implications if malicious bots get themselves into your data and websites.  

Cost of data breaches 

According to an IBM report – the Cost of Data Breaches – nearly half of consumers surveyed said they had stopped doing business with a company known to have experienced data loss through a cybercrime event. 

Reaching an all-time high, the cost of a data breach averaged $4.35 million in 2022, a rise of 2.6 per cent over the 2021 figure of $4.24m. Even the smallest breach may cost upwards of $200k to fix. 

Use of stolen or compromised credentials remains the most common cause of a data breach. Stolen or compromised credentials were the primary attack vector in 19% of breaches in the 2022 study. 

Source: https://www.ibm.com/reports/data-breach

How can you identify bot clicks? 

There are various different ways to try and identify non-human clicks, some are easier than others, many start with Google Analytics. 

Making sure you’re checking GA on a regular basis means it’s easier to spot irregularities which could be caused by bot clicks. 

Monitoring your average number of page views, average session time and sources for referrer traffic also make it simpler when spotting non-human interactions that aren’t following the same pattern. 

Veracity Trust Network’s Ad Fraud Prevention’s patented, AI-powered protection blocks fake traffic, increases conversions and produces data you can actually trust. 

It uses patented, AI-powered bot detection to protect your campaigns, budget and traffic data from fake activity and takes just minutes to set up, for free, before it begins defending your Google, Facebook, Instagram and Bing ads. 

Our patented, AI-powered Web Threat Protection technology detects Automated Bot Attacks and Supply Chain Attacks (OWASP class 7-10 and 12-13) accurately, quickly, and before they can cause you damage. 

Talk to us about how our Bot Protection Suite can help you beat the bot clicks: 

https://botprotect.veracitytrustnetwork.com/why-veracity

 

* Imperva 2023 Bad Bot Report 

24th Apr 2024