This Devious—And Mostly Legal—Ad Scam Is Bleeding Small Businesses Dry

Illustration for article titled This Devious—And Mostly Legal—Ad Scam Is Bleeding Small Businesses Dry
Photo: Michael Bocchieri (Getty Images)

For the past few months, a lot of folks—this reporter included—have watched their favorite local bookstores, pizza joints, and coffeeshops get systematically gutted by the economic tumult that came with the current pandemic. Back in April, academics predicted that this economic carnage would result in over 100,000 of these sorts of small businesses closing their doors for good, with an untold number of employees being added to the unemployed masses trying to find stability right now.


Of course, the biggest source of these economic woes can be traced back to people just not shopping around or dining out the same way they did in the before times. But new research is pointing to a little-discussed digital scam that’s draining thousands from these businesses when—I think it’s safe to say—that’s the last thing they could possibly need.

New research out today by the cybersecurity firm ClickCease found that these businesses are set to lose $15,000 dollars this year—or a little over $1,000 per month—from fake clicks on their online ads. And while we might associate any sort of fraud in the digital world, with, say, data-guzzling malware or straight-up spam, the firm found that for the most part, these dollar-draining clicks were coming straight from rivals of the businesses in question, looking to put their competitors out of a job. And in some cases, it’s working.

“It’s completely normal; it’s easy, it’s accessible,” Ilan Missulawin, ClickCease’s CMO, told Gizmodo. “In what other situation is it legal to drain money from someone with virtually no reason whatsoever?”

Granted, that legality is starting to be called into question. For more than a decade, we’ve seen cases of click fraud being thrown out of court, more or less, because the actual financial harm that comes with these sort of scams is, well, less clear-cut than robbery, even though it sounds like kind of the same thing. This spin finally (and thankfully) flipped earlier this year when a Delaware District judge ruled that these sorts of scams could be punished under the Computer Fraud and Abuse Act.

The way these schemes work is pretty simple: If you’re, say, a plumber, and you want to advertise your wares in Google search, generally that means you’re only forking over some cash to Google whenever someone who stumbles onto your ad actually clicks on it. For the most part, spaces with a lot of competition—and high-paying customers—have a higher cost per click, too. As Missulawin put it, “if you take a locksmith in Brooklyn, for instance, every click can easily be 20 bucks.”

And because that $20 comes out of their wallet regardless of who’s doing the clicking—and the whole legal murkiness of the space in general—there’s been an entire wave of competing locksmiths (or plumbers, as the case may be) literally clicking their competitors out of business by driving up the price on their ads. For nearly a decade now, we’ve seen scammers either searching for new ways to out-click the competition, and an entire cottage industry of super-simple bots made purely for this purpose, sometimes being sold for as low as $100 a pop.


The ClickCease team hit on the $15,000-per-year figure by tallying close to 2 billion clicks among small- and medium-sized accounts that were running their ads on Google search. On average, these players were being charged between $9,000 to $10,000 a month on these sorts of campaigns, or close to $100,000 to $120,000 annually. Globally, between 14% and 15% of that figure is going straight to fraud, according to the research—in the U.S .alone, that number’s closer to 11%, or one in every 10 clicks. They also found that the number of fake clicks on campaigns by these businesses was up 21% since the start of the pandemic.

While not all of this traffic was malicious, a good chunk of it was. Going back to the locksmith we’d mentioned before, Missulawin gave the example that there’s “no reason” that a web visitor from the same IP address would be clicking on that locksmith’s ad 20 times in a row unless he was looking to drive him out (or, I’d argue, possibly because he’s a complete dumbass).


That new normal is only set to become more in stone as small businesses continue to struggle through the pandemic raging on across the country. While the feds have offered nearly a $350 billion dollar pool to help get these players back on their feet, some are worried that it might not be enough to help the people who need it most. In that case, it’s not surprising that some small businesses have turned to falsely driving up competitor’s ad costs to give themselves an edge. When the system fails this badly, business owners are left fighting over the scraps.

I cover the business of data for Gizmodo. Send your worst tips to


Captain Cupholder

I’m surprised that the author never brings up what seems like the worst part of this “robbery” - while small businesses undoubtedly benefit from hurting their competitors (or driving them out of business altogether), the company that gains the most direct and significant benefit is Google (or Facebook or possibly some other ad company). If a “fake” click costs Joe’s Pretty Good Plumbing $20, the company doing the fake clicking doesn’t pocket that $20 (at least not directly) - Google does. So it’s ultimately helping a gigantic monopoly (or at the very least a company that’s frequently charged and fined over monopolistic practices) that’s doing great even without, well, “shenanigans” like this. So of course not only does Google have no incentive to address the problem, they directly and substantially benefit from maintaining the flawed system currently in place. One more example to add to the already long list of obvious reasons we need strong and meaningful government regulation and enforcement to curb these kinds of abuses.