Marketing & SEO Discussion List - LED Digest

Home arrow Full Issues arrow 2006 archives arrow LED Digest 2091: Click Fraud Reporting
LED Digest 2091: Click Fraud Reporting Print E-mail



==================================================
                 The LED Digest
             Moderated Discussion List
     "Effective Online Advertising, Since 1997"

         pair Networks: The LED's Web Host
   Hosting and Domain Reg. from a Trusted Leader
  pair.com for Hosting  |  pairNIC.com for Domains

==================================================
List Moderator:                     Published by:
Adam Audette                          LED Digest
adam, led-digest.com     http://www.led-digest.com
..............................................
February 7, 2006                       Issue #2091
..............................................


            .....IN THIS DIGEST.....

====== NEW =====================

        --== Click Fraud Reporting ==--

                ~ Karl L. Baldwin
"...I recently set up a filtering sever..."


==== CONTINUING =================

        --== Offshore Outsourcing ==--

                ~ Chuck Hiatt
"We have outsourced 8 different projects
in the last 4 months..."

                ~ Mark Roberts
"...we have been involved with outsourcing
to India, Canada and Argentina."

        --== Secure Servers ==--

                ~ Veronica Yuill
"One way that can happen is if the site
uses frames.."

                ~ Will Bontrager
"...SSL does not make the server secure,
just the connection..."


==== BILLBOARD ===================

        --== Phish Spam ==--
                ~ Barry Mills

        --== Amazon Connect ==--
                ~ Eva Rosenberg


========== NEW ====================================

From: Karl Baldwin
Subject: Click Fraud Reporting

Caution To My Fellow LEDers,

I have been quite successful at generic SEO since 1997. I have also
utilized PPC, starting with GO-TO.com (aka: Overture; aka Yahoo!
Search Marketing). Watching several of my campaigns with multiple
PPC "organizations" I observed unrealistic spikes periodically
(normal 20 to 50 clicks per day suddenly jumping to 800 or 900 for a
day or 2) and after reporting, I was getting absolutely no credible
response or refund from any customer support.

So I recently set up a filtering sever (AdWatcher.com). It works
like this. They give you a web address to use so that when your PPC
link is clicked on, your "sponsored" key word link goes through the
filtering proxy server, which records the pertinent clickers
information, then serves up your actual website to the searcher.
This all happens unnoticeably to the searcher, who then sees your
website. If the same IP address clicks on your advertisement PPC
multiple times in a short period of time, you receive an email
report that a person has most likely performed fraudulent click
activity. From these reports one can generate a "Fraudulent Click
Report / Refund Request" and send it to the particular PPC provider.

Therein lies the rub. I have many PPC accounts with various search
companies, but only 2 such PPC accounts that I have subscribed to
the AdWatcher.com service; MIVA and Yahoo! Search Marketing. In all
fairness, Yahoo! has responded, with what seems to be minimally
diligent and but appropriate responses, but only after a 2 or 3 day
delay. MIVA, on the other hand, has consistently thrown up road
block after stalling road block in responding to my "Fraudulent
Click Report/Refund Requests." I'll abbreviate this, yet provide but
one conversation thread I recently had with MIVA after submitting a
click fraud report. As of today, I have not received any
satisfaction on this or any of the other fraud reports I have sent
to MIVA.

MIVA Said:

-------------------------
What is the Dates/Time in Question?

What Keyword(s) are the ones that you notice more clicks on?

Did you have any Conversions on PPCs during the dates in question?

Did you make any changes in bid amounts?

Were any additional keywords added to the account during the dates
in question?

Did you do any status changes on any of the keyword ads?

Did you make any title and description changes during the dates in
question:

Do you have any emails that you can send us with your Server log
files to view your traffic and compare it with our results?

We will wait for your response to our questions mentioned above and
then we will run the traffic review request on your behalf. We
usually wan the ads to be place to offline status during the review
but as you had mentioned before at this point your ads are in
offline status already. It usually takes 24-48 hours in order for us
to get a resolution to the traffic review and then we will email you
with the results.
-------------------------

Karl Baldwin answered:

-------------------------
I already told you the time and date in the report. Why do you keep
asking me the same questions over and over?

1. 01-28-2006 12:22:30 PM until 01-28-2006 12:22:38 PM. 12:22:38
minus 12:22:30 equals 8 seconds, sequentially, on the same day.
Sheeeeesh!!!

2. They landed on my Georgia ad so if they used one of my 2 keyword
phrases, it would have been either "georgia cabin rental" or "north
georgia cabin rentals."

3. I already told you, my website does not monitor conversions
because there aren't any.

4. No, I have not made any changes to bids, keywords, status, title
or description.
-------------------------

Below [is 1 of the 2] fraud alerts I received today from my
AdWatcher server.

-------------------------
1st alert - Subject: AdWatcher Fraud Alert - 01-28-2006 12:22:30 PM

Dear Karl,

AdWatcher has detected suspicious activity going on with your Miva -
GA campaign. Please review the details listed below:

Campaign: Miva - GA
Total Clicks: 5
IP Address: xx.xx.xxx.xxx
Browser: IE 6.x and above
Time: 01-28-2006 12:22:30 PM

Warmest Regards,
The AdWatcher Support Team
-------------------------

My final message; click fraud is running rampant with very little
protection from those PPC providers. Their incentive is to let the
fraudulent clik$$$ go through. Get a PPC filter as it is every bit
as important as a firewall. If you have a data trail, your court
claims for a $75 refund or a $750,000 will be obviously valuable.

PS - I have no affiliation with AdWatcher.com other than being a
very happy subscriber.

Best Regards,

Karl L. Baldwin

MountainLodging
Vacation Cabin Rental Listing Service
www.mountain-lodging.com


======== CONTINUING ===============================

From: Chuck Hiatt
Subject: Outsourcing

> I am working my way through "The World is Flat" by Friedman...
> those of us who do not embrace outsourcing to highly skilled
> but cheaper labor in countries like India and China will fade
> away like dinosaurs.
        - Peter D'Aprix, LED 2090

Rather than looking at overseas vendors as a threat to your creative
business, why not consider it an opportunity. You have the same
access to these companies as the end-user.

I know many domestic graphic designers that will post jobs on
Elance.com or Guru.com and award the job to a company in India,
China, Belarus, or another country, and present the work to their
clients as a finished product. There is plenty of margin left to
make a healthy profit from this arrangement.

If you are a one-man shop this is an easy way to leverage the growth
of your business without hiring additional staff. I know this isn't
the most popular opinion among domestic designers or other creative
type companies, however, I would rather ride the wave than get
buried buy it.

We have outsourced 8 different projects in the last 4 months and
have been very happy with all aspects of the process. Both Elance
and Guru offer the ability to post your payment in an escrow account
that allows you to release funds to the vendor only when the work is
done to your satisfaction. They both offer private project message
boards and job summary pages that allow easy communication and
management of all of your projects.

Chuck Hiatt

Promogear.com, Inc.
www.promogear.com


------- new post - same topic ------

From: Mark Roberts
Subject: Offshore Outsourcing

I can only speak to my personal experiences and am anxious to hear
others.

For the last 2 years, we have been involved with off shore
outsourcing to India, Canada and Argentina. I, personally, have not
been very impressed with the results.

If you can be very precise and nail down your projects with specific
and detailed documentation and requirements. You can usually get
fairly good results. However, I have not had good results where
business processes and / or practices are involved.

I.E. if you have a few static pages that you want created and you
document precisely what you want; probably won't have any problem.
If you are looking for something like a shopping cart that is very
dynamic and interactive, you could have a problem.

Language barrier has also been a problem. Even though English is
spoken by both parties, sometimes the meaning of the words can get
in the way. What may be assumed in the US, may not be assumed in
Asia for example.

Mark Roberts

Roberts Computing Systems
http://www.robertscomputing.com


------- new post - new topic ------

From: Veronica Yuill
Subject: Secure servers

> I closed out of the page without placing my
> order... can there be encryption and stuff
> on a page without the https://~ in the URL?
        - Tom Anson, LED 2090

Hi Tom

One way that can happen is if the site uses frames (remember them?
;-)) You will see the URL of the frameset page in the address bar,
which could be http://. However, the page displayed in the main
frame could be a secure page using https://. In this case though,
the browser won't display the padlock (because the URL for the whole
page is the insecure frameset one) even though the payment page
itself is secure. There's no way that you can tell if the payment
page is secure short of inspecting the source code of the frameset.
I seem to remember quite a large supermarket chain in the UK had
designed their online shopping site like this at one time.

This is obviously a very poor design decision, since most people are
conditioned, rightly, to look for the padlock before entering
sensitive information.

There is another way: you could have a form accessed via http://
which was processed by a secure server-side script (i.e. the form
ACTION points to a https:// page). This is perfectly secure, as the
form data will be encrypted when it's sent -- but again it's a poor
design decision because the visitor cannot see that it's secure
unless he/she is savvy enough to look at the source code.

Inicidentally, the worst order form I've seen was one that was not
only not using SSL, but submitted credit card data to a formmail
script which simply emailed all of the information to the site
owner! They didn't get my order ...

Veronica Yuill

Archetype IT
http://www.archetype-it.com/thebackburner/


-------- new post - same topic --------

From: Will Bontrager
Subject: Secure servers

You did right, Tom.

https://... is a secure connection between browser and server.
http://... is a non-secure connection.

Although the chance of sensitive information being compromised on a
non-secure connection is low, e-commerce sites who can not be
bothered with providing a secure connection for sensitive data
transmission may also be irresponsible when handling your
information once they control it.

A secure server connection (https://...) automatically encrypts data
flowing between browser and server. That's it.

A secure server *connection* does not make a server secure.
Webmasters (and customers), please don't rely on it. Thinking a
server is secure just because it has a certificate with a name to
that effect can foster lackadaisical security.

"Secure server" is a misnomer because SSL (secure socket layer) does
not make the server secure, just the connection between server and
browser.

What happens to the data after the information arrives at the server
via the secure connection is as important, if not more so. Just
because a web site proclaims their server is secure doesn't make it
so. Talk is easy. If they lie or deceive about one thing, they will
do so about other things.

The sensitive customer information should be stored in
browser/robot-inaccessible places for later retrieval. Retrieval
should be at the earliest opportunity.

"Browser/robot-inaccessible" would be

* a directory that is not a public document directory or that is
password protected (don't rely on robots.txt exclusion statements
for protection; they are invitations to crackers, not deterrents) or

* with a file name extension that prevents the server from
delivering the file to a browser or robot.

An example of the latter would be ".cgi" -- which most servers are
configured to launch and run instead of delivering as-is.

Once retrieved, all information that is not required for the proper
functioning of the system should be removed from the server.
Complete credit card info should never be left on a server.

I am not a security expert. That would be a full-time job. But I do
know a little bit about it. Hopefully a security expert will weigh
in here.

One more point, for merchants. Don't let your software email you
sensitive information such as credit card numbers, unless that email
is properly encrypted. Email is notoriously public, subject to
mis-filtering and misdirecting and ending up on security-lax
computers freely accessible by administrative personnel.

For some of you funds may be scarce. Security of sensitive customer
information, however, is not a place to skimp.

It doesn't have to cost a lot, very little in fact.

http://cgi-resources.com/ lists several email software titles that
can send encrypted email. We have secure file viewing software for
very little money. Secure servers can be shared, which is an option
until you can afford a certificate of your own -- provided you
actually want your own certificate. Get in touch with me at the
domain in my sig and I'll send you a link to a hosting company that
provides shared secure server use at no extra charge.

Skimp on the expenses, if you need to, but don't skimp on security.

Mr. Anson, look what you started :)

Will Bontrager
http://willmaster.com/contact.shtml


==== BILLBOARD ===================================

From: Barry Mills
Subject: Phish spam

> By the way, I would never bank with anybody
> who was the target of a lot of phishing e-mails.
        - James Miller, LED 2090

Wow, that's harsh! It's not like the banks are at fault for being
targetted.

I don't get as many phishing mails as James, but I get quite a few.
I haven't seen the concentration he has on a handful of banks, and I
would guess that James has a domain that has a lot of auto-generated
addresses on the target list of a single spammer, who has only got
round to targeting two banks and does them in rotation (hence the
e-mails coming in waves for one or the other).

I can't think of a bank I haven't seen a phishing e-mail for tbh,
certainly get them all the time for all the major UK banks, along
with paypal, Amazon, various bookmakers, etc etc. Consumers are
going to have to get much more clued up to combat this, and banks
and other organisations are going to have to up their security
measures. Banks are doing this, but very slowly, as is their nature.
Imagine the trouble we'd be in if a fire station was staffed by
bankers. Those of you outside the UK may be astonished by this, but
most of the major UK banks haven't even rolled out e-mail addresses
for use by customers yet, so stuff that needs some real thought is
obviously going to take decades.

In the meantime, if you are going to have a policy of not dealing
with any bank that is targeted by phishing spam, I think you're
going to have to manage without a bank account.

Barry S Mills, Managing Director

Netstep Corporate Communications
http://www.netstep.co.uk


------- new post - new topic ------

From: Eva Rosenberg
Subject: More Visibility at Amazon Connect

Hi Adam,

I was just really wishing the HelpDesk were functioning so I could
send out this note to everyone... and I suddenly realized, heck - my
HelpMates are your LED folks.

A couple of days ago,  I was hit in the face with invitations to see
what some authors had to say to me at Amazon.com. Naturally, my
first thought was, why am I not invited to be among those with
something to say...so I explored.

And look! We're ALL invited to create our own author profiles - and
our own Amazon blog (or plog, as they call it.)

Here's the one I did  http://snipurl.com/mahz

If your Amazon ranking is a part of your strategy, consider setting
up your profile. Yes, I know, it's just one more place you have to
remember to update.

But, hey, when you're obsessively checking your rank, just add a
note to your readers. You're there anyway.

Best wishes

Eva Rosenberg

TaxMama.com - A daily cure for your tax blues
http://www.taxmama.com/taxquips


-------------------------------------------------------
The LED Digest is sponsored by pair Networks:
pair.com for Hosting | pairNIC.com for Domains

© Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved.
-----------------------------------------------------------------

"The universe is full of magical things, patiently waiting for our
wits to grow sharper." - Eden Phillpotts
 
[ Back ]