In the never-ending fight against click fraud, online security experts are always developing new tools and strategies to keep fraudsters at bay. But the fraudsters are working equally hard. You essentially have a digital arms race with both sides trying to maintain the upper hand. Enter headless browsers. They can be used in a very sneaky way to perpetrate click fraud against unsuspecting advertisers.
For readers who aren’t familiar with click fraud, it’s not just a harmless little game fraudsters play. It is a crime. It’s a crime that costs online advertisers billions of dollars annually. The vast majority of click fraud cases involve fraudulent ad publishers who steal from their own customers by racking up fake clicks. And to cover their tracks, fraudsters sometimes utilize headless browsers.
Headless Browser Basics
Fraud Blocker is a company that makes click fraud protection software. They have plenty of experience with headless browsers. They explain that a headless browser is one without a graphical user interface (GUI). But even without a GUI, it can still do what any other browser can do. Some examples of popular headless browsers include:
- Erik
- Surf
- Splash
- PhantomJS
- jBrowser Driver
- Chromium Embedded Framework.
One of the more interesting aspects of headless browsers is that they can often be automated. A user can write a small program that runs the headless browser and tells it what to do. That way, the browser can be run and forgotten about. It automatically does what it’s programmed to do, in the background.
Why Fraudsters Use Them
So why do fraudsters utilize headless browsers to commit click fraud? Because headless browsers can simulate genuine browser activity. The better a browser is at simulating such activity, the harder it is for entry-level click fraud protection software to detect it.
To illustrate the point, consider a simple click bot that does nothing more than continually click the ads on a publisher’s website. Such activity is pretty easy to detect by paying attention to timestamps and IP addresses. Any entry-level software package would identify the clicks and red flag them.
If the same activity can be disguised through a headless browser though, fraudulent activities can be made to look like real humans using real browsers to visit real sites. Everything is programmed and automatic, so the simulations happen in the blink of an eye. The software can continue clicking on ads indiscriminately, thereby driving up revenue. But to the advertiser, it all looks real.
Fingerprinting Is the Key to Stopping It
If you’re guessing that it’s difficult to stop click fraud driven by headless browsers, you are correct. A lot of click fraud prevention experts, including Fraud Blocker, use a tool known as fingerprinting. It’s pretty effective when used correctly.
Fingerprinting is the process of collecting and analyzing data related to web traffic. The data pertains to unique characteristics of the device being used to click an ad. For example, a device will reveal its operating system, web browser, the user’s language settings, and more. All the data can be analyzed and compiled to create a unique ID for that particular user.
IDs can then be compared to ad clicks to reveal possible click fraud. Suspect devices and their IP addresses can be quarantined pending further investigation. If necessary, they can be blocked from seeing future ads.
Thanks to headless browsers, the job of fighting click fraud is a little more difficult. That’s why advertisers should be investing in click fraud software or working with a service provider that specializes in fighting click fraud.