Google has always been known to safeguard its applications to thwart anyone from using them for fraudulent activities. Recent developments in this regard have had Google defending its ad systems to prevent something known as clickjacking.
What is Clickjacking?
Clickjacking has emerged as a recent threat to cost-per-click display ads. Clickjacking, also known as a “UI redress attack,” where the appearance of a website is changed so that a victim does not realize they are taking an important action, in this case clicking on one or more ads.
The attacker in this case uses several multiple transparent or opaque layers to trick the user into clicking on an invisible ad when the latter actually intended to click on something else on the top level page. Hence the term Clickjacking – because the attacker is hijacking the clicks meant for some other page and routing them to some other.
These clickjacked pages can be used for a variety of purposes:
- To trigger one-click orders from online shopping stores.
- To gain social media likes and follows.
- To download malwares to gain access to users’ devices.
Clickjacking was discovered by the Google team earlier this year and since then, it has been making attempts to take actions against it.
Andres Ferrate, Chief Advocate of Ad Traffic Quality at Google, speaking on this matter said, “When our system detects a Clickjacking attempt, we zero-in on the traffic attributed to that placement, and remove it from upcoming payment reports to ensure that advertisers are not charged for those clicks.”
Since the time Google has discovered this fraud, they have gone ahead and terminated accounts, removed entities, and also worked in parallel to release a filter which would automatically exclude this kind of traffic across display ads. Simultaneously, the team is also working to hunt down invalid traffic which has enabled them to move proactively and quickly to address Clickjacking threats on several occasions.
Google mentioned in one of their blogs, “Our Clickjacking defenses operate at considerable scale, analyzing display ad placements across mobile and desktop platforms, evaluating a variety of characteristics. When our system detects a Clickjacking attempt, we zero-in on the traffic attributed to that placement, and remove it from upcoming payment reports to ensure that advertisers are not charged for those clicks. This latest effort also is a great example of how our work against invalid traffic is at the intersection of technology, operations, and policy. Each piece plays a key role in keeping our ad systems clean and defended against ad fraud.”