SEO

Black-Hat PPC: Stealing Trademark Traffic

Want to learn how to steal your competitor’s high-quality brand traffic and redirect it to your site using Google Adwords?  “Against their terms,” you say?  Rubbish!  I’ll show you how a black hatter did just that to a client of mine costing them hundreds of thousands of dollars in lost traffic!

Recently, a client ran into an issue with their Google Adwords campaigns.  Their brand-targeted campaigns began to produce fewer and fewer conversions, while their CPA (cost-per-action) started climbing rapidly.  It wasn’t long before they were paying twice as much per conversion and getting half as many per day.  A quick bit of investigation revealed that we were only getting a small share of the available queries for our well-known brand and domain name.

An inspection of Google’s results revealed nothing.  There was my client’s ad, where it should be with no other ads present.  Obviously whoever was siphoning off traffic was being very deceptive about it.  My initial thought was that they were day-parting their traffic and only showing their ad during early morning hours, but after a few sleepless nights i confirmed this wasn’t the problem.

My next step was to use a proxy that was located in a different state to check the Google results.  An ad which appeared to belong to my client showed up, with the same title & description and showing my client’s website.  Clicking the ad caused a competitor’s site to come up instead of my client’s site, a clear violation of Google’s terms since the URL of the final destination, after the redirect, did not match the ad’s display URL.

I went back to Google to see if the ad showed up for my client’s domain as well as their brand name.  It did.  I clicked it again, but this time I got redirected to my client’s site instead of the competitor.  I went back to the original trademark term i had searched and clicked the ad again. Again I was redirected to my client’s site.

“Well that’s weird,” I thought.

I copied and pasted the destination url and found something that looked like this:

http://www.google.com/aclk?sa=L&ai=CAsqXJqLITbLjK8iagQfkqe2DCuD_lZ4CiG7G1yyV3J4xCAAQAVCGvph1YMnWrIfco 8QQyAEBqQJWZt7pooqYPqoEHk_QE2yD9UlXdHsS-zdkm2-4VemNnXiQxxZQ38nPw&sig=AGiWqtwAJ2evlzQJvjiJDaoysxKsaXy3Xw&ved=0CAgQ0Qw&adurl=http://someredirectdomainwithalotofcha racterssothatitlookslikeparametersintheurlinsteadofaredirectdomain.eu/track/61/

Google prefaces your ad’s destination URL with a bunch of encrypted encrypted information so they can measure clickthroughs and other information.  In order to see the actual URL, you have to isolate whatever is after “adurl=”

http://someredirectdomainwithalotofcharacterssothatitlookslikeparametersinthe urlinsteadofaredirectdomain.eu/track/61/

This was the actual destination URL of the ad.  I did a fruitless WHOIS search of the domain which turned up nothing because the domain had privacy protection enabled.

So then I thought, they are using my client’s registered trademark so I’ll file a trademark infringement complaint with Google.  Surely, this will do the trick!  Since they had copied my client’s ad copy verbatim, it should be a fairly easy process to get ad removed.  However I made the mistake of not reading the form thoroughly and check both the box that says I’m complaining about the keywords they are bidding on and about their ad copy.  After three weeks of waiting for a response, my complaint was denied.  Turns out that in the US, you cannot complain about others bidding on your trademark terms.  If you check that box, they just deny it even if your complaint about the ad copy is legitimate.

So my next step was to notify the policy team, through my Adwords rep, that this advertiser was violating Google’s terms by redirecting to a competitor instead of the display URL.  To my dismay I received a response that the final landing page they kept seeing was my client’s site instead of the competitor’s site.  I was at a dead end.

I decided to dig deeper and see exactly what this shady advertiser was doing.  What I discovered was a black hatter’s dream.  This guy had built a PHP redirect script which redirected users to his link on the first click, and to my client’s site every other click after that.  It worked by storing the IP address of the incoming request and would reset every 24 hours.  This made it very difficult to detect.  Even though you may see the competitor’s site on the first click, every other click after that took you to my client’s site making it appear as everything was fine.

What was brilliant about this, is that the first click is by far the most valuable one.  Most people will only click an ad once and either buy something or not.  The second time they click they are half as likely to convert as the first time.  If they click three or more times within the same day, the system is likely to flag their activity as click fraud so theoretically you would be refunded for it anyway.

In addition, you can make the script’s activity harder to detect if you grab a list of googlebot IP’s so that Adwords is never able to automatically disable your ads due to the destination not matching the display URL of the ad.  Another nifty trick this black hatter was doing was to use IP-based geolocation to always show my client their site rather than the competitor’s, making it even harder to detect.

In the end, I ended up having to recreate the issue and record it on video in order to prove to Google’s compliance department that there was a problem.  Even with that, it took them three months to finally get around to shutting this black hatter’s ads off.  Overall, the competitor’s ads ran for 6 months and cost my client hundreds of thousands of dollars.

So why would someone like myself write a story about this?  Aren’t I opening the door to a militia of black hatters that could copy this technique and replicate it?  Yes, but not because I condone this behavior.  The bottom line is that this is happening right now by a handful of black hatters that were sneaky enough to figure this out.  By bringing this to light, I am hoping that Google invests some time into figuring out how to permanently put an end to this glaring issue.  If this were done to an overly  bureaucratic non-technical fortune 500 company, it may take years for anyone to detect it and cost that company millions in lost sales.

Comments are closed.

47 thoughts on “Black-Hat PPC: Stealing Trademark Traffic

  1. Wow, as Google advances their technologies and algorithm so do the black hatters. I am amazed that they are several steps ahead of Google.

  2. This is unbelievable. How many steps ahead of Google are these guys? You showed a great deal of diligence in investigating and discovering the root of the problem. Bravo!

  3. This is shocking!  I always think Google is ahead of everyone so I’m pretty surprised that these black hatters are getting away with what they’re doing.

    1. You’d be surprised, as big and smart as Google is, there’s always that motivation of money for smarter people to figure out a way to game their system. You must imagine, there are those that also don’t get caught. What kind of systems must they be running?

  4. I have to say I am quite surprised that Google system couldn’t detect the url rotator script. There are always loopholes …. but this is a pretty big one.

  5. This is the first post I came across that described nefarious PPC practices. Most often we worry about link fraud.  But this story shows that much more complex tactics exist.  Thank you, Mike, for bringing it to light.

  6. If you talk to any of the google reps, you get a very sheepish, “you’ll get banned, *chuckle*” type answer.  When asked why XYZ hasn’t been banned in 3 years for doing this, .. “uh maybe they keep recreated accounts… which we encourage to webmasters.”  Google sales reps are gaming google’s system too.

  7. This post is more than welcome! Nice investigation. This shows how much the marketing stuff now require technical knowledge, web savyness and a twisted mind to go after this stuff for your client/business. Otherwise sharks will go after you and your cash :-)

  8. There’s bg money to be made…creative individuals will always find a way to beat the system.

    Helll, Google can’t even weed out all of the sites w/ full pages of hidden nonsensical text.

    The lesson here is to keep an eye on your analytics and like Mike did, investigate irregularities (good and bad).

    Great job, man!

  9. I agree with a lot of the previous comments. We often do not think of black hat with PPC. Did you try outbidding them? Your quality score for your trademark should have been very high and theirs fairly low. It should have been easy to outbid them and retain the conversions. I understand your CPC would increase, but at least you wouldn’t have lost (as much) revenue. I’m interested to hear if you tried this while working with Google to get the ads removed.

    1. This is a great question.  Thank you for bringing this up, Brian.We did in fact raise bids all the way up to $100/click and the black hatter was still beating us.  They did this by using extremely old adwords accounts and copying our ad verbatim.  Google won’t admit this but older AdWords accounts appear to be favored in a number of ways including lower bids and the ability to beat out an identical ad in a newer account no matter the bid.Apparently this particular black hatter had an unlimited supply of very old throwaway AdWords accounts.  As soon as google shut down one, he/she would immediately copy over the campaign to another account and continue stealing my client’s brand traffic.

  10.  Awesome read! A tip though – you could think about submitting your news
    posts to reddit – My guess is the community there should enjoy your
    articles – also if you’re lucky it’ll mean more exposure.

  11. Is Google going to refund the original advertiser as they faced loss due to blackhat activity in their system?

  12. Honestly though, Google doesn’t have a whole lot of motivation to go after Black Hat PPC advertisers. As long as they get their CPC $, does it really matter to them? At least until companies complain loudly enough or drop out of AdWords in droves which isn’t likely. I don’t think too many SEM professionals are as proactive as Mike was in this case.

  13. Incredible find, Mike!  I hope that the team at Google takes a serious look at your findings and does something to ensure that their SERP cannot be gamed like this.  It is incredible to think that this could occur,and yet, here we are.  Perhaps they could code name the project something menacing like “Project Bunny Rabbit”…hey, it worked for the Panda, right?

    Thank you for sharing this find with your readers!

    1. Thanks, Cleofe.  I hope Google takes it seriously also.  Maybe by exposing it like this, it will become enough of an issue to force their hand.

      1. I believe that they were and are fully aware of this fraudulent tactic, but  as long as it lets them to earn more, since the target company has to pay more for the same result. But, as you pointed out, hopefully by making this issue public, they will do something about it, even though in a very slowly way.

  14. Wow, this has got to be incredibly disheartening if you are a PPCer. I’m glad I’m in SEO where everything is squeaky clean.

    On a more serious note this is just sad. With such an easy fix, Google should have been on top of this. I’ve seen a few instances of PPC ads using the URL of a credible domain in their ad and wondered how they could get away with it for so long.

  15. Google has really upgraded day by day but these black hat hackers have stepped one step forward. There is always a way to break a system and this is what these hackers take benefit of.

  16. This has been going on for years, that’s why affiliate networks have so many policies in place now.  Brand hijacking has been common place for a long time and I’ve seen many clever redirects being used to mask this activity.  Using something like HTTP Watch on firefox helps to determine who it is and whether they’re dropping cookies (an easier identifier to send to an affi network)

  17. Interesting. Perhaps one way to prove this sort of behavior is going on would be to (assuming the client would allow it) pause all AdWords campaigns for at least 24 hours, and then if the same ads are still showing you would know it’s a rogue account, no?

    1. That could be very costly for the client.  Being down just an hour would cost them thousands.

      I use a tool called Keyword Competitor which has been very useful in detecting trademark infringers and other competing ads.  Well worth the expense.

  18. Hey Mike,
    Justo to see if I got it right. They bided using same display URL and ad and keywords as your customer, but the script underneath was instead redirecting the users to their site on first click.
    Is this correct?

    Very diabolic!

  19. INCREDIBLE! Absolutly brilliant, smart and even a bit cheeky only capturing the 1st click.  This is why I love digital… So many fresh new ideas, tactics and strategies. Love it

  20. INCREDIBLE! Absolutly brilliant, smart and even a bit cheeky only capturing the 1st click.  This is why I love digital… So many fresh new ideas, tactics and strategies. Love it

  21. How do I get help if I have this problem with My Adwords account?  In Google Analytics when I compare Jun and July traffic between 1st and 19th I have the same traffic, people are spending the same time on the pages but the sales are .5 as much and now there are no sales at all.  What do I do?  I have been searching the internet for answers but no luck so far.

  22. It really makes me wonder if Google are really interested in the services they deliver. In my experience, tecchies are not the kind of people who interest themselves in support roles.

  23. This is crazy stuff!

    It reminds me of when I first read about (back in or around 2007) using geo-targeting and IP exclusions to block or misdirect competitors and encourage them to change their ads during holiday sales.

    This really shows that you know what you’re talking about. Keep ‘em coming! Great work, Mike!