I thought I was done writing about bot traffic from an ad campaign but turns out I was wrong. We recently ran a targeted display advertising campaign and 82% of the campaign’s traffic was from a bot. Here’s how we determined fraudulent traffic from the campaign.

Screen Recordings

We utilized HotJar to capture mouse movements and we noticed erratic and unnatural movements on the screen recordings. This seemed odd so we dug some more…

Intervals of Scroll and Mouse Movements

In looking at about 50 on these recordings, the movement of the mouse seems to be very algorithmic and happens consistently at 5, 10, 15, 20 seconds etc. on multiple videos. Not very natural…

Similar Session Durations

There was some variation in session duration, but for the most part all of these fall within the same time frame – not very human-like, and then you look at the mouse movements and the intervals of when the movement/scroll occurs.

Same Browser Version

4,248 of our display visits came from Chrome version 48.0.2564.109. Version 48 of Chrome was only around February – April and Chrome automatically updates, but this campaign ran in August. We aren’t seeing any traffic from version 48 of Chrome on this site in recent months. To confirm, we also looked at some of our other high volume websites and they all experienced the same trend: Feb. –Apr. for Chrome versions 48 only.
browser version

Same Operating System

All 4,248 visits from our campaign came from Windows 7 – no diversity in operating system.
windows-7

Same Screen Resolution

Almost all ad traffic, from Chrome 48 had the same screen resolution – no diversity.

No Conversions and Only 1 Page per Session

Given 4k plus sessions from Chrome 48, we should see some more variability in these metrics. The site has been averaging almost a 3% conversion rate if this was a real person and at least one conversion should be there from those 4k visits.

Lesson Learned: Ensure that fraud protection is enabled from the start

The media provider that we partnered with did utilize fraud protection software but they claimed they wouldn’t enable the protection unless “something looked odd.” At the end of the day ensuring White Ops or Double Verify are enabled from the beginning of the campaign would’ve been a smart move.
screen-shot-2016-10-17-at-2-49-41-pm