Fraud Prevention

How to Detect and Stop Click Farm Fraud

March 29, 20214 min Read

click farm fraud

Click farm fraud refers to attacks or fraudulent transactions executed at scale using humans, commonly called click farms or sweatshops. These click farms are low-paid human workers—usually from developing economies—employed to execute attacks on behalf of fraud rings

Digital attackers are in the 'business of cybercrime to maximize profits with the least possible investment. They prefer using automation through scripts and bots to scale up their attacks as it is quick and cost-efficient. They even use advanced bots to mimic human behavior. However, these bots fail when advanced levels of human interaction are involved. In such instances, attackers shift to human-driven, click farm fraud.

To make clickfarm fraud economically viable, bad actors generally 'recruit' people from developing economies such as the Philippines, Thailand, Vietnam, Venezuela. Human labor in such geographies comes cheap, which allows fraud rings to launch complex attacks with the least possible investments.

Clickfarm Fraud is Growing

Clicking on links, surfing the target websites for a specified duration, and even signing up for newsletters are some of the common examples of click farm fraud. Click farms are also used to generate fake likes and phony followers on social media platforms.

Click farm fraud is growing exponentially because more and more people are relying on the ratings and reviews before buying a product online. A product with a higher rating will be more appealing and hence, more likely to be bought. Similarly, influencer marketing relies on the number of likes a post garners or the number of followers an influencer or celebrity has on social media platforms. As a result, businesses are attaching greater-than-ever importance to the number of likes and followers on social media platforms.

Greater adoption of mobile phones is also contributing to the rise of click farm fraud. According to the Arkose Labs Fraud and Abuse report, human-driven attacks constitute 38% of all mobile attacks. This is because click farm workers can line up multiple mobile devices to execute attacks at scale.

Click farms and bots are harming the online gaming platforms through in-game farming of gold, looting items or carrying out repetitive actions that generate assets in the game. These assets are then sold on to other gamers through backchannels and illegitimate marketplaces. All these activities damage player sentiment, degrade user experience for authentic users, remove legitimate income selling assets, harm the brand equity of the gaming platform, and even limit the options for game designers.

Banning Malicious Users is a Temporary Solution

In an attempt to contain the growing menace of click farm fraud, a lot of companies are banning these malicious users. This, however, is a temporary solution and does not provide long-term protection from downstream fraud. For instance, gaming platforms are often forced to roll back functionality, such as gifting and trading features, to the detriment of good users.

Malicious click farms can mimic the behavior of authentic visitors, which means traditional methods of attack detection cannot help distinguish between the two, accurately. The challenge has grown further with the evolving behavior of authentic users, making the distinction between good and bad user behavior more difficult than ever before.

Protection against click farm fraud, therefore, requires a new approach that not only identifies malicious click farms from authentic users accurately but also makes it difficult for click farms to meet their target of hourly clicks or transactions. Since click farm fraud runs on small margins, any delay in the click farms' ability to complete challenges will deter click farm attacks long term.

Long-term protection from click farm fraud

Using this strategy, the Arkose Bot Manager platform introduces friction intelligently to obstruct malicious humans. The dynamic risk engine assesses the risk level of each user and informs Arkose MatchKey—the challenge-response mechanism—to present progressively complex enforcement challenges to high-risk, malicious users. These step-up, adaptive challenges waste the attackers' resources and time, to bankrupt the business model of fraud. This results in depleting the returns from the attack to such an extent that the attack becomes non-viable and the attackers are forced to move on.

Arkose Labs proactively monitors all malicious activity even from users logged-in deep within the business network such that digital businesses can address issues in real-time, rather than relying on downstream banning. To protect your business from click farm fraud long-term, please book a demo now.