How to recognize fake traffic from competitors

The first call of competition

The volume of clicks from contextual advertising has increased without increasing the budget.

At the same time, the conversion rate in contextual advertising decreased slightly.

The smooth growth of search traffic from region has begun without any reason for this.

The number of sessions of 0-5 seconds with the same type of behavior in Hotjar and the Yandex.Metrica session replay has increased.

There were many sessions with a long stay of users on the site, for 5-15 minutes, but 99% of this time is inactivity and convulsive cursor movement.

Google Analytics has started notifying about suspicious low-quality traffic.

Most site owners have Yandex.Metrica installed in Runet, here’s how it will look there:

​April: 18.7% — refusals from search traffic. The usual indicator: 8-10% of failures

April: 65.6% — refusals from traffic from the Yandex advertising network.​ The usual indicator in the client’s niche: 25-35% of failures.

To make it clear, 65.6% of failures are thousands of visits for which a certain price per click was charged.

Congratulations, you have witnessed the so-called “soft cheating” of negative behavioral factors and the gluing of contextual advertising.

All this negatively affects search traffic (it will fall or at least not grow) and useless (for the advertiser) waste of the advertising budget.

It seems that some indicators have changed slightly, and the traffic has grown, we should be kind of happy. But if you look at the sessions in detail, everything is really bad.

There is also a “sharp cheat” and a more cheerful gluing, these are their signs:

A sharp increase in the failure rate in the PIT or GA.

A sharp increase in sessions of 0-5 seconds (more often 0-10).

Direct visits to the site are thrown in bundles to the pile.

An avalanche of traffic from SERP or contextual advertising begins to flow through the keys.

What type of cheating you will have depends only on the narrow-mindedness and directness of the attackers’ hands. There’s a complete random, maybe a mix.

How to determine the type of cheat yourself

Direct cheating — there is direct traffic to the site, all sessions are usually 0-10 seconds, the most common type of cheating.

Clicks on phrases from search engines — enter a keyword into the search bar, search for your site, click, spend 0-10 seconds, return the reverse to the search results. The CTR of your site on search is falling, the competition is growing, your site is going into the sunset.

Transitions from other sites to your site — a bot or a real person enters your site by a link from another site and immediately returns back.

Linking contextual advertising (on search, in YAN or CMS) — an increase in sessions of 0-10 seconds, an increase in the number of repeat visits with sessions of 0-10 seconds.

Point of no return

+100 sessions per day with the type of cheat: direct, click-through from search engines, click-through from other sites, the search traffic will collapse in 1-2 days.

When idle for 2-3 weeks will filter from Google and Yandex, we’ll have to change the domain.

How it is done

Lots of methods, some tricky, confusing and hard to define. I will not reveal all the cards, so as not to provoke the playful pens of individual personalities.

Services like “User” and others that are presented in Runet are just a harmless baby rattle that is blocked on the races, compared to what can be caught in the top of Google on HF, for example, in the insurance topic in the US.

Protecting your site from cheating

All methods are free and are only worth the time you spend on it.

Let’s go from simple to complex.

Method #1. Watch sessions through the Yandex webvisor

, go to the webvisor, select the maximum range of available dates, select the type of traffic.

Turning on the columns:

Setting the activity:

We get a list of sessions with low activity, we begin the analysis. You need to pay attention to strange patterns:

many sessions from the same IP network;

there are many sessions from the mobile IP network, but the call was made from a PC;

many sessions with an empty User-Agent;

a lot of sessions with unpopular User-Agents like Linux, CentOS, PaleMoon;

many sessions with repeated visits;

many sessions from the same region or country;

there are many sessions from the Moscow region on phrases that relate to other regions;

a lot of sessions with a PC, but the screen resolution is 360×720

Leave a Reply

Your email address will not be published. Required fields are marked *