Conclusion next up previous
Next: Acknowledgements Up: On the Security of Previous: Pay-per-sale and pay-per-lead



Pay-per-click programs are a popular form of advertising incentive on the Web today. We have presented a hit inflation attack on these programs that appears to be virtually undetectable to target sites and very effective in inflating referral counts. Our attack involves two collaborating Web sites, where each user's visit to the first causes a target to register a referral from the second. There seem to be no sure ways of detecting this attack, short of locating the page on the first site that initiates the attack, though testing by the target site to attempt to determine if a user sees its page may give some indication to the target.

In our opinion, this attack brings the viability of pay-per-click programs into question and, if practiced widely, may accelerate an ongoing trend to move toward pay-per-sale and pay-per-lead programs. As discussed in Section 4, these programs have fraud problems of their own that seem difficult to address given today's Web infrastructure. How to achieve sufficient auditability to eliminate fraud in these web advertising schemes remains an open problem.


Mike Reiter