Clickjacking is an ad fraud type and happens when a user tries to do an action on a website, like playing a video and gets redirected to another page via ads. So Clickjacking is when a user is taken to a website that they do not intend to view.
This is considered invalid traffic and many DSP´s and Adwords are able to identify abnormal CTR´s that look suspicious on the normal benchmarks. When the DSP or Adwords fail to detect Clickjacking, advertisers can look at it filtering the domains by CTR, and exclude the domains that bring traffic without conversions.
Types of invalid traffic can include malware, falsely represented content, data-centric traffic, hijacked device, non-browser user or cookie shifting. Clickjacking (aka UI Redress) is special because is human traffic and even can have a good return on investment.
Some actions commonly used with clickjacking:
- Tricking users into enabling their webcam and microphone;
- Tricking users into making their social networking profile information public;
- Downloading and running a malware (malicious software);
- Making users follow someone on Twitter;
- Sharing or liking links on Facebook;
- Getting likes on Facebook fan page;
- Clicking Google AdSense ads to generate pay-per-click revenue (against Adsense policy);
- Playing YouTube videos to gain views;
- Following someone on Facebook.