What is Click Fraud and How Can You Stop It
In the wide world of digital advertising, click fraud is a more pervasive problem than many businesses realize. For this reason, we can no longer afford advertising on the assumption that every ad click comes from a real person interested in buying our products or services.
The global cost of ad fraud is expected to continue to grow exponentially to a staggering 100 billion US dollars by 2023. But we don’t believe that losing money to fraudsters or wasteful traffic should be considered an unavoidable cost of running online ads. There are many ways businesses can protect their ad spend, improve their campaign performance, and increase their ROI.
In this guide, we’ll dig into exactly what fraudulent clicks are, the types of click fraud you should be aware of, and how it affects the digital advertising industry at large. We’ll also show you what every business can do to protect their ad campaigns from fraudulent clicks and how to protect your ad account from click fraud without blocking potential buyers from seeing your ads.
So what exactly is click fraud?
Click fraud or invalid clicks refer to any clicks on online ads (particularly Pay-Per-Click ads) that are not made by genuine customers and only end up draining the advertising budget for businesses placing those ads. These clicks can be harmless but wasteful traffic resulting from accidental clicks, repeated clicks by the same user, or simply clicks from users with no purchase intent.
Click fraud, on the other hand, is a far more malicious form of invalid clicks that results from intentional clicks on ads by competitors, publishers artificially inflating click revenue, or clicks generated by bots. Click fraud therefore purposefully aims to exhaust an advertiser's ad budget or manipulate campaign performance data.
Types of click fraud
Here are some of the different types of click fraud businesses should be aware of:
Types of click fraud
In highly competitive industries, competitors may resort to click fraud to get an edge on their rivals by depleting their PPC budget and prevent potential customers from seeing their ads. It's not all that difficult to commit this type of fraud, as a pay-per-click ad will continue to show until its daily budget runs out unless you have set up protections against such attacks.
Competitors can quickly exhaust your ads by repeatedly clicking on them from a single device or hiring third parties to coordinate hundreds of clicks across multiple devices. In simple scenarios, where non-tech-savvy competitors try to sabotage your campaigns, you can recognize competitor clicks by their IP addresses and block them. For instance, you can use software that identifies IP addresses of those who have clicked on your ads and exclude them from your campaign.
Here’s how our founder and CEO, Ralph Perrier, recalls his experience:
When everybody else's budget would run out, there'd be one or two particular vendors that would advertise only during that period of time. As soon as everybody else replenishes their budget, they would bow out of the auctions again, and the fraudulent clicks would start again.
And then they started up again, as soon as everybody else's budget ran out.
There were some very nontechnical, but obvious patterns within the niche that clearly would point to you who was behind it all.
Publishers boosting their ad revenue
In some cases, publishers may get clicks on their own ads by either clicking on them manually, by using bots, or by encouraging others to do so. And since publishers receive a percentage of the revenue generated by each click on their website, they resort to this tactic to inflate their ad revenue. This is particularly prevalent in low-quality websites or blogs with high traffic, where publishers may be incentivized to increase their revenue through click fraud.
While they can’t always catch everyone doing this, Google has taken measures to detect and prevent this type of fraud and AdSense accounts are routinely monitored for invalid clicks. AdSense publishers are prohibited from clicking on their own ads or encouraging others to do so, and violating these policies can lead to permanent account suspension and legal consequences.
According to our research, 42% of all online traffic today is driven by bots to generate profit or manipulate ad campaigns on a massive scale. But not all bots have malicious intent – there are many good bots serving various helpful purposes such as monitoring a website's health, improving its search engine ranking, and sharing its content via social media.
However, bad bots are specifically designed to click on ads and engage in click fraud. It is challenging to identify them, as they can use VPNs and proxy services to mask their physical location, and their advanced technology allows them to mimic human behavior. The malicious bots can simulate mouse movement, accept and remember cookies, fill out forms, and even spoof their device type.
Unfortunately for advertisers, bot networks (also known as botnets) can avoid detection more efficiently because the clicks they perform often come from a range of regular machines with legitimate IP addresses. To detect botnets, you'll need to set up advanced visitor behavior tracking, blacklists, and other detection methods.
While cybercriminals use botnets and bots to their own advantage, they also offer their services to interested parties, such as competitors ready to gain an unfair advantage for their digital ads. This is how Ralph Perrier, our founder, describes his experience of encountering a competitor’s automated click fraud attack in 2004:
It just seemed very well coordinated that while my budget would run out immediately within minutes, other individuals would then start their campaigns. The idea behind their actions was that once you completely drain someone's budget, you have less competition and you’re paying less per click. And there was no way the clicks could have been human: we would pause our ads and then we would restart them at odd hours.
And within a short period of time, the clicks would start again. A lot of those clicks were distributed through VPN and proxy networks, which means a lot of it was completely automated.
Non-fraudulent clicks that affect ad performance
There are some cases where clicks are not necessarily malicious but still hurt advertisers because there is no intent to purchase the advertised product or service. At the same time, they are not accidental, since the users click on them to get to your website. Still, since these clicks do not result in a purchase, they will affect your ROAS (Return On Ad Spend). Here are three examples of clicks that fall into this category:
Lookie-loos refers to users who click on ads without any intention of making a purchase. While not necessarily malicious, their repeated clicking can still negatively impact an advertiser's ROI. By tracking visitor behavior and conversions after an ad click, advertisers can differentiate between good and bad traffic and exclude sources with low-quality interactions.
2. Converted customers
Sometimes existing customers search for a particular brand by name and click on their ads to get to the website. While their clicks are not necessarily fraudulent, advertisers may want to consider blocking ads after conversion to avoid incurring unnecessary expenses.
3. Clicks outside of selected geolocationClicks outside of targeted geolocation can also affect the accuracy of ad campaign reports. Cybercriminals often use VPNs and proxies to mask their location, but regular people may use them to protect their privacy or bypass internet censorship. While not all proxy or VPN clicks are fraudulent, advertisers may want to look into additional methods of protection for their ads until Google's geolocation capabilities improve.
3 ways click fraud affects your business
Click fraud can cause significant damage to a business's advertising efforts in multiple ways.
Three ways click fraud
affects your business:
Low ROAS: One of the most significant impacts of fraudulent clicks is a low return on advertising spend (ROAS). If fraudulent clicks make up a significant portion of the clicks, the business will be paying for ad clicks that will not result in any meaningful return on investment. This can significantly impact a business's bottom line, and in some cases, even render the ad campaign unprofitable.
Distorted metrics: Click fraud distorts the campaign metrics, making it almost impossible to determine the actual effectiveness of an ad campaign. If a large number of clicks come from bots or other fraudulent sources, the metrics can be skewed. And when campaign optimization is based on guesswork or inaccurate data, marketers might end up spending time on tasks with little or no return. For example, they may decide to start optimizing high-traffic, low-performance campaigns in hopes of improving conversion rates, instead of solving the root problem – fraudulent clicks distorting campaign results.
Wasted time and effort: Click fraud can also waste a significant amount of time and effort for internal teams. The process of monitoring and preventing click fraud can be time-consuming and require significant resources, taking away from other essential tasks that could be contributing to the growth of the business. Teams that are dedicated to monitoring and preventing click fraud may also be taken away from other important tasks, leading to further wasted resources.
Why is click fraud so hard to eliminate?
Click fraud is a significant challenge for businesses that rely on digital advertising, but it's not an easy problem to solve. Here are some of the many reasons why:
1. You can’t always catch all of them
Advertising networks, like Google Ads, do not have the resources (nor the incentive) to catch all fraudulent clicks. Ad fraud is a massive and constantly evolving problem, with new methods of fraud being developed all the time. Detecting click fraud requires a lot of resources, including advanced algorithms and machine learning, which can be costly and time-consuming to implement.
2. IP blacklisting doesn’t always work
The source IP addresses of fraudulent clicks often use VPNs and proxy services to mask their physical location. These clicks are not only difficult to detect because they may come from legitimate IP addresses and look like normal traffic, but they also keep changing and require more of a proactive approach and advanced techniques to stay a step ahead of them.
Many businesses are simply not aware of how prevalent click fraud is, or they underestimate the impact that it can have on their advertising campaigns. As a result, they don't take the necessary steps to protect themselves. Businesses need to educate themselves about click fraud and take proactive steps to prevent it. This includes implementing fraud detection software, monitoring ad campaigns regularly, and using strategies like targeting specific geolocations and ad scheduling to reduce the risk of fraud.
How can you stop and prevent click fraud?
Any business running PPC ads can use the following tactics to protect their campaigns:
How can you stop
and prevent click fraud?
Block specific IPs and ISP network ranges
One way fraudsters can carry out click fraud is by hijacking specific ranges within an ISP network. Unusual spikes in ad traffic from a particular ISP or a sudden influx of clicks from the same IP address may indicate suspicious activity. Fortunately, advertisers can identify the associated IP addresses and block the ISP's network range to prevent fraudulent clicks. In Google Ads, campaign settings allow advertisers to block up to 500 IP addresses or IP address ranges per campaign. However, blocking ISP network ranges comes with risks as it may also exclude legitimate users. Advertisers, therefore, need to weigh the benefits and potential drawbacks of blocking IPs and ISP ranges carefully.
Implement micro-blacklisting or micro-whitelisting
In some cases, different pages on a publishing platform may provide different types of traffic, and micro-blacklisting involves excluding specific URLs to block individual pages that don't bring in profitable traffic. However, blacklisted domains may be replaced by new fake sites, so instead of excluding certain domains, you can create a list of several hundred domains that you trust and want your ads to appear on (called “whitelisting”). While this strategy requires a lot of manual work, it can be an effective way to prevent click fraud and protect your campaign budget.
Audit paid clicks to understand what you’re paying for
Understanding your industry and conducting regular paid click audits can help you protect yourself from click fraud by identifying real users based on their behavioral patterns. By analyzing the digital journey of your buyers, you can identify anomalies and suspicious activity that may indicate fraudulent attacks. For example, if most of your customers typically fill out a form a week after being shown an initial ad, an influx of form submissions from users who were shown the ad just seconds before the submission is likely to be a fraudulent attack. Regular paid click audits can help you spot false traffic patterns like these and take action to protect your ad budget.
Find the right balance
Digital advertisers aim to prevent click fraud and block worthless clicks, but this goal must be balanced with avoiding the exclusion of real customers. Third-party solutions that quickly block fraudulent clicks can be attractive, but relying on algorithms without access to data and insights may result in missed threats and lost business. This black-box approach is also problematic in Google smart campaigns and recommended settings for Google Ads. To protect ad campaigns without excluding potential clients, it is necessary to understand why, when, and until when a specific source of clicks was excluded. Ultimately, transparency and control are essential in finding the right balance between blocking robots and shutting out real customers.
The best way to take back control of your ad spend
The prevalence of invalid clicks in online advertising has led to the development of third-party tools and strategies that are designed specifically to combat this industry problem.
Our company was created because Ralph Perrier, founder and CEO of ClickGUARD, was driven by his desire to know exactly who was behind each ad click, the reason why the click happened, and what was happening after the click on his company’s website.
ClickGUARD has been optimizing advertising campaigns for clients since 2016, resulting in savings of over $1 billion for more than 5,000 satisfied customers. That is why we can guarantee to block 80% of invalid clicks.
Our industry-leading solution uses advanced automation to detect, block, and report all fraudulent activity in real time, ensuring your budget is as optimized and cost-efficient as it can be. Our latest version is also fully automated and comes with a wide range of new and improved features, such as:
Google Ads and, more recently, Facebook Ads support
A new and more intuitive user experience
Value-focused pricing adjustments and account auto-upgrading
Improved multi-account support
New blacklist management features
Improved reporting and analytics tools
So, whether you are an agency managing multiple client accounts or a business owner running your own ad campaigns, we believe that ClickGUARD will help you get the most out of your advertising budget by getting more conversions from real, legitimate clicks.
Want to see the results for yourself? Get started with your free trial today.
Frequently Asked Questions
Can’t find the answer here?
How do I prevent click fraud?
Click fraud can be prevented in a variety of ways. First off, keep detailed track of your ad campaigns and your data (we call this post click analysis - check out more here). If you track who clicks your ad and how often they click on them can help you catch low intent clicks, bots, lookie-loos, and rival companies that want you to waste your ad budget. Be vigilant and monitor ads! If you suspect something suspicious, it’s always a great idea to look into it. Another great way to prevent click fraud is to subscribe to a fraud prevention software. Though there are several different kinds of software on the market, we prefer using ClickGUARD. Not to brag or anything (except, we’re totally bragging), but our software is data driven and forensic - it can help you identify and block worthless, non-converting clicks, thereby increasing your ROAS.
How does Google Ads (Adwords) prevent click fraud?
Google is a software giant, so it does have methods of trying to prevent click fraud and decrease illicit activity on your ads. Google has a media buying algorithm, for instance, that promises that it will detect and filter out invalid clicks before you even get charged for them. Although this isn’t always the case, Google acknowledges that invalid traffic is a problem and advertisers should be aware of this and devise a strategy to prevent being a victim of click fraud. Google also has a team of real people who act as real life filters - they monitor fraudulent activity in real time. Whether it’s tweaking the algorithm to drive fraudulent clicks away from your ad, or blocking them all together, Google’s team works closely with filters to ensure that you can protect your ad campaigns. Plus, the more that filters are used, the smarter they are. Google is also great at preventing click fraud before it happens. If fraudulent activity is associated with an IP address, or if the publisher has an extremely suspicious click-through rate, Google will catch the mistake so that you don’t get charged for it. Google will not hesitate to disable accounts associated with high amounts of invalid traffic. While a majority of click fraud occurs by humans, some of it is done by bots. Google will, therefore, search for data anomalies and code samples that don’t belong, and Google will also constantly research new kinds of invalid traffic that it’s existing algorithm/filter cannot detect yet.
Is click fraud illegal?
The answer to this question is kind of murky. Most countries have privacy laws, cybersecurity laws, and even information technology laws, but it can be hard to sift through the legal jargon and understand the legality of click fraud. When it comes to the law, click fraud is not usually tried by itself - in fact, click fraud is tied to money laundering (as is the case with Methbot), wire fraud, data theft, deception, etc. Because these go hand in hand, it can be difficult to distinguish what crime is actually being tried. The United States has tried several click fraud cases - in fact, they remain the only country to do so successfully. There are several high and low profile cases that involved several big names in tech, like Google and Yahoo, though these lawsuits ended in settlements instead of a change in legislature. So, is click fraud illegal? It depends on where you are. It’s best to err on the side of caution, however, and not perform it in the first place.
How do I quantify click fraud?
Click fraud can be and should be quantified using a prevention software like ClickGUARD, which will track your ad activities so as to detect and prevent fraudulent clicks that will ruin your Marketing ROI.
Can software stop or prevent click fraud?
Yes! As mentioned above, there are several ways to prevent and even stop click fraud. One of them is to download our software. ClickGUARD’s software is great for preventing click fraud because our software helps you identify and block non-converting clicks, thereby increasing your ROI. ClickGUARD will help to monitor, detect, and identify threats to your ads. We will also completely get rid of wasteful ad clicks, which saves you money in the long run. We will also help you boost your growth by focusing on quality clicks that guarantee conversion.