What is Click Fraud and How To Stop and Prevent It
The ultimate guide to understanding and stopping click fraud
In this guide, you’ll learn what exactly “fraudulent clicks” are, how to identify the most common types of click fraud, and how to determine which industries and sub-industries are at risk. Although it’s not the main focus of this guide, we’ll also touch on non-fraudulent clicks that affect ROAS.
We’ll dig into the reasons why click fraud is so hard to stop and how it affects the digital advertising industry. We’ll show you what every business can do to protect their ad campaigns from fraudulent clicks (even if you don’t have a third-party solution).
Lastly, we’ll discuss what third-party solutions can do to help you stop invalid clicks, and how to find the right balance between protecting your ad account from click fraud and blocking potential buyers from seeing your ads.
We’ll dig into the reasons why click fraud is so hard to stop and how it affects the digital advertising industry. We’ll show you what every business can do to protect their ad campaigns from fraudulent clicks (even if you don’t have a third-party solution).
Lastly, we’ll discuss what third-party solutions can do to help you stop invalid clicks, and how to find the right balance between protecting your ad account from click fraud and blocking potential buyers from seeing your ads.
Table of contents
A 7.2-billion-dollar-a-year problem in the digital advertising industryUnderstanding click fraudWhy is click fraud so hard to eliminate?What any business running digital ads can do to fight click fraudWhat to do when you know you’re not catching every fraudulent click — or don’t have time to do it allThe solution data-driven marketers use to block 80% of invalid clicks and take back control of their ad spend with real-time click protection and customizable rules for every needA 7.2-billion-dollar-a-year problem in the digital advertising industry
If you suspect that you’re a victim of click fraud, you’re not alone. Although at first most digital advertisers think click fraud won’t affect their ad campaigns, eventually they notice inaccurate click data in their reports, and discover the vast and complicated topic of click fraud.
For example, Ralph Perrier, our founder, realized in 2004 that 20% of his previous business’s ad budget was wasted because of competitor click fraud attacks. Over the next ten years, the volume of click fraud affecting his business continued to escalate, and more and more of his connections in the digital advertising space were facing similar challenges.
For example, Ralph Perrier, our founder, realized in 2004 that 20% of his previous business’s ad budget was wasted because of competitor click fraud attacks. Over the next ten years, the volume of click fraud affecting his business continued to escalate, and more and more of his connections in the digital advertising space were facing similar challenges.
“I believe if you're a truly data-driven marketer ... you should be able to audit and know everything about that click ... Anything less than that is what I call "blind statistical gambling," because you have absolutely no idea what you're buying and what's behind that click.
...I'm in this industry because I want to see an end to the common practice of blind statistical gambling … and because I believe ... transparency and accountability of every click is the least you deserve”
...I'm in this industry because I want to see an end to the common practice of blind statistical gambling … and because I believe ... transparency and accountability of every click is the least you deserve”
“The journey … started out with me being something I absolutely hate. And that is being a victim of click fraud”
Ralph Perrier, ClickGUARD CEO and co-founder
Even if you haven’t been following the rise of click fraud since 2004, you may have noticed click fraudsters making a splash in the news, like this 2016 Forbes article about a Russian click fraud ring running a bot farm and making $5M a day. And this is just the tip of the iceberg: according to a Statista forecast from 2019, costs related to digital advertising fraud worldwide are expected to “grow exponentially within the four years between 2018 and 2022, from 19 billion to 44 billion U.S. dollars.”
What is especially frustrating is that click fraud is rampant in the industry that was supposed to give marketers access to more accurate data than ever before.
Digital ad campaigns make it astonishingly easy to reach your online audience. They are reasonably easy to build, relatively affordable, and provide near-instant feedback. Moreover, they allow for:
What is especially frustrating is that click fraud is rampant in the industry that was supposed to give marketers access to more accurate data than ever before.
Digital ad campaigns make it astonishingly easy to reach your online audience. They are reasonably easy to build, relatively affordable, and provide near-instant feedback. Moreover, they allow for:
- integration with digital solutions that help track, edit, and monetize campaigns
- different delivery formats, from texts and banners to native advertising
- a variety of bidding models, including PPC, CPM, CPI, and others
- and, most importantly for data-driven marketers, instant access to quantifiable metrics
Integrations
Different formats
Variety of bidding models
Instant access to metrics
Unfortunately, the assumption that every ad click comes from a real person interested in buying your products or services is no longer valid. According to Barry Levine, "...sourced traffic — such as that from PPC or other ad campaigns — is three times as likely to result in fraud, as compared with non-sourced traffic."
While some maintain that “you shouldn’t care about fake clicks,” we don’t believe that losing money to fraudsters should be considered a cost of running online ads.
After developing a solution that helped him block click fraud attacks targeting his previous business, Ralph Perrier realized he could help other advertisers overcome the same challenge — and launched ClickGUARD in 2016. Since then, the ClickGUARD team has protected 65,000+ campaigns in over 107 countries from fraudulent clicks, saving over 32 million dollars in 2019 alone.
While some maintain that “you shouldn’t care about fake clicks,” we don’t believe that losing money to fraudsters should be considered a cost of running online ads.
After developing a solution that helped him block click fraud attacks targeting his previous business, Ralph Perrier realized he could help other advertisers overcome the same challenge — and launched ClickGUARD in 2016. Since then, the ClickGUARD team has protected 65,000+ campaigns in over 107 countries from fraudulent clicks, saving over 32 million dollars in 2019 alone.
Understanding click fraud
“Fraudulent clicks” and “invalid clicks” — what’s the difference (and does it really matter)?
Google combines unintentional clicks and fraudulent clicks under “invalid clicks.” Here are some examples of invalid clicks:
- Accidental clicks, for example, when someone double-clicks on an ad
- Clicks and impressions by automated tools or manual clicks intended to increase someone's advertising costs or stop their advertising
- Clicks and impressions by automated tools or manual clicks intended to increase profits for website owners hosting your ads
Out of the examples listed above, the latter two are examples of click fraud — an interaction between a user and a PPC ad with the goal of profiting from charges made to marketers.
Who’s behind fraudulent clicks?
Sometimes humans, not bots, are behind click fraud. The following sections describe the most common cases of small-scale click fraud attacks. In these cases, it’s usually not too hard to identify the bad actors, since they’re not likely to be very sophisticated — and can be identified by their behavior, IP address, or both.
Competitors manually clicking on your ads to sabotage your campaigns
Sometimes, especially in highly competitive industries, competitors resort to click fraud to get an edge on their rivals. By repeatedly clicking on competitors’ ads, they deplete a company’s PPC budget to prevent potential customers from seeing those ads.
The worst part is that it’s not all that difficult to commit this type of fraud: unless you’ve set up protections against such attacks, a pay-per-click ad will show until its daily budget runs out.
If this is the case, competitors can run through your ads very quickly, either by clicking on your ads repeatedly from a single device, or by hiring third parties to coordinate hundreds of clicks across multiple devices (we’ll discuss an example of a click-fraud-as-a-service attack later).
Sometimes it’s possible to identify competitor click fraud by tracking patterns within a particular niche. Here’s how our founder, Ralph Perrier, recalls his experience:
The worst part is that it’s not all that difficult to commit this type of fraud: unless you’ve set up protections against such attacks, a pay-per-click ad will show until its daily budget runs out.
If this is the case, competitors can run through your ads very quickly, either by clicking on your ads repeatedly from a single device, or by hiring third parties to coordinate hundreds of clicks across multiple devices (we’ll discuss an example of a click-fraud-as-a-service attack later).
Sometimes it’s possible to identify competitor click fraud by tracking patterns within a particular niche. Here’s how our founder, Ralph Perrier, recalls his experience:
When everybody else's budget would run out, there'd be one or two particular vendors that would advertise only during that period of time. As soon as everybody else replenishes their budget, they would bow out of the auctions again, and the fraudulent clicks would start again.
And then they started up again, as soon as everybody else's budget ran out.
There were some very nontechnical, but obvious patterns within the niche that clearly would point to you who was behind it all.
And then they started up again, as soon as everybody else's budget ran out.
There were some very nontechnical, but obvious patterns within the niche that clearly would point to you who was behind it all.
In simple scenarios where non tech-savvy competitors try to sabotage your campaigns, you can recognize competitor clicks by their IP addresses and block them.
Publishers manually boosting ad revenue (with a little help from their friends)
In some cases publishers may be trying to boost their revenue by clicking on ads themselves or profiting from their friends’ clicks (this is a very small-scale threat: if manual — and easily detectable — click fraud reaches high levels, it triggers account suspension on AdSense.
Disgruntled customers trying to get back at a business
Some disgruntled customers go beyond writing bad reviews online. Instead, they repeatedly click on the ads of a particular company.
Fortunately, this is fairly unlikely to happen. And, unless one of your unhappy customers happens to be tech-savvy, it is also easy to identify and stop due to the repetitive nature of clicks.
All told, compared to cybercriminals or click-fraud-as-a-service actors, solo click fraudsters are just a tiny part of the problem.
Fortunately, this is fairly unlikely to happen. And, unless one of your unhappy customers happens to be tech-savvy, it is also easy to identify and stop due to the repetitive nature of clicks.
All told, compared to cybercriminals or click-fraud-as-a-service actors, solo click fraudsters are just a tiny part of the problem.
Organized click fraud criminals
Cybercriminals use software to generate profit for their illegal enterprises, which can include click fraud. Below are some examples of how criminals can profit from fraudulent clicks — they are not mutually exclusive, and can overlap.
Criminals profiting from fraudulent bot clicks
Criminals often rely on bot traffic to generate profits at scale. According to this Invesp infographic, bots, or applications that perform automated tasks, account for 56% of website traffic. However, not all of those bots visit websites with malicious intent.
Good bots help monitor a website’s health, make sure it’s included in search engine results, and share its content via social media. Good crawlers check for broken links, capture SEO data, follow RSS feeds, and identify security vulnerabilities.
Bad bots engaging in click fraud are designed specifically to click on ads. One of the common signs of bot attacks are unusual peaks in clicks outside of the targeted geo-location. Another way bad actors avoid detection is by masking their physical location with VPNs and proxy services or simply "anonymizing" their IP address.
Over the years, they’ve become harder to spot. Sophisticated robots designed to mimic human behavior can spoof their device type, accept and remember cookies, simulate mouse movement, and even fill out forms. According to Michael Vizard, quoting Radware 2020 report findings, “well over half (58%) of the malicious bots tracked in February ... can now mimic human behavior.”
Bad bots engaging in click fraud are designed specifically to click on ads. One of the common signs of bot attacks are unusual peaks in clicks outside of the targeted geo-location. Another way bad actors avoid detection is by masking their physical location with VPNs and proxy services or simply "anonymizing" their IP address.
Over the years, they’ve become harder to spot. Sophisticated robots designed to mimic human behavior can spoof their device type, accept and remember cookies, simulate mouse movement, and even fill out forms. According to Michael Vizard, quoting Radware 2020 report findings, “well over half (58%) of the malicious bots tracked in February ... can now mimic human behavior.”
Cybercriminals creating harder-to-detect bot networks
One common practice among cybercriminals is infecting the computers of internet users with malware to create bot networks, or botnets to achieve various nefarious goals. Click fraud is one of them. We've previously written about one example, Redirector.Paco malware.
Unfortunately for advertisers, botnets can avoid detection more efficiently because the clicks they are programmed to perform will come from a range of regular machines with legitimate IP addresses. To detect botnets, you'll need to set up advanced visitor behavior tracking.
Unfortunately for advertisers, botnets can avoid detection more efficiently because the clicks they are programmed to perform will come from a range of regular machines with legitimate IP addresses. To detect botnets, you'll need to set up advanced visitor behavior tracking.
Bad actors joining advertising networks as shady publishers
In this case criminals profit from fraudulent clicks through websites specifically set up to host ads.
At first they bombard their newly created websites with huge amounts of bot-generated traffic. Once they have the required statistics, the criminals join ad networks as publishers and start profiting from false clicks.
In most cases, such websites are easy to identify by strange-sounding domains, low-effort or copy-pasted content, and an overabundance of ads.
At first they bombard their newly created websites with huge amounts of bot-generated traffic. Once they have the required statistics, the criminals join ad networks as publishers and start profiting from false clicks.
In most cases, such websites are easy to identify by strange-sounding domains, low-effort or copy-pasted content, and an overabundance of ads.
Click fraud as a service industry
Click-fraud-as-a-service can have many forms, from low-wage workers clicking on ads to boost publishers’ profits to distributed botnet attacks ordered by unscrupulous competitors.
Click farms — fake likes, fake followers, fake ad clicks
Click farms are located primarily in third-world countries where they employ low-wage workers to generate fake likes or followers on social media — or to click on ads.
Click farms may use a combination of humans and robots, but detecting human traffic is especially challenging, since it’s harder to distinguish click farm workers from good-faith users.
Click farms may use a combination of humans and robots, but detecting human traffic is especially challenging, since it’s harder to distinguish click farm workers from good-faith users.
Bots and crawlers for hire
While cybercriminals use botnets and bots to their own advantage, they also offer their services to interested parties, such as competitors ready
to gain an unfair advantage for their digital ads.
This is how Ralph Perrier, our founder, describes his experience of encountering a competitor’s automated click fraud attack in 2004:
to gain an unfair advantage for their digital ads.
This is how Ralph Perrier, our founder, describes his experience of encountering a competitor’s automated click fraud attack in 2004:
It just seemed very well coordinated that while my budget would run out immediately within minutes, other individuals would then start their campaigns.
The idea behind their actions was that once you completely drain someone's budget, that removes them from the auction. So that when you get online, you have less competition and you’re paying less per click, and there's less competition for customers to choose from.
I noticed that time spent on site was significantly less than usual: you'd get clicks and they'd spend less than two or three seconds on the website.
There was no way the clicks could have been human: we would pause our ads and then we would restart them at odd hours. And within a short period of time, the clicks would start again.
And the page didn't even load: there were headless browsers that wouldn’t even allow for the full page to load and bounce back and then click again.
A lot of those clicks were distributed through VPN and proxy networks, which means a lot of it had to have been automated.
The idea behind their actions was that once you completely drain someone's budget, that removes them from the auction. So that when you get online, you have less competition and you’re paying less per click, and there's less competition for customers to choose from.
I noticed that time spent on site was significantly less than usual: you'd get clicks and they'd spend less than two or three seconds on the website.
There was no way the clicks could have been human: we would pause our ads and then we would restart them at odd hours. And within a short period of time, the clicks would start again.
And the page didn't even load: there were headless browsers that wouldn’t even allow for the full page to load and bounce back and then click again.
A lot of those clicks were distributed through VPN and proxy networks, which means a lot of it had to have been automated.
Non-fraudulent clicks that affect ad performance
There are some cases when clicks are, strictly speaking, not malicious, but still hurt advertisers, because there is no intent to purchase the advertised product or service. At the same time, they are not accidental, since the users click on them to get to your website. Still, since these clicks do not result in a purchase, they will affect your ROAS.
Here are 3 examples of clicks that fall into this category:
- Clicks from users who are “just browsing,” but repeatedly click on the ads anyway, or lookie-loos
- Clicks from converted customers who click on ads to get to a brand’s website
- Clicks outside of selected geolocation
Lookie-loos
Lookie-loos will often conduct multiple web searches and click on an ad numerous times without ever making a purchase.
This may not be alarming for companies that bid on low cost-per-click campaigns, but advertisers running high cost-per-click campaigns will want to prevent lookie-loos from increasing their customer acquisition costs.
By tracking visitor behavior and conversions after an ad click you can distinguish good and bad traffic and exclude sources with low-quality interactions.
This may not be alarming for companies that bid on low cost-per-click campaigns, but advertisers running high cost-per-click campaigns will want to prevent lookie-loos from increasing their customer acquisition costs.
By tracking visitor behavior and conversions after an ad click you can distinguish good and bad traffic and exclude sources with low-quality interactions.
Converted customers
In this case, customers search for a particular brand by name and click on a brand ad to get to the website. Blocking ads after conversion might make sense to avoid incurring this type of expenses.
Clicks outside of selected geolocation
As we mentioned above, cybercriminals often use VPNs and proxies to mask their location.
In many cases proxies are used by regular people concerned about their online privacy or trying to bypass internet censorship in certain regions.
VPNs are often used to access region-restricted sites as well. In addition, they encrypt data and so are frequently used to hide browsing activity from third parties, such as when using public Wi-Fi.
Not all proxy or VPN clicks are fraudulent: if searches are varied and naturally distributed, then these are likely regular VPN or proxy server users.
However, regardless of user intention, most proxy clicks affect the accuracy of your ad campaign reports: with proxied IP addresses, generated ad impressions will be based on false location and network data. And, until Google’s geolocation capabilities improve, it might be worthwhile to look into additional methods of protection for your ads.
In many cases proxies are used by regular people concerned about their online privacy or trying to bypass internet censorship in certain regions.
VPNs are often used to access region-restricted sites as well. In addition, they encrypt data and so are frequently used to hide browsing activity from third parties, such as when using public Wi-Fi.
Not all proxy or VPN clicks are fraudulent: if searches are varied and naturally distributed, then these are likely regular VPN or proxy server users.
However, regardless of user intention, most proxy clicks affect the accuracy of your ad campaign reports: with proxied IP addresses, generated ad impressions will be based on false location and network data. And, until Google’s geolocation capabilities improve, it might be worthwhile to look into additional methods of protection for your ads.
Do you know which types of click fraud are affecting your PPC campaigns?
Find out where these clicks are coming from and how to stop them
Our data scientists can show you the exact breakdown of click sources for your ad account — in less than 24 hours
- Normal, invalid, suspicious, and fraudulent clicks
- Repeated clicks from the same IP address
- Display ad losses due to bad placements
If our data scientists are unavailable for a free audit within 24 hours after you sign up, we’ll offer you
an extended 14-day trial with full support from our specialists during trial and setup.
an extended 14-day trial with full support from our specialists during trial and setup.
The 2 factors that determine if your industry is at risk of being targeted by click fraudsters
The 2 parameters defining the likelihood that a particular industry will be affected by click fraud are:
- The amount of online traffic
- The cost-per-click of relevant keywords
According to this Bloomberg study from 2015, the following industries are at risk: finance, family, and food. These three industries encompass a wide variety of sub-industries, including:
- private consultants
- banks
- hotels
- restaurants
- bars
- hospitals
- food manufacturers
- spas
- healthcare clinics
- lenders
According to the same Bloomberg study, the three industries affected the least by click fraud are sports, science, and information. The reason is that most users that run queries on any of these 3 topics have little to no purchase intent. Moreover, entertainment and education as industries are extremely broad, making them hard to target.
Still, large events, seasonal fluctuations, or newsworthy scientific breakthroughs could change traffic patterns and make them more attractive to bad actors.
Still, large events, seasonal fluctuations, or newsworthy scientific breakthroughs could change traffic patterns and make them more attractive to bad actors.
3 ways click fraud affects your business beyond draining your ad budget
As if invalid clicks depleting your ad budget are not bad enough, fraudulent clicks make it almost impossible to tell how effective ad campaigns really are. Click fraud affects businesses in three additional ways:
- Distorted campaign metrics
- Low ROAS
- Wasted time and effort for internal teams
Running campaigns blind because of distorted campaign metrics
In some cases, false clicks can account for up to 90% of total registered interactions.
When significant amounts of clicks and overall traffic data come from invalid sources, performance metrics become essentially worthless.
Without knowing the source of each click, it’s easy to assume that a campaign failed because it didn’t have the right structure or budget. But very often ad campaigns fail because click fraud prevents them from reaching real customers.
When campaign optimization is based on guesswork or inaccurate data, marketers might end up spending time on tasks with little or no return. For example, they may decide to start optimizing high-traffic, low-performance campaigns in hopes of improving conversion rates, instead of solving the root problem — fraudulent clicks distorting campaign results.
When significant amounts of clicks and overall traffic data come from invalid sources, performance metrics become essentially worthless.
Without knowing the source of each click, it’s easy to assume that a campaign failed because it didn’t have the right structure or budget. But very often ad campaigns fail because click fraud prevents them from reaching real customers.
When campaign optimization is based on guesswork or inaccurate data, marketers might end up spending time on tasks with little or no return. For example, they may decide to start optimizing high-traffic, low-performance campaigns in hopes of improving conversion rates, instead of solving the root problem — fraudulent clicks distorting campaign results.
Ineffective campaigns with low ROAS
Just like unethical competitors or lookie-loos, robots will never make a real purchase. This means invalid clicks will increase the cost of each conversion and affect your ability to find leads online.
Without blocking robots, you’ll end up overpaying for the conversions you get — while missing additional chances to get in front of your real audience.
Without blocking robots, you’ll end up overpaying for the conversions you get — while missing additional chances to get in front of your real audience.
Wasted time and effort for internal teams
In addition to distorting your ad campaign metrics, fraudulent clicks can lead your team to focus on non-revenue generating activities.
For example, your sales team may end up pursuing bogus prospects acquired through click bot traffic designed to mimic user behavior by filling out lead forms.
For example, your sales team may end up pursuing bogus prospects acquired through click bot traffic designed to mimic user behavior by filling out lead forms.
Why is click fraud so hard to eliminate?
If you look at Google Trends data, you’ll see that searches related to click fraud were at their peak in June 2006:
“Adwords click fraud” was trending as far back as 2005:
And yet, despite the decrease in the number of searches, click fraud is far from gone: in her Martech Today column, Mary Wallace mentions that a study "conducted by ad The&Partnership, m/SIX and ad verification company Adloox estimates advertisers wasted $16.4 billion to fraudulent traffic and clicks in 2017.”
Looking ahead, Juniper Research experts estimate that advertisers’ losses are going to reach $100 billion by 2023 .
Looking ahead, Juniper Research experts estimate that advertisers’ losses are going to reach $100 billion by 2023 .
The often-overlooked conflict of interest at the heart of the digital advertising industry
One of the main reasons that digital marketers still encounter click fraud is that the incentives of advertisers and advertising networks are misaligned. As Jessica Niver wrote about the challenge of rooting out shady publishers in 2010 (over 10 years ago!) in “Sunshine, Rainbows and Fraud on the Content Network”
Clearly, more sites showing ads = more clicks = more money for Google. Therefore, they would like as many sites in their advertiser network as possible. To be fair, more money for Google should also mean more money for us, if we do a good job of making sure we’re matched to industry-relevant sites and know how to convert our traffic. But don’t forget there’s another player here - the middleman, whoever owns the site you’re advertising on.
This problem existed in 2010, and in 2020 it’s still unresolved. To quote Radware report findings on malicious bots, “many of the fake sites ... are also driving additional revenue by engaging in click fraud that defrauds advertising networks.”
Another issue is that Google occupies a unique position in the advertising industry: hands-down, it offers the easiest and the most effective way to get in front of potential buyers.
Another issue is that Google occupies a unique position in the advertising industry: hands-down, it offers the easiest and the most effective way to get in front of potential buyers.
As a result, advertisers are willing to accept a lot of inefficiencies, such as being unable to easily change ad default settings or adjust recommended locations, or only having access to incomplete information (the fact that Google Ads is an extremely complex platform doesn’t make matters easier). While regular PPC campaign analytics provide some insight into who’s behind the clicks, smart campaigns are completely closed to analysis, making it the digital advertising analogue of a slot machine — which, ironically, is the opposite of the industry promise.
In addition, recent developments show that the conflict between advertisers’ and ad networks’ interests is becoming more pronounced. Daniel Zrust sums it up in this June 2020 post : “while Google Ads can really make business succeed, the increased pressure to spend more is getting out hand and it’s going to be only worse because advertisers don’t have that many choices of advertising networks anyway.”
Does this sound too pessimistic?
This Seer Interactive article, “Google Ads Removes Search Terms for 28% of Paid Search Budgets”, was published only 3 months after Daniel Zrust’s post:
Does this sound too pessimistic?
This Seer Interactive article, “Google Ads Removes Search Terms for 28% of Paid Search Budgets”, was published only 3 months after Daniel Zrust’s post:
We’ve found $40MM+ of inefficient spend in mostly low-volume search terms over the past 3 years.
Seer mined 5.1 million data points across 30+ businesses running paid search campaigns and found 15% of budgets were spent on mostly hidden, low volume, search queries that weren’t driving an impact on their bottom-line (conversions).
With frequent changes in search algorithms and the way we search evolving daily — your Paid Search campaigns can often match your ads to search queries that don’t always make sense for your business goals.
These small (but frequent) matches result in tons of unintentional clicks from users trained to click through multiple results at the top of the SERPs.
That’s real money that can be reinvested into high ROI campaigns. That shouldn’t be a ‘cost of doing business’ with Google.
Seer mined 5.1 million data points across 30+ businesses running paid search campaigns and found 15% of budgets were spent on mostly hidden, low volume, search queries that weren’t driving an impact on their bottom-line (conversions).
With frequent changes in search algorithms and the way we search evolving daily — your Paid Search campaigns can often match your ads to search queries that don’t always make sense for your business goals.
These small (but frequent) matches result in tons of unintentional clicks from users trained to click through multiple results at the top of the SERPs.
That’s real money that can be reinvested into high ROI campaigns. That shouldn’t be a ‘cost of doing business’ with Google.
There is no doubt that PPC ads can help you achieve your business goals, but there are many systemic inefficiencies that decrease the effectiveness of your PPC ads and leave digital advertising open to click fraud risks.
Given how much fraudsters stand to gain by developing more and more sophisticated bots and new workarounds to stay ahead of the curve, it’s not likely that the advertising industry is going to get rid of fraudulent clicks overnight.
For one thing, investigation of complex cyber-crimes requires significant efforts and in-depth knowledge. To make matters worse, click fraud actors are notorious for setting up and running click fraud operations from abroad, which makes prosecuting them even harder. What’s more, in some countries the laws or regulating entities needed to stop fraudsters simply don’t exist yet.
Given how much fraudsters stand to gain by developing more and more sophisticated bots and new workarounds to stay ahead of the curve, it’s not likely that the advertising industry is going to get rid of fraudulent clicks overnight.
For one thing, investigation of complex cyber-crimes requires significant efforts and in-depth knowledge. To make matters worse, click fraud actors are notorious for setting up and running click fraud operations from abroad, which makes prosecuting them even harder. What’s more, in some countries the laws or regulating entities needed to stop fraudsters simply don’t exist yet.
Is it time to be done with PPC ads?
Industry estimates show that digital advertising is not likely to be replaced by other types of ads, click fraud or not: eMarketer’s 2020 forecast is that “display spending will increase by 5.3% to $179.39 billion … digital ad spending will grow 2.4% worldwide.”
We agree that digital advertising is not likely to be replaced by any other kind of advertising, especially given that for many businesses, e-commerce and digital advertising have become their lifeline to finding customers while sheltering in place.
As Margaret Hoffman, Paid Media Strategist at Brainlabs, says in her PPC Hero post “Click & Bot Fraud: The Spookiest Specters of PPC”: "even though it’s frightening to think about what creeps could be stealing your advertising dollars, it’s not a reason to stop PPC completely. ... Just like you wouldn’t close down your brick and mortar store for fear of shoplifting, you wouldn’t stop doing digital advertising."
Still, just as brick-and-mortar store owners put security measures in place to discourage shoplifting, digital advertisers can protect their budgets from fraudulent clicks.
We agree that digital advertising is not likely to be replaced by any other kind of advertising, especially given that for many businesses, e-commerce and digital advertising have become their lifeline to finding customers while sheltering in place.
As Margaret Hoffman, Paid Media Strategist at Brainlabs, says in her PPC Hero post “Click & Bot Fraud: The Spookiest Specters of PPC”: "even though it’s frightening to think about what creeps could be stealing your advertising dollars, it’s not a reason to stop PPC completely. ... Just like you wouldn’t close down your brick and mortar store for fear of shoplifting, you wouldn’t stop doing digital advertising."
Still, just as brick-and-mortar store owners put security measures in place to discourage shoplifting, digital advertisers can protect their budgets from fraudulent clicks.
What any business running digital ads can do to fight click fraud
There are many things any digital marketer can do to reduce the risk of becoming a victim of click fraud, from supporting fraud-fighting initiatives on the industry level to raising internal awareness of click fraud issues on the company level, and implementing a variety of tactics to minimize click fraud risk on the campaign level.
Industry level
Make use of industry initiatives to fight click fraud
Company level
Raise internal awareness of click fraud issues
Campaign level
Implement tactics to minimize click fraud risk
Make use of industry initiatives to eliminate click fraud
The Trustworthy Accountability Group (TAG) was created by the American Association of Advertising Agencies (4A’s), Association of National Advertisers (ANA), and Interactive Advertising Bureau (IAB) to “focus on four core areas: eliminating fraudulent digital advertising traffic, combating malware, fighting ad-supported Internet piracy to promote brand integrity, and promoting brand safety through greater transparency.”
TAG works towards establishing an all-around healthy and transparent marketing ecosystem.
Among other initiatives, TAG has developed Certified Against Fraud Guidelines that will start being enforced in January 2022. The TAG certification program was launched in 2016 “to combat invalid traffic in the digital advertising supply chain.” Its searchable database of certified agencies, tech providers, and publishers is available here.
In addition, TAG publishes benchmark reports on invalid clicks, regional snapshots, and best practices.
TAG works towards establishing an all-around healthy and transparent marketing ecosystem.
Among other initiatives, TAG has developed Certified Against Fraud Guidelines that will start being enforced in January 2022. The TAG certification program was launched in 2016 “to combat invalid traffic in the digital advertising supply chain.” Its searchable database of certified agencies, tech providers, and publishers is available here.
In addition, TAG publishes benchmark reports on invalid clicks, regional snapshots, and best practices.
Raise internal awareness of click fraud issues
“I've worked with various different industries, ranging from e-commerce, retail and manufacturing. And I have to admit that I too have fallen victim to click fraud.
Click fraud is a real problem. And the more I understand it, the bigger I believe it becomes.
I didn't know that click fraud existed until I became acutely aware of a malicious attack on one of my own campaigns … These attacks … opened my eyes to the fact that click fraud was an issue and I had to find out how to prevent it”
Click fraud is a real problem. And the more I understand it, the bigger I believe it becomes.
I didn't know that click fraud existed until I became acutely aware of a malicious attack on one of my own campaigns … These attacks … opened my eyes to the fact that click fraud was an issue and I had to find out how to prevent it”
"What I want to share with you is what I feel is the missing piece of this complex puzzle. I believe that piece is awareness."
Jason Pittock, PPC & SEO specialist, Content Team Lead at ClickGUARD
Despite the scale of click fraud and its effect on digital ad spend, this problem remains relatively obscure: according to the Google Trends charts above, it hasn’t been top-of-mind for marketers for quite some time.
Demonstrating how invalid clicks deplete your budget and skew your data is the first step in getting a go-ahead to fight the problem and develop effective strategies against them.
Here’s what digital marketers can do to increase internal click fraud awareness:
Demonstrating how invalid clicks deplete your budget and skew your data is the first step in getting a go-ahead to fight the problem and develop effective strategies against them.
Here’s what digital marketers can do to increase internal click fraud awareness:
Share information about internal marketing processes
Establish expectations for tracking digital advertising spend and ROAS
Include protection against fraudulent ad traffic in your information security plan
Establish roles, set expectations and budgets, and determine performance indicators for click fraud protection initiatives when developing your next business plan
Use the following tactics to fight click fraud — without any additional software spend
As a first step in stopping click fraud, any business running PPC ads can use the following tactics to protect their campaigns:
Run daytime campaigns
Block specific IPs and ISP network ranges
Implement micro-blacklisting or micro-whitelisting
Audit paid clicks to understand what you’re paying for
Run daytime campaigns (until you fully understand how to identify fraudulent click sources)
A study carried out by the ANA and White Ops suggests that a large portion of illegitimate traffic occurs outside of normal business hours, between midnight and 7 am.
You can diminish the risk of wasting your budget on fraudulent clicks by running daytime-only campaigns.
Of course, this solution is not ideal if your audience is online after midnight, but for many industries it is one of the easiest ways to significantly reduce instances of click fraud. And, once you learn how to identify legitimate traffic sources, you can set up a nighttime campaign with settings protecting it from invalid clicks.
You can diminish the risk of wasting your budget on fraudulent clicks by running daytime-only campaigns.
Of course, this solution is not ideal if your audience is online after midnight, but for many industries it is one of the easiest ways to significantly reduce instances of click fraud. And, once you learn how to identify legitimate traffic sources, you can set up a nighttime campaign with settings protecting it from invalid clicks.
Block specific IPs and ISP network ranges
It’s not uncommon for malicious sources to hijack specific ranges within an ISP network. A sudden influx of clicks from the same IP address or disproportionate amounts of ad traffic from a certain ISP can be a sign of suspicious activity.
You can easily find information about the associated IP addresses to block the ISP’s network range and avoid some of the fraudulent clicks. You can find all IP and IP range exclusions under campaign settings (left sidebar menu) and block up to 500 IP addresses or IP address ranges for each campaign in Google Ads.
Bear in mind that blocking ISP network ranges is risky: you can exclude some real people who might have become your buyers. But, if done right, blocking IPs and ISP ranges can save your campaign budget.
You can easily find information about the associated IP addresses to block the ISP’s network range and avoid some of the fraudulent clicks. You can find all IP and IP range exclusions under campaign settings (left sidebar menu) and block up to 500 IP addresses or IP address ranges for each campaign in Google Ads.
Bear in mind that blocking ISP network ranges is risky: you can exclude some real people who might have become your buyers. But, if done right, blocking IPs and ISP ranges can save your campaign budget.
Implement micro-blacklisting or micro-whitelisting
In very specific cases, different pages on a publishing platform may provide different types of traffic. Micro-blacklisting is the practice of excluding very specific URLs to block individual pages that don’t bring in any profitable traffic.
However, your ads could be gaining impressions from thousands of sites, and blacklisted domains may end up being replaced by just as many new fake sites.
Instead of excluding certain domains, you can make a list of several hundred domains that you trust and would like your ads to be placed on.
Domains can be managed in the placements settings on Google Ads.
According to Larry Kim, employing this strategy could reduce your fraudulent clicks in the Google Display Network by up to 90%. It does, however, require a lot of manual work.
However, your ads could be gaining impressions from thousands of sites, and blacklisted domains may end up being replaced by just as many new fake sites.
Instead of excluding certain domains, you can make a list of several hundred domains that you trust and would like your ads to be placed on.
Domains can be managed in the placements settings on Google Ads.
According to Larry Kim, employing this strategy could reduce your fraudulent clicks in the Google Display Network by up to 90%. It does, however, require a lot of manual work.
Know your industry and run regular paid click audits
Even though technological advances make it harder to do so, it remains possible to identify real users by their behavioral patterns.
Once you know what your buyer’s digital journey looks like, you can use this information to protect yourself from click fraud.
In other words, if you know the behavioral patterns of your buyers, you can learn to identify anomalies.
For example, if most of your customers fill out a form one week after being shown an initial ad, an influx of forms submitted by users who were shown the ad seconds before the form submission is likely to be a fraudulent attack.
Understanding the industry you are in and how exposed it is to click fraud can help build awareness around click fraud risk.
This information, in addition to regular paid clicks audits, can help you spot false traffic patterns and build an effective defense system for your marketing campaigns.
Once you know what your buyer’s digital journey looks like, you can use this information to protect yourself from click fraud.
In other words, if you know the behavioral patterns of your buyers, you can learn to identify anomalies.
For example, if most of your customers fill out a form one week after being shown an initial ad, an influx of forms submitted by users who were shown the ad seconds before the form submission is likely to be a fraudulent attack.
Understanding the industry you are in and how exposed it is to click fraud can help build awareness around click fraud risk.
This information, in addition to regular paid clicks audits, can help you spot false traffic patterns and build an effective defense system for your marketing campaigns.
Find out how much of your ad traffic consists of fraudulent clicks
Our data scientists can show you the exact breakdown of click sources for your ad account — in less than 24 hours
- Normal, invalid, suspicious, and fraudulent clicks
- Repeated clicks from the same IP address
- Display ad losses due to bad placements
If our data scientists are unavailable for a free audit within 24 hours after you sign up, we’ll offer you
an extended 14-day trial with full support from our specialists during trial and setup.
an extended 14-day trial with full support from our specialists during trial and setup.
What to do when you know you’re not catching every fraudulent click — or don’t have time to do it all
Implementing the tactics listed above will help you limit the impact of fraudulent clicks on your ad campaigns.
As a data-driven marketer, you might already be using some or most of them. The trouble is that even if you’re already analyzing click data, blacklisting or whitelisting specific domains, and logging IPs, sometimes you just don’t have access to all the data you need.
Moreover, hands-on tracking across dozens or hundreds of campaigns is too time- and effort-consuming to be an option.
If this is the case, using third-party protection tools is the answer.
As a data-driven marketer, you might already be using some or most of them. The trouble is that even if you’re already analyzing click data, blacklisting or whitelisting specific domains, and logging IPs, sometimes you just don’t have access to all the data you need.
Moreover, hands-on tracking across dozens or hundreds of campaigns is too time- and effort-consuming to be an option.
If this is the case, using third-party protection tools is the answer.
What can realistically be done to stop click fraud with third-party solutions
The unfortunate truth is that no solution can eliminate all invalid clicks once and for all.
Click fraud protection and prevention tools are by definition reactive, not proactive. When click fraudsters come up with new ways to rob advertisers, these tools need to play catch-up with those new approaches.
Still, third-party solutions can eliminate the majority of fraudulent clicks and impressions.
Click fraud protection and prevention tools are by definition reactive, not proactive. When click fraudsters come up with new ways to rob advertisers, these tools need to play catch-up with those new approaches.
Still, third-party solutions can eliminate the majority of fraudulent clicks and impressions.
Finding the right balance between blocking robots and shutting out real customers
Stopping a wide variety of click fraud actors and blocking worthless clicks is the primary goal for most digital advertisers looking for a third-party solution.
And if that solution can be implemented quickly, without too much work — all the better.
However, in cases when you let set-and-forget algorithms do all the heavy lifting, you can’t really see or control what they’re doing unless you have access to all the data and the insights the solutions provide — and can check that the algorithms are using the right data.
And if that solution can be implemented quickly, without too much work — all the better.
However, in cases when you let set-and-forget algorithms do all the heavy lifting, you can’t really see or control what they’re doing unless you have access to all the data and the insights the solutions provide — and can check that the algorithms are using the right data.
This is exactly the lack of transparency that we find so problematic in Google smart campaigns — or when defaulting to recommended settings for Google Ads. This black-box approach exposes you to additional risks: not blocking as many threats as you’d like, and excluding real buyers and losing out on their business because of the way your protection is set up.
To protect your ad campaigns from click fraud without excluding potential clients, you need to be able to see why, when, and until when a specific source of clicks was excluded.
To protect your ad campaigns from click fraud without excluding potential clients, you need to be able to see why, when, and until when a specific source of clicks was excluded.
The solution data-driven marketers use to block 80% of invalid clicks and take back control of their ad spend with real-time click protection and customizable rules for every need
Enter ClickGUARD. Our company was created because Ralph Perrier was driven by his desire to know exactly who was behind each ad click, the reason why the click happened, and what was happening after the click on his company’s website
This is why ClickGUARD is different from turnkey solutions in 3 key ways:
- Our users are fully in control of advanced configuration settings, such as rules and thresholds determining who gets to see their ads and when.
- In addition to protecting our clients from fraudulent clicks, we help them identify and block low-performing and generally wasteful traffic to optimize ad performance.
- Our clients have full access to click logs and user behavior data to adjust campaign rules and thresholds based on industry-specific user behavior.
“The single most valuable tool for anyone looking to stop click fraud and secure their marketing ROI is visitor behavior tracking ... You will benefit from this data-driven approach because you will stop low-performing traffic and optimize for growth.
As you're tracking … key metrics … you gain actionable insights into the traffic you're paying for ... you can easily discern between what is good and what is bad paid traffic as some prospects convert and some don't.”
As you're tracking … key metrics … you gain actionable insights into the traffic you're paying for ... you can easily discern between what is good and what is bad paid traffic as some prospects convert and some don't.”
“You're saving your budget from being spent on useless clicks … and opening up a path for good prospects to visit your site and convert”
Miloš Đekić, ClickGUARD CTO and co-founder
Each ClickGUARD feature plays a specific role in protecting your ad campaigns from fraudulent and wasteful clicks, from advanced rule templates and options to block click sources for all campaigns to extensive reports and tracking for post-click behavior. You can create a number of automated rules where you combine these metrics to detect low performing and non-converting ad clicks and block their sources from seeing or interacting with your ads.
The results speak for themselves: our customers report conversion rates increase by up to 27% in the first month, and a 17% to 41% decrease in CPA.
In our experience, many savvy digital marketers can eliminate at least 30% of fraudulent clicks without using any third-party solution. ClickGUARD’s optimization and blocking capabilities help them put a stop to 40% to 50% of the remaining fraudulent clicks, get their ads in front of real people, and make decisions based on accurate data.
The results speak for themselves: our customers report conversion rates increase by up to 27% in the first month, and a 17% to 41% decrease in CPA.
In our experience, many savvy digital marketers can eliminate at least 30% of fraudulent clicks without using any third-party solution. ClickGUARD’s optimization and blocking capabilities help them put a stop to 40% to 50% of the remaining fraudulent clicks, get their ads in front of real people, and make decisions based on accurate data.
ClickGUARD can guarantee blocking 80% of invalid clicks.
If you’re spending between $400,000 and $500,000 a month on PPC ads, and you can't account for about 10% of your ad spend each month, we could help you block 80% of those invalid clicks, saving you between $32,000 and $40,000.
These savings can be reinvested into running additional ads to reach more people, increasing your ROAS.
If you’re spending between $400,000 and $500,000 a month on PPC ads, and you can't account for about 10% of your ad spend each month, we could help you block 80% of those invalid clicks, saving you between $32,000 and $40,000.
These savings can be reinvested into running additional ads to reach more people, increasing your ROAS.
“I thought Clickguard would have just been another mediocre app advertising some features that only sounded good but would never really be what was advertised or promised. My perspective was most definitely changed after actually using the solution”
Dennis McCarson, Growth Manager
Dennis McCarson, Growth Manager
Finally find out exactly how much of your ad budget you’re losing to click fraud
Sign up for the audit today, and in less than 24 hours our data scientists will:
- Break down every click and show you the amount of normal, invalid, suspicious, and fraudulent clicks, including for display ads
- Walk you through the advanced tracking metrics, such as average time spent on site, interaction levels, average number of pages per visit, and bounce rate — and what they tell us about your PPC visitors
- Show you the number of repeated clicks coming from the same source based on IP forensics data
- Suggest how to stop click fraud by applying different types of rules in ClickGUARD
If our data scientists are unavailable for a free audit within 24 hours after you sign up, we’ll offer you
an extended 14-day trial with full support from our specialists during trial and setup.
an extended 14-day trial with full support from our specialists during trial and setup.
