What is click fraud? How to protect yourself from advertising fraud

Denis Kargl

Cybersecurity Content Specialist

Eine Roboterhand tippt auf einem MacBook

Click fraud refers to the generation of clicks on advertisements on the Internet with fraudulent or malicious intent.

The aim of the fraudsters is to generate additional advertising revenue for themselves or to put such a drain on competitors’ advertising budgets that their ads are significantly reduced in volume or no longer present at all.

Click fraud is thus primarily used to achieve competitive advantages by unfair means.

Click fraud is made possible above all by the pay-per-click (PPC) billing system, in which every click on a digital ad generates advertising revenues. Search engine advertising and display and banner advertising are billed almost exclusively using PPC.

Click fraud is also problematic for search engines and operators of large advertising networks – above all Google Ads and Bing Ads. It leads to lasting damage to the trust of advertising customers in the network. It also devalues campaigns, as it is no longer easy for advertisers to determine whether ads actually reach the intended target groups or are clicked with fraudulent intent.

Accordingly, fraudsters are strictly penalized for clicks. Advertisers and publishers who are suspected of click fraud must expect to be excluded from the advertising network.

Click fraud is one of the most common forms of ad fraud and is responsible for a large part of the $68 billion in annual damages.

Vektorgrafik - Sicht von oben auf einen Tisch, an dem ein Roboter sitzt, der auf einen Laptop blickt

Motives for Click Fraud

Motives for simulating clicks are either to cheat financial benefits or to gain competitive advantages.

When publishers engage in click fraud, their activities are usually aimed at increasing the number of clicks on display and advertising banners on their own website and thus their advertising revenues.

Likewise, click fraud may aim to drive up advertising prices for ads with certain keywords. Competitive advantages from click fraud arise in various dimensions:

  • Such an attack on competitors places a heavy burden on their advertising budgets, causing them to lose visibility. The goal of these fraud activities is to squeeze competitors out of ad space. In this context, setting daily budget limits – for example, for ad placements via Google Ads – is also important. If the competitor’s advertising budget is exhausted early by click attacks, it is possible to place one’s own ads in more prominent positions for the rest of the day.
  • Fraud clicks initiated on a publisher site can provoke the exclusion of the site from the advertising network, thus depriving the competitor of a source of revenue.

Other motives for click fraud are to artificially increase the reach of videos on portals such as YouTube or posts on social networks, which also results in higher visibility and advertising revenue.

The fraudulent manipulation of clicks can take place both through human activity or in automated form via bots.

Our internal data shows that 16 percent of all clicks on ads are fakes or invalid.

What are the different types of click fraud?

Click Fraud appears in various forms – below you will find an overview. The different types of click fraud can overlap. Their use depends on the person performing the fraudulent activity.

Manual clicks

Manual clicks are generated by click fraudsters by personally clicking on advertisements or involving other people from their environment – family members, friends, or employees – in these activities.

The manipulation effects of manual clicks are small. They are used to attacking competitors by exhausting their advertising budgets or to increase the advertising revenue of their own website.

Click farms

Click farms also provide click fraudsters with manual clicks. In this case, the manipulation of the ads is outsourced to external – usually extremely poorly paid – subcontractors.

Click farms operate in a legal gray area and are often located in developing or emerging countries. They can cause considerable damage by generating masses of fraudulent clicks. Their purpose is to underlay click fraud with human behavior. The activities of the so-called clickworkers are meant to be perceived as human users in the analytics data on the websites they work on.

Click farms are also often tasked with simulating higher reach of social media pages through clicks or paid likes.

In some cases, click farms also operate extensive networks with their own websites in order to siphon off advertising revenue for themselves through click manipulation.

A detailed description of how click farms work can be found in our article: What is a click farm?

Pay-to-click websites

Pay-to-click websites are a development of click farms. They differ from these in that anyone can register as a clickworker on the website and receive a certain, small amount of money for every 1,000 clicks.

Ad Stacking

In ad stacking, several ads are placed on top of each other in a single ad placement. Only the top ad is visible to the user, but a click or impression is counted for each ad in the stack. Advertisers thus have to pay even for ads that were never visible to the user.

Ad stacking is one of the most common forms of click fraud. In addition, correct activities of Internet users are exploited here for fraudulent purposes.

Incentivized traffic

Incentivized traffic is generated by websites by providing incentives to users who are not interested in viewing advertisements. Examples include mobile games that offer players rewards for viewing ads.

Some advertisers exclude incentivized traffic as part of reputable collaborations.


Bots are software that automatically executes certain behavior patterns. The manipulative clicking of advertisements by bots takes place in a fully automated manner. This eliminates the need for human clickworkers.

Bots and botnets are the most common form of click fraud.


Botnets occur when the security of a network of computers, smartphones or IoT devices has been breached and control of the devices has been taken over by a third party that uses the network to carry out malicious attacks and other illegal activities.

To form such a network, bots designed for the purpose are launched onto individual devices – usually using malware or in the form of fake, low-quality apps. Users typically do not notice the infection of their computer or smartphone.

From a technical perspective, a botnet is a distributed computing network – the devices active within it act independently of each other. Digitally mediated communication between them is usually not required for the execution of manipulative clicks. The botnet operator controls the network.

Vektorgrafik, die 4 Räuber zeigt und Geldscheine fliegen in der Luft

What goals do fraudsters pursue with click fraud?

With manipulative clicks, fraudsters mainly pursue the following three goals:

  • They want to harm their competitors and at the same time present their own ads more prominently in Google Ads and other advertising networks.
  • As webmasters, they want to enrich themselves through the click fraud.
  • Dissatisfied customers or former employees want to deliberately harm a company. Here, loss of reputation or exclusion of the company from advertising cooperations are also significant if the click fraud becomes known.
Latest Whitepaper
Whitepaper - BFCM 2023 - EN Cover
The Impact of Bots on the End-Of-Year Business of E-commerce Companies

Learn everything about the specific challenges companies face from bots during Black Friday and Cyber Monday (BFCM) and the end-of-year shopping season, the resulting impact, and approaches to counteract these threats.

Subscribe to our newsletter
Share this article

How can click fraud be detected?

Click fraud is indicated by various indicators. Bots in particular stand out here due to rigid behavior patterns that are also reflected in analytics data. These include – in combination with other key figures – for example:

  • Unusual user locations
  • Recurring clicks from the same IP address
  • High click-through rates without conversions
  • High bounce rates on landing pages

For manual diagnosis of bot attacks, we have written down a comprehensive overview of such indicators in the following article: How to Detect Invalid Traffic Using Your Own Analytics Data

However, manual evaluation is associated with various disadvantages. With limited reliability, it is also time-consuming and costly. In addition, such analysis can basically only be done reactively – the advertising budget has already been siphoned off at this point.

For these reasons, it is advisable to use software to detect click fraud. This makes it possible to detect and block manipulative clicks automatically and in real time.

How can click fraud be prevented?

Click fraud can be prevented or stopped using various methods:

Ongoing analysis and monitoring

Continuous and ideally software-supported monitoring of relevant metrics that can provide indications of fraudulent activities. In addition to high bounce rates, short session durations and unusual traffic patterns, important indicators for this are, for example, anomalies in campaign reports or abnormal data consistencies affecting various metrics.

Exclusion of certain IP addresses in ad networks

This measure is based, among other things, on the fact that fraudulent attacks by clickworkers often come from outside Europe. However, fraudsters often use proxy and VPN servers to disguise their actual location or work with rotating IP addresses.

This approach makes sense, for example, if an IP address has caused several clicks on campaign URLs within a short period of time. We have covered how to block an IP address in Google Ads in the following article: How to block an IP address in Google Ads

However, to detect fraudulent IP addresses, permanent monitoring of traffic to ads is necessary, which is almost impossible to do on a manual basis.

Advertising cooperation with reputable partners

This item includes advertising networks as well as affiliate sites. Reputable advertising networks require publishers to go through an acceptance process, including a manual check. In principle, advertising should only be placed on websites that have undergone such a check and are included in an allow list.

Large networks such as Google or Facebook have their own filtering algorithms to detect invalid clicks, but they do not achieve completeness.

Software against Click Fraud

Software like fraud0 helps to track down click fraud and combat it effectively. The reaction to false clicks takes place in real time – invalid and potentially fraudulent clicks are blocked directly. Thus, the software effectively helps to protect one’s advertising budget.

Vektorgrafik, die einen Roboter am Tisch sitzen vor einem Laptop zeigt.

Damage caused by click fraud in companies

The fraudulent manipulation of clicks causes damage in companies with varying effects. The economic consequences of fraud should not be underestimated. Estimates put the global damage value at 68 billion US dollars annually – with a strong upward trend.

Direct damage caused by manipulated clicks relates in particular to the waste of advertising budgets and the contamination of analytics data.

There is also indirect damage. An incorrect data basis can lead to incorrect decisions on important issues – in extreme cases, click fraud can even threaten the very existence of a company.

At the operational level, for example, contaminated retargeting lists are of importance, through which advertising budgets are wasted downstream.

Overall, manipulated clicks and the invalid traffic they generate are a financial, strategic and operational problem for companies. Detailed impact of Invalid Traffic can be found here: The Impact of Invalid Traffic on Your Marketing

Is click fraud illegal?

Manipulating clicks for fraudulent purposes is illegal and falls under the category of financial crime. Through advertising networks such as Google Ads, ad fraud is strictly punished. If fraudulent activities can be proven, exclusion from the advertising network follows.

Under criminal law, click fraud is not yet an explicit offense. In principle, however, prosecution for unfair competition is possible – provided the identity of the fraudsters can be determined and they are within the reach of the judiciary.

Conclusion: Click fraud is a serious problem

Fraudsters use manipulated clicks for a variety of reasons. Basically, the fraudsters want to gain financial advantages or improve their competitive position.

For the victims, ad fraud has direct financial consequences – in particular, advertising budgets are wasted. In addition, affected companies suffer indirect damage due to contaminated data, which can lead to wrong strategic decisions as well as operational problems including additional costs.

With manual evaluations, the various forms of ad fraud are usually difficult to detect and, above all, cannot be effectively controlled. Advertising budgets can only be effectively protected by using software – which must be able to detect and prevent click fraud in real time.

With fraud0, we have developed such a program. Our software reliably protects your ads from unwanted traffic and from fraud attacks – in all channels you use for advertising.

Sign up for a free 7-day trial and see for yourself.

Frequently asked questions about click fraud

What is click fraud?

Click fraud refers to the generation of clicks on advertisements on the Internet with fraudulent or malicious intent.

The aim of the fraudsters is to generate additional advertising revenue for themselves or to use up competitors’ advertising budgets through the attacks. Click fraud is thus primarily used to achieve competitive advantages by unfair means.

How can click fraud be detected?

In some cases, click fraud is very obvious – for example, when advertisers receive an above-average invoice for their advertising spend that is not justified by qualified traffic.

However, as a rule, detecting click fraud requires a detailed evaluation of relevant metrics based on various indicators. Optimally, traffic to ads should be monitored by software capable of detecting click fraud in real time.

Software such as fraud0 is also clearly superior to manual analyses when it comes to evaluating analytics data. In addition, the use of software makes it possible to directly prevent fraud attacks.

How is click fraud perpetrated?

Click fraud is perpetrated in various forms. Manual clicks left by fraudsters on a target page are not very efficient. Much greater damage is caused by fraud attacks through click farms, pay-to-click websites and, in particular, automated attacks by bots or botnets.

Ad stacking and incentivized traffic can also be attributed to click fraud.

What goals do fraudsters pursue with click fraud?

Basically, fraudsters want to gain advantages for themselves or their company through click fraud. This may involve financial advantages through additional advertising revenue or harming competitors.

Other goals of click fraud consist of reach manipulation of videos and social media posts.

Why is click fraud so widespread?

The anonymity and technical possibilities of the Internet are very conducive to the practice of click fraud. In addition, the fraudsters are organized worldwide – for example, click farms are often located in developing or emerging countries.

Bots and botnets, as the most common forms of click fraud, attack ads and campaigns on a fully automated basis and can achieve very high reach.

Another factor affecting the spread of click fraud is that it is not yet an explicit criminal offense and the fraudsters often cannot be identified.

How can click fraud be prevented?

Possible measures to prevent click fraud include continuously monitoring ad campaign traffic and looking for suspicious indicators, blocking certain IP addresses, and working with reputable advertising partners.

However, the most effective way to prevent click fraud is through software like fraud0, which identifies and blocks fraudulent attacks on ads and campaigns in real time.

Share this article
How much of your marketing is wasted on fake traffic?
1%, 4%, 36%?
Try fraud0 7 days for free and find out. No credit card required.
4.9 out of 5 stars
Want a tour of fraud0?
Try fraud0 for 7 days
No credit card required.

Already have an account? Log in