Advertising click fraud has grown from a niche concern to a billion-dollar problem. The issue of fake traffic clicking on paid links has been shown to waste upwards of $61 billion of advertisers’ budgets in 2022. 

This fake traffic comes in two main flavors – general invalid traffic, or GIVT, and sophisticated invalid traffic, or SIVT.

But how much of your invalid traffic is malicious and intentional, and how much is a harmless consequence of advertising online? And more importantly, what can you do about SIVT and GIVT?  

What is General Invalid Traffic (GIVT)?

General invalid traffic is a mostly benign form of bot activity. These are bots so they will interact with your site without converting, but they are not usually intended to be fraudulent traffic. 

Most GIVT is from useful bots such as search engine crawlers, data centers, and proxy traffic from VPNs. General invalid traffic is easy to detect and doesn’t try to imitate human behavior or mask its activities.

GIVT rarely generates any form of fraud, as it is mostly quite transparent in its activity. In fact, GIVT can even be helpful – for example, search engine crawlers help make web pages available to searchers, or bots can collect data for your research.

However, general invalid traffic can also have a negative impact if not properly monitored. A good example is when you don’t adequately differentiate between traffic from real users and GIVT traffic.

You may believe that the uptick in traffic is due to SEO and other strategies, and base a chain of other critical decisions on that skewed data

general invalid traffic givt can be useful activity and is often from benign sources

What is Sophisticated Invalid Traffic (SIVT)?

Sophisticated invalid traffic (SIVT), as the name suggests, is a form of fake traffic designed to mimic the activity of real human users. SIVT will likely use various processes to dodge detection and is used for various fraudulent applications online, especially for organized ad fraud.

Most often SIVT is used to generate revenue through invalid traffic on ads and publishing platforms. Fraudulent developers are often quick to use new technology or processes to improve their chances of success, which might mean targeting CTV (connected TV) ads or hijacking a trend to create a spoofed website or app.

As a result, this kind of invalid traffic is much harder to detect. For the ad platforms, this often means that their attempts to block fraud are many steps behind the sophisticated fraudsters. And for marketers, this also means they need to be aware of the changes and challenges associated with the use of SIVT. 

SIVT is undoubtedly fraudulent traffic – the kind you need to worry about – and detecting and keeping it away from your website requires advanced analytics, multipoint coordination, and a great deal of intervention from real humans.

Find out more about invalid traffic in our guide.

the most damaging types of invalid traffic come from bad bot traffic

Types of sophisticated invalid traffic

Some sophisticated invalid traffic comes from bots and spiders, the typically automated actors on the internet. But other forms of SIVT originate from hijacked devices and user sessions, adware and malware, and even manipulation and falsification of device or location data.

Bots and spiders

As mentioned above, these automated scripts are often used for genuine and useful activities such as collating search results. But they can also be used to generate fake traffic and perform a wide variety of fraudulent actions, from spam to brute force account access. 

Hijacked devices and malware

These are also run by scripts, but because they began as real user activity, they are much harder to detect. An example of this is when a genuine device has malware-infected software such as an app or browser extension and is then used remotely by the fraudster to perform a fraudulent activity. This almost always happens without the device user’s knowledge or consent. 

Manipulation and falsification of location or device data

This is done when fraudsters are trying to gain access to a website from blacklisted locations or devices. By changing the device ID (user agent, or UA string) a device can be used to bypass some security measures. As an example, if a data server presents itself as an iPhone based in the USA, it can load web pages that host ads and then perform fraudulent ad impressions or clicks. 

Find out more about how user agent spoofing works.

Invalid proxy traffic

Here, Virtual Private Networks (VPNs) or proxy servers are used to hide activity and propagate fraudulent proxy traffic. VPNs are often used by genuine users, and not all VPN activity is fraudulent. But more often than not, sophisticated invalid traffic will cover its tracks by using a VPN or proxy.

Read more about VPNs and click fraud.

Incentivized traffic

Incentivized traffic is technically valid traffic but doesn’t lead to any conversions. Real users are incentivized to visit a website for rewards other than what’s advertised on the website, so they will probably never convert. Although in some cases, such as view-to-earn ads, this incentivized traffic can be genuine, there are other methods that pay people to view ads without the advertisers’ knowledge.  

Paid-to-click websites (PTC sites) have become a popular way for some people to earn a few dollars a day. However, many of them are totally fraudulent, not just duping the advertisers but also scamming their own users by not paying them the money earned. 

Check out our article about scam PTC sites.

Domain laundering or website spoofing

This tactic is pretty simple. A low-authority domain is disguised as another more desirable one and then charges higher fees (CPMs and flat advertising fees) based on the misrepresented authority. 

How to detect sophisticated invalid traffic (SIVT)

Detecting and stopping SIVT will often require advanced analytics, complex traffic detection solutions, and many other strategies.

To help you understand how to spot sophisticated invalid traffic, keep an eye out for these tell-tale signs:

Pay attention to your web traffic data

If you pay close attention, some SIVT could be spotted right away, and it begins with understanding what typical site traffic looks like. How many visitors do you get per week, and from which sources?

If you start to see underperforming ads send a large number of visitors to a landing page, that could be a dead giveaway. Another obvious point is finding IP addresses that click multiple times on the same ad or on different unrelated ones.

Any unusual traffic-related activity is usually a great place to start searching for SIVT.

Inspect packet headers

Packet headers can help you uncover a great percentage of SIVT. They can reveal information about the activity of the specific IP, and because many fraudsters won’t go through the trouble of obfuscating data at this level, it’s a great place to look.

Check for multiple device details on packets from the same IP address because this usually means a proxy server. While it might be harmless, it could also indicate a deeper problem.

Another dead giveaway is open-source operating systems like Linux because these are widely favored by cybercriminals online to generate fake traffic.

Mobile devices that use browser extensions are another red flag. Most users don’t need extensions for their mobile browsers unless, of course, they’re trying to disguise the device.

Track your ad placements

It’s easy to set up your ads with google and forget about it, but that’s how businesses fall victim to SIVT. There are thousands of websites out there that are signed up as publishing platforms but exist solely to generate fraudulent ad revenue from your ad campaigns.

These may look like great choices on the surface – they drive lots of traffic to your site and may even look like they have great domain authority – but you’ll quickly find that the traffic has horrible conversions as you watch your ad spend skyrocket.

It’s worth it to review where your ads are placed and where your traffic is coming from so you can be on top of the sophisticated invalid traffic. When you have this traffic identified as fraudulent, it’s also a good idea to report the sources to Google.

How to block Sophisticated Invalid Traffic (SIVT)

Although most ad platforms do provide some measure of fraud filtering, this normally only cuts out the most obvious or general invalid traffic. Web scrapers, basic bots, and other forms of less sophisticated traffic are often blocked, although not in real-time.

For example with Google, traffic that is picked up as fake or non-genuine is often refunded automatically. But it can take hours or even days for this traffic to be spotted, blocked, and refunded to the advertiser.

Using a click fraud prevention tool such as ClickCease allows you to proactively block most forms of sophisticated invalid traffic on your PPC ads. 

ClickCease filters out fraudulent devices, bots and suspicious activity using a blacklist that is updated constantly. By blocking fraud in real time, advertisers can rest easy that they don’t need to constantly track their ad clicks to see if they’re losing money.

In fact, ClickCease offers the industry leading click fraud prevention tool, and blocks SIVT on Google Ads, Facebook Ads and Bing Ads.

If you run any form of PPC campaign on these platforms, run a free traffic audit with our 7 day trial.

Sign up for a FREE 7 day trial today and see who is really clicking your ads.