A key feature of fraudulent online traffic is that it is often routed through either a virtual private network (VPN), or a proxy server. That’s not to say all traffic from VPNs or proxies is click fraud. But most click fraud can be traced through these gateways.

For the uninitiated, click fraud is the practice of non-genuine traffic clicking on your Google Ads and other PPC campaigns. This non-genuine traffic is also referred to as invalid traffic, which includes bots, click farms and even your business competitors clicking on ads to waste your ad spend.

One of the main techniques used to fool the ad platforms is the use of VPNs and proxy servers to hide the fraudulent IP address, allowing the fraud to continue.

VPN click fraud is a common problem that we see here at ClickCease. So we want to share how VPN and proxy servers can be used to hide traffic and how it works.

Proxy Servers

They hide your IP, but you are still not invisible…

“A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services. A client connects to the proxy server, then requests a connection, file, or other resource available on a different server. The proxy provides the resource either by connecting to the specified server or by serving it from a cache. In some cases, the proxy may alter the client’s request or the server’s response for various purposes.”

How does a proxy server work?

Simply put, a proxy server is a computer that is used as a form of middle man. By routing your traffic though a proxy server, you are masking your internet activities in a way that they appear to be originating from somewhere else.

However, in most cases proxy servers do not strip your internet transmissions of identifiable information- meaning, there is no additional privacy or security considerations built into it.

Furthermore, proxies are configured on an application by application basis and not computer-wide. This means only one application at a time (your web browser or your BitTorrent client for example) can be configured for use with a proxy server.

This configuration is great when you want to perform a low-stake task such as reaching a simple region-restricted content (Youtube/Netflix anyone?) or bypassing IP-based restrictions on services. It’s also a popular method for click fraud operators to hide their location as the fraudulent device is mostly only using one application.

A proxy server can help you access certain websites which might be restricted but is also used by fraudsters

There are three general tiers of proxies available today:

  • Transparent proxy (level 3)
  • Anonymous proxy (level 2)
  • Elite or high level proxy (level 1)

Their names explain roughly how they work.

Transparent proxy

This proxy doesn’t hide the IP address of the original device, but will present its own IP address as the source.

Anonymous proxy

Although the anonymous proxy presents a false IP address, it still presents itself as a proxy server.

Elite proxy

By removing any reference to being a proxy server the elite or high level proxy server offers the highest level of anonymity.

Private and shared proxy servers

As well as these 3 tiers of proxy server, proxy users can also choose either a private or shared proxy service. Some are totally free, for example the TOR browser which uses a network of computers around the world to enable users to remain anonymous. However professional proxy users, especially those performing ad fraud or click fraud, will most likely use a dedicated private proxy.

These private proxy servers are often based in data centers, such as AWS (Amazon Web Services).

And setting up a private proxy server to use for your click fraud campaign is actually very easy.

Virtual Private Networks (VPNs)

Your connection is encrypted and you become much harder to track and identify…

VPNs, in a similar fashion to proxies, make your internet activity appear as if it is originating from a far away location. But that’s where the similarities pretty much end.

First off, unlike proxies, VPNs are configured to be set up at device level. Moreover, the VPN connection uses the full network connection of the device it is configured on.

Also, the connection between the user’s device to the VPN server is done via a heavily encrypted tunnel. That is why VPNs are considered superior when it comes down to performing high-stakes tasks, where privacy or higher security is a concern. And this is also why VPN click fraud is a common method.

An example of how VPN traffic works

But, running a VPN is not without its downsides.

While you might be increasing your anonymity rate substantially through whole connection encryption, your computing power will pay the price. Running this type of service requires good hardware to be able to sustain the strain on your processing power and bandwidth from the VPN network. Furthermore, good VPN services are usually not free and you might be required to pay a certain monthly sum for these services.

How does click fraud use VPNs?

Nowadays, whenever an IP address is blocked in the Google Adwords or Bing ads platforms, the advertiser’s ads become invisible to the attacker. This results in the attacker being unable to click on the advertiser’s ads any longer.

However, by employing a proxy server or by using a VPN, the attacker can rapidly change IP addresses regularly and click on the advertiser’s ads again and again. This is VPN click fraud.

Organised ad fraud or click fraud operators will use a high level proxy server or VPN to hide their identity and perform their fraud. And because these fraudulent operations are often organized and use multiple devices, switching IP addresses is instrumental in performing this level and volume of fraud.

Other forms of click fraud, including traffic bots for hire, also use VPNs to hide their location and device.

How does ClickCease combat VPN click fraud?

Anonymity poses a considerable challenge when it comes to combating this type of fraud. And the issue for the major ad platforms is that they will mostly focus on blocking IP addresses as a way to stop click fraud. This has been shown to be largely ineffective because, as we’ve seen, IP addresses can easily be switched by click farms or botnet operators.

However, here at ClickCease we have developed several solutions to deal with proxy servers and VPNs.

We have accumulated and compiled a large amount of data regarding known repeating offenders into blacklists which we use as the first tier of protection against fraudsters who use proxy servers and VPNs.

Secondly, alongside these blacklists, we allow our clients to determine their click threshold which refers to the maximum amount of clicks they would allow any one IP address to be able to click on their ads before they are automatically blocked by our system.

Thirdly, we have devised a tool that allows our system to tag each individual device used by any IP addresses with a specific and unique ID. This means that even though the fraudster that’s assaulting your ads might be trying to hide his IP address by constantly changing it, we are still able to identify that it is indeed the same attacker using the same device.

Once we have identified his device as one that is used for fraudulent activity, we are able to block any new IP he uses on its first click.

Find out more about click fraud in our guide

Is click fraud a problem for you?

If you run PPC ads there is a very high chance that your campaigns are affected to some extent by VPN click fraud. In fact, 90% of Google Ads campaigns are affected by invalid traffic of some kind.

The average Google Ads campaign actually sees a click fraud rate around 14%, although for competitive industries this can run as high as 70%!

So is click fraud affecting your Google Ads? Well, the best way to find out is to run a traffic audit to see exactly who, or what is clicking your paid ads.

Sign up for your FREE 7 day trial of ClickCease to perform your own traffic audit, and to find out if VPN or proxy based click fraud impacts your campaigns.