If you’re using Pay Per Click (PPC) advertising, or paying by ad impressions, have you ever wondered how many of these clicks are seen by real humans? Perhaps you’ve heard of click fraud, and you’re curious: What is click fraud, and how does it work?

In this guide, we will take an in-depth look at the growth of digital marketing. We’ll explain what is click fraud in cyber security  – who it affects, and what you can do to stop it.


Hand Pressing Button Pop Art
Chapter One
Why Click Fraud Matters

Chapter Two
The History Of PPC

Chapter Three
How Click Fraud Works

Chapter Four
Infamous Click Fraud Cases
banning ip due to click fraud
Chapter Five
Preventing Invalid Clicks
ClickCease detects click fraud like Sherlock Holmes
Chapter Six
The Best Way To Block Fraud
Click Fraud: What Is It & Why Does It Matter?

Click Fraud: What Is It & Why Does It Matter?

Digital marketing, and pay-per-click ads, in particular, have become the go-to methods of advertising for most businesses. Everyone from small business owners to global corporations can take advantage of this access to a huge market online. 

With over 4 billion people in the world connected to the internet on a daily basis, and nearly 2 billion of those buying something online each year, a well-targeted PPC campaign is the difference between sinking and swimming. Add in the fact that there are 9 billion searches on Google every day, and you’ll understand how big a deal pay-per-click advertising is. With this huge volume of traffic, and money, comes an obvious target for fraud. And click fraud has now come to be the most costly form of fraud committed each year. Just as a result of ad fraud (the most common form of click fraud), businesses are losing $100 billion globally in online advertising, surpassing credit card fraud at $30 billion. 

What is click fraud?

Click fraud is the act of clicking on online content, including organic or paid ads online, with malicious or vindictive intent. For instance, it could take place on a display ad or a sponsored search result, on links you publish on your social media accounts, or rake clicks across your website.

This can be to deplete the advertisers’ marketing budget, damage the performance or reach of the ad, or even steal the cost of that click for yourself (a practice known as ad fraud).

When it comes to click fraud on organic content – like fake clicks on your social media posts or generating fake website traffic – fraudsters may aim to gain a competitive advantage, overwhelm your website, or hurt your online efforts by injecting fake data into your analytics. 

We will look more in-depth at the sources and motives for click fraud later in this article. But suffice it to say, there is a huge industry that has grown around defrauding programmatic ads and advertisers.

From paid-to-click apps (PTC apps), to click farms, generating large volumes of fake clicks is easier than ever.In fact, the issue of click farms is widely reported, with many of them selling their services to inflate likes and followers on social media. But this same technique can also be used for criminal gain, with millions of dollars at stake for enterprising gangs who know how to make click fraud pay using complex technological solutions and malware.

What is ad fraud?

The practice of ad fraud is an organised form of click fraud. Ad fraud is often used to fraudulently inflate the payout for website publishers, mobile app developers, or on social posts or videos.

Often when referring to click fraud, people use the term ad fraud interchangeably. However, where click fraud can be either accidental (for example from bad ad placement) or malicious; for example, rivals aiming to deplete your marketing budget; ad fraud is usually intended to line the pockets of the fraudster.

Is click fraud really that big a problem? 

The actual rates of fraud vary based on:

  • Your industry
  • Geographic location
  • Time of year

Our research paper found that the average rate of click fraud across the campaigns we protect here at ClickCease is 14%

However, there is a huge variation of fraudulent ad clicks within that, depending on the industry. For example, the industries with the highest volume of fraud were found to be:

  • Photography – 65%
  • Pest Control – 62%
  • Locksmith – 53%
  • Plumbing – 46%
  • Waste Removal – 44%

Other notable industries subject to high levels of click fraud include real estate (31%), financial services (20%), and legal and law services (14%).

The truth is, click fraud affects almost every industry, with 90% of all campaigns on Google Ads being impacted in some capacity.

In this guide we’ll be taking an in-depth look at the world of marketing, what click fraud is, and how it can cause you a real headache.

And more importantly, we’ll show you how you can fight back and prevent click fraud on your online marketing operations.

two local service providers dressed up as cosmonauts punch each other depicting click fraud on each others google ads campaigns.
Robot contemplating the history of pay per click

A Brief History of PPC

Where were you on the 6th of August 1991? Well, you may or may not have even been born, but that’s the day the World Wide Web ran its first web page.

Tim Berners Lee, a British computer scientist who had been working at CERN in Switzerland, proposed that by networking computers via phone connections, we could share data around the world.

Image of the first web page released to the world wide web in 1991

First web page released to the world wide web that was released in 1991 by Time Berners Lee

It took a few years for it to catch on, with browsers becoming available for the Commodore Amiga, Unix, Windows, and Mac OS in 1993.

Does anyone remember Netscape?

The birth of online advertising

But it was in 1994 that much of the online activity that you might recognize today started to happen. With around 11 million American households equipped to get online, we saw the White House launch a web presence; the first online purchase – a pepperoni pizza from Pizza Hut; the launch of Yahoo! – which was the Google of its day; the first piece of spam mail and… The first-ever online banner ad.

American telecoms company AT&T paid $30,000 to the website HotWired.com (now Wired.com) to place an HTML banner ad on their homepage. The incredibly simple design said:

“Have you ever clicked your mouse right here?” with an arrow pointing to a separate piece of text saying: “You Will.”

The world's first ever display ad banner

Once they clicked on the banner, users were taken to a landing page that took them on a tour of the world’s greatest museums. So it wasn’t even a blatant sales campaign but was designed to encourage engagement and build AT&T as an information brand. An early form of content marketing…

That banner had a 44% click-through rate!

By contrast, today’s marketers are happy to see a click-through rate of around 0.5%.

Of course, we internet users see countless display ads, videos, and sponsored search results a day. But at the time, the process was unique. A way for websites to monetize their content so they could pay writers? Who would think that would catch on? But sure enough banner ads became one of the most popular forms of online advertising, with sites like Time getting in on the act, and with companies paying anything up to thousands of dollars to place their banner ads on websites.

Targeted and sponsored ads

With banner ads becoming commonplace, advertisers started to wonder if there were ways to target specific demographics. Up to this point, advertisers had simply hired space on whichever web page they wanted, and their ads would be displayed for a set amount of time.

An advertising company called WebConnect was one of the first to pioneer tracking user activity online and using algorithms to change the adverts shown on a web page. Before this, a banner ad was static for the duration of the advertising contract. By using WebConnect, a company could add their banner ad to a variety of different websites based on price and demographics.

Another breakthrough was being able to rotate banner ads on websites to avoid ‘banner fatigue.’ Once a site visitor had been shown a banner two or three times, the banner would change, a clever tactic designed to catch the attention and maximize the chances of a click-through.

In 1996 came DoubleClick, another online advertising agency that made it easy for companies to find the right site and for websites to make money from ads. In fact, DoubleClick’s ability to give websites easy access to advertisers caused a rapid expansion in the number of websites offering advertising space.

Add in the ability for advertisers to track their ROAS and to customize their ad spend by focusing on high-performing websites, and you had the fuel to the fire for online marketing.

The software underpinning this was D.A.R.T (Dynamic Advertising, Reporting, and Targeting) which gave advertisers an easy way to see where their money was going. DoubleClick was also one of the first sites to bring in a new pricing model for online advertising; CPM or Cost per Mille, meaning advertisers were now paying for the ad’s performance, not just for its placement.

The rise and rise (and rise) of Google

Around this time, two students at Stanford University, called Larry Page, and Sergey Brin were developing a piece of code that was designed to make sense of all of the websites that were popping up every day. Their program, ‘Backrub’, was part of their mission to organize the masses of information that the internet was spawning by categorizing links.

Sites like Yahoo!, Excite, Lycos, AOL, and AltaVista were the search engines of choice for most internet users in the 90s. And although they worked, their algorithms were perhaps too simplistic for the growing World Wide Web.

For example, Yahoo! required a team of real people to input websites into its database so that when you ran a search, it would show in the results. If you hadn’t submitted your website to Yahoo!, then it wasn’t going to show up.

At the time, Yahoo’s technique was a revolutionary approach and one that put a huge strain on sites like Excite and AltaVista which used simple text searches to find results.

But Page and Brin had worked out a way to map the relevancy of a website to a user’s search terms by a complex web of link crawling, keyword analysis, and PageRank, or relevancy. At a relatively early point, the project got renamed Google, and with an investment of $100,000 from the co-founder of Sun Microsystems, Andy Bechtolsheim, the Google project began its ascendency.

Although early websites like Yahoo and Lycos also offered a sort of online directory, news pages, and weather reports, Google kept it simple. Their thing was search results, and the more the word got out about how effective Google was, the more they grew.

At some point between 2000-2001, Google became the dominant search engine, and the phrase ‘Google it’ was born. Even Yahoo! switched its search engine over to Google to make sure people didn’t stop using Yahoo!

Google gives birth to AdWords and AdSense

Having cornered the marketplace with effective search results, Google had to monetize. Between August and October 2000, Google launched its Premium Sponsorships and AdWords platforms.

Using Premium Sponsorship enabled advertisers to pay to have their company appear at the top of the Google SERPs on a CPM basis. Whereas using AdWords meant that your advert would appear as a text banner on the side of the search results. Although, at the time, Google was still in its relative infancy, the popularity of the service took off quickly.

In 2003 Google launched its AdSense platform, allowing publishers to host advertising on their websites and make money from clicks and views. Like DoubleClick, it revolutionized how website owners could get paid for their content.

Suddenly you didn’t need to be selling anything or even have an online shop… You could set up a blog or information portal, host ads and banners, and get paid. All you needed to do was bring in the traffic.

So by offering the most efficient search results and easily giving people what they were looking for, Google became the dominant search engine. Then by giving businesses a way to maximise their visibility on these search results, they built a growing tide of income that would establish them as one of the world’s biggest tech companies.

And then, by offering publishers a way to host and get paid by adverts, Google became the world’s biggest advertising platform.

With their growth, Google continues to offer highly effective tools to manage, research, and track your advertising spend: Analytics, Trends, and My Business…. Today there are something like 251 Google services, covering everything from productivity and study to entertainment, web browsers, and actual hardware.

The other guys: Facebook, Amazon & Microsoft

As Google grows to become the dominant search engine, other players are doing their thing. As a savvy digital native, you’ve no doubt heard of some quirky start-ups called Facebook and Amazon. Both of these billion-dollar brands have grown, alongside Google, to become the biggest at what they do.

Put simply, Facebook has built itself from a simple platform to connect with friends to the dominant global social media platform with plans to connect EVERYONE. Meta now encompasses Instagram, WhatsApp, and Oculus (virtual reality), with around 2 billion users of its platform every month. 

Amazon has gone from being a bookshop to the world’s online superstore. With acquisitions including Whole Foods, Ring (a home security company), Pillpack (an online pharmacist), and Twitch (gaming and video).

In this history of the internet, this is the first real mention of Microsoft, which has been there the whole time. Their Windows operating system has powered the internet from the start, but their presence away from the OS hasn’t been the most consistent. However, their search engine Bing is still the second biggest search engine, with over 9 billion searches a month. Microsoft also owns LinkedIn, Skype, Nokia, MultiMap, and a whole glut of software companies.

When it comes to PPC campaigns, although Google is the leader in search engines, each of these has its own specialty that can be harnessed.

And that brings us to the issue of click fraud and how it could affect you, the modern marketer.

protect your ppc ads from bots with clickcease
google click fraud,
How Click Fraud works?

How Click Fraud Works

As programmatic advertising has become more complex, allowing us different ways to target demographics and a multitude of ways to pay for our advertising, so has click fraud become more sophisticated.

The practice of click fraud

As we’ve seen, there are multiple reasons to commit click fraud or ad fraud. It can occur on any link, whether organic, paid search, social media, in-app promotion, or other forms of digital marketing activities. 

The most common reasons to get fake clicks on your PPC ad campaign are:

  • Vindictive competitors or customers who want to negatively impact your online presence or brand reputation in general
  • Organized fraudulent developers who have created a way to get paid for clicking your ads, usually using fake publisher inventory
  • Malware apps or software created to collect the payout from ads (often with some help from bots)
  • Paid-to-click apps that pay users to click or watch ads in exchange for a small reward.

When you consider that the price for some keywords in Google Ads (previously known as AdWords) can be upwards of $50, or over $100 per click, you’ll soon see why multiple fraudulent ad clicks can really start to cause a problem. In fact, even with clicks at a dollar or so each, the volume of click fraud can quickly cause problems for the average marketer.

In 2017 it was estimated that around 1 in every 5 clicks on a PPC ad campaign were fraudulent in some capacity. Since then, the techniques have become more advanced, and the sheer volume of fraudulent activity online has increased. A study by the University of Baltimore and CHEQ found that click fraud cost marketers over $35 billion in 2022. And this is forecasted to reach $100 billion in 2023 and beyond.

What are the main sources of fake clicks or click fraud?

If clicking on someone’s ad repetitively sounds like a lot of hard work, you’d be right. A competitor clicking on your ad five or ten times a day might be a drop in the ocean for your advertising spend, but there are more damaging ad-clicking methods.

High-volume clicks:

Bots and web crawlers

Designed to crawl the web looking for information, usually for spam or data collection purposes. There can be ‘friendly’ bots, that are just looking to scrape contact info, for example. Or deliberately vindictive bots that have the sole purpose of clicking on your ads hundreds or thousands of times to deplete your ad budget.

The issue of bot traffic is a complex one, with bots coming in a huge variety of flavors. Take a look at our guide to bot traffic to understand this issue in more detail.

Click Farms

Either automated setups or human-powered factories designed to click multiple times on specified links. Yes, they do exist, usually in developing countries where people can be paid as little as $5 for 100 clicks.

Click farms are used by all sorts of businesses, often to inflate their following or engagement, and they can be hired to do multiple actions, from liking social media accounts, watching videos, sharing links or information, leaving comments, and, of course, clicking on PPC adverts multiple times.

Although the bulk of click farms can be based in developing countries, there have been increasing instances of click farms based in Europe and the USA. By hooking up phones and tablets to a computer, you can automate the activity of hundreds of people.

We recently carried out our own research about this phenomenon, so read all about click farms here.

Fraud rings and bot networks

Criminal gangs establish a mixture of publisher websites and automated bots to defraud advertisers. One of the best known is Methbot, a highly sophisticated scam bot network with a complex setup that is designed to fraudulently collect the payout on video views using a network of computers. Thought to have originated in Russia, Methbot is estimated to make around $5-6 million each day in fraudulent clicks.

Ad fraud

Publishers create a website designed to host banner and text ads, then channel fake clicks through the website to collect a payout. Ad fraud often involves placing ads on websites with little chance of genuine traffic being able to find it but with the opportunity for the site owner to maximize their income.

As a complex issue with many threads, you can check out our ad fraud guide for more information.

Medium to low volume clicks:


Your direct competitor can try and siphon off your PPC budget so that their ad ranks higher for relevant searches. They might just click your ad every time they see it, or they might instruct everyone in the office to click your ad – which could be potentially quite damaging.

Although competitors can try to manually inflate your PPC spend, you might find that this is a temporary measure or occasional practice.

We actually looked recently at a case of competitor click fraud, where a business orchestrated a campaign against local competitors. You can read the case study here.

There are some simple steps to minimize your exposure to competitors clicking on your ads, which we will look at later on.

Human error

People searching for something may accidentally click on your site in the SERPs but then click out again. They may not even realize it’s a paid ad. Technically this wouldn’t be classed as click fraud but an invalid click. There is no strategic sabotage going on here; it’s simply a mistake, although repeated mistakes can cost advertisers a fair amount of money.

Vindictive parties

Your ex-employee, unhappy customer, or even your sociopathic ex might have a reason to click multiple times on your ad just to pee you off. You’d best go and apologize.  

What’s so concerning about click fraud? 

Now, you’re probably wondering why the hell anyone would really want to go to all that trouble. Is this really something that people do?

If you haven’t already, then we suggest you run a quick search for ‘buy clicks’.

What you’ll find is a whole industry built around fake website traffic, often designed to boost views on websites or inflate the popularity of social media accounts.

Sites like Fiverr offer plenty of options for users to buy ‘likes’ or website traffic. And most of these services can, of course, be used maliciously.

Many marketers can also run bots to find new clients or to build an email list that they can sell. These simple bots may not be fraudulent, but with enough of them, you could be looking at losing quite a lot of money through non-purchasing site visitors.

Bots can be used in a variety of ways and are relatively simple pieces of programming, meaning that pretty much anyone with a decent level of coding knowledge can make their own bot. You can also buy bots from a variety of sources for everything from research to more nefarious purposes.

It’s been proven that the bulk of internet traffic is actually bots, with some sources estimating 40% and others putting the figure at upwards of 50%. So when you’re aiming to run your next PPC campaign, this is definitely an issue that you’re going to have to bear in mind.

Those running a PPC campaign might find that the amount of PPC ad fraud sits around 20% of their total traffic. Bear in mind that Google doesn’t refer to the practice as ‘click fraud’ but prefers the term ‘invalid clicks.’ This covers all bases from genuinely mistaken clicks to the actual vindictive bot or click farm traffic.  

Who is affected by Click Fraud?

You might think that click fraud is the kind of thing that only really affects the big boys; the Amazons, Citibanks, and Teslas of this world.

Of course, they are in the firing line as they target high-value keywords. But in reality, every online business is at risk of click fraud to some degree or another.

Automated click fraud doesn’t discriminate, with bots often just scouring the web for specific search terms. Even accidental clicks can really add up if your banner or sponsored result is in a competitive industry.

An industry with a huge amount of traffic and expensive keywords means more room for fraudsters to hide. It also means less risk of getting caught and a higher payout.

Here at ClickCease, we see that the most affected micro industries are locksmiths, lawyers, water damage repair, and… dentists. It seems that local service providers are prone to a higher rate of click fraud due to the competition, high CPC, and knowledge of the market.

No matter how little or how much money gets spent on campaigns, one thing is for sure. Every company that’s using PPC networks like Google Ads or Bing Ads is either vulnerable to click fraud or has been a victim of click fraud.  

click fraud prevention by ClickCease
click fraud prevention

High Profile Cases of Click Fraud

On occasion, some of the bigger cases of click fraud make it into the press, especially when there is some serious money at stake. These examples can be on the more extreme end of the click fraud spectrum, but they give a good insight into the lengths some people will go to.

Like other forms of fraud, those big examples are just the tip of the iceberg, with many smaller click fraud campaigns hiding under the surface.

The botnet hacker

Italian citizen Fabio Gasperini was sentenced in 2017 to one year in jail in the USA, as well as a $100,000 fine as a result of his involvement in a botnet hacking scam. Gasperini targeted servers that are used by companies for large-scale data storage and transfer, gaining control of these servers to use as simulated web browsers.

Gasperini was able to use the servers to set up a network of around 100,000 computers around the world and use them to send automated clicks on ads that were embedded on websites that he owned. He also defrauded big businesses that were paying for these ads, including Nike and Walt Disney.

When you consider that one man was able to do such extensive damage, it just goes to show what can happen when you have a seriously organised criminal network.  

We also looked at this case on the ClickCease blog back in 2017…

Search engine clampdown

Microsoft and their Bing search engine are the second biggest player in the PPC world (excluding social media sites), and they have been known to take click fraud very seriously. Back in 2009, Microsoft sued a family team based in Vancouver, BC, for their part in a click fraud scam designed to drive traffic to their World of Warcraft and auto insurance-based websites.

Microsoft was awarded $750,000 in damages, although they also stated that they lost out on $1.5 million in refunds as a result of fake clicks by the scammers.

Criminal bot networks

We mentioned Methbot earlier, but this huge criminal scam is a long-running and hugely profitable bot network that is designed to make money off video advertising. The network makes around $3-5 million a day by using fake websites to stream videos, racking up views, and huge payouts.

It is alleged that the gang has set up around 250,000 URLs that host video adverts which rack up around 300 million video ad views each day!

The sophistication of the Methbot set-up is staggering, with domain names made to look like they belong to well-known brands like ESPN and Vogue, around 570,000 bots, and the software making the interaction with the videos look like genuine human behavior.

Another sophisticated bot setup that was uncovered in 2017 is Hyphbot. With around a million URLs registered, Hyphbot was a prime example of ad spoofing, a practice where fake websites are made to look like big-name publishers like The Economist or The Financial Times. Advertisers then place their ads on these spoofed sites, which then receive a high volume of bot traffic, inflating the PPC payout.

Although there has been a decline in Hyphbot-related activity, it is still thought to be active and making around $500,000 a day.

The click farm

One of the most notorious click farms discovered was in Thailand in 2017. With around 500 smartphones linked up to 350,000 SIM cards and nine computers, the click farm was connected to Chinese fraudsters who used the click farm to boost likes and engagement on the Chinese social media site WeChat.

The owners of the click farm were allegedly paid $4400 a month to run the set-up.

Bangladesh and India are also regularly listed as some of the top places to set up click farms, thanks to the low wages paid to workers. One report suggests that workers paid $120 a year work in shifts to click on multiple smartphones, liking posts, and following profiles on sites like Facebook, Instagram, and Twitter.

The next time you see an Instagram account that seems to have an unfathomably large following, it might be thanks to click farms. In fact, many popular influencers and business accounts, and even some celebrities, have used click farms to inflate their popularity online.

When it comes to Google Adwords fake clicks, companies who want to waste their competitors’ advertising budget can easily hire a click farm to click on ads. A simple search online will net plenty of places where you can buy fake clicks for a low price, for whatever purpose you want. Click farms are a very real and growing business.

DCCBoost attack

The bad cyber actor DCCBoost, also known as the Grinch, resurfaced back in late 2020. Hiding beneath layers of fingerprinting, client-server communication, and intricate client-side traps, its goal was to redirect victims to gift card and lottery scam pages. 

The scammers used a chain of JavaScript codes to encode and decrypt the initial payload inside the source attribute of the displayed ad banner. 

It was discovered that over 25 million fake ad impressions with some variation of this payload have been registered over the internet spread across just about 40 distinct malicious domains hosting the server-side infrastructure.

banning ip due to click fraud

Dealing with Invalid Clicks in PPC Campaigns

As click fraud is a huge problem, and one that is growing by the day, there are several steps you can take to minimize and mitigate your exposure to it. The good news is that major search engines, like Google and Bing, have some strategies in place to combat click fraud and PPC ad fraud.

However, many feel that their efforts fall short and that there is a whole world of invalid traffic, or click fraud, that isn’t picked up.

For example, Google blocks things like high bounce rate visits (often the sign of an accidental click or obvious web scraper) or multiple visits from the same IP address. But more often than not, you’ll need to flag up suspicious activity yourself and request a refund.

In the cases where Google takes a deeper look at the issue, you’ll normally find it can take anything up to a month for the issue to be inspected and for your refund to come through. When you’re looking at batches of ten clicks on $10 keywords, this can run into the hundreds or even thousands.

Spotting these multiple clicks from specific sources isn’t the hard part; in fact, we’ll be looking at how to spot fraudulent clicks later on in this guide. It is the increasingly sophisticated click fraud approaches that cause the biggest headaches. With software able to imitate human behavior, switch IP addresses using VPNs and proxies, or even those click farms pulling the wool over the search engines’ virtual eyes, additional measures are often needed to minimize exposure to click fraud.

Using dedicated click fraud prevention software is the most effective way to make sure that you’re tackling those invalid clicks.

How can you identify click fraud?

We’ve established that click fraud is a pretty big issue, with lots of variations and the potential to really sting your cash flow. So how do you identify when you’ve been a victim of click fraud?

There are several manual checks you can do yourself to see if there has been any fraudulent activity on your ad campaigns. These don’t always give a 100% accurate reflection of what has been happening but can serve as a useful outline and possibly flag up some of the more obvious violations.

Checking IP addresses

You can use tracking tools, including WordPress plugins, for IP address logging to track IP addresses that have visited your site. You can also check your website visitor logs to see how many times the same IP address pops up over a specified time. If you notice that the same obscure location or IP address has been visiting your site regularly, then this might be a red flag for you to try and block this IP address or location.

Google does offer some protection against multiple visits from a single IP address or device. Although it isn’t perfect, and the parameters might not necessarily be what you would set yourself, it is a form of damage limitation.

Checking publishers

If you’ve been subject to one of the most popular forms of ad fraud, which is channeling your ad onto a dodgy website, then checking your publisher list will help you keep an eye on it. Look in the ‘placements’ section of your Google Ads and check the high-traffic sites for any suspect activity. If you think any of them might be fraudulent, you can block them from your publishers’ list.

A few giveaways that a site is fraudulent include pages that appear to be covered in ads, no content (or very little content of any substance), and recently registered domains.

Monitor campaign activity

Suspicious timings or spikes in engagement might be a sign that someone is targeting your ads. Especially if you seem to be getting lots of clicks and little in the way of engagement.

You might also spot a high click rate from a country that might have little to do with your market. For example, if you’re a US-based company and you appear to be getting lots of clicks from the Philippines but no conversions/sales, that could be a marker that you’ve been the target of a click fraud campaign.

Click fraud protection strategies

Aside from locations, devices, IP addresses, and dodgy publishers, it can be hard to spot other forms of fraudulent traffic. Forms of fraud that mimic human behavior or hide behind proxy servers are going to be hard for you to spot yourself. And as the processes and techniques are becoming more sophisticated, keeping track of developments and fraud can be a Herculean task. This is where using click fraud protection software comes into play and can really make a big difference.

How to manually block click fraud?

Of course, you’ll want to do everything you can to limit the number of fraudulent clicks coming through on your ad campaign. It can be tricky and a little labor-intensive to get everything battened down, but it is definitely worth doing these manual fixes.

Even if you’re not that tech-savvy, you’ll be able to find guides to making your PPC campaigns as watertight as you can. And where possible, we have linked to the resources to help you use some of the best techniques to minimize your click fraud exposure.

Set up IP and ISP exclusions

If you’ve identified a pesky IP address that seems to be doing something strange, and you’re pretty sure they’re messing up your PPC campaign, you can set up some exclusions. As an IP address normally refers to a specific device or location, this can cut out fraudulent PPC activity from specific users.

We have a guide to setting up IP address exclusions.

Remarketing campaigns

If you’re not looking to boost your reach at the moment, then remarketing could be a useful campaign strategy. It looks at visitors who have visited your site before and pops up on partner websites, ensuring your brand stays in their minds and possibly even encouraging repeat custom.

Of course, one of the main benefits of remarketing campaigns is that you’ll only be showing up for people who have shown an interest in your business before. It should also limit your exposure to bots or click farms, especially if you’re not in their target area.

You can find out more about running remarketing campaigns on Google’s support pages.

Adjust your targeting

By tweaking your targeting for your ad campaign, you can hugely reduce the exposure of your PPC campaign to fraudulent activity. Excluding certain geographic locations, languages, demographics, and devices can make a big difference to the success of your advertising. If you see suspicious activity coming from one particular demographic, exclude it and see what happens. You can always change it again later…

click fraud detection - detected like Sherlock Holmes

How To Automatically Block Click Fraud

As the click fraud industry remains unchecked by controls and the profits just keep getting bigger, more and more companies are waking up to the impact that click fraud is having on their budgets. 

In fact, a recent study by Juniper Research estimates that the rate of wasted ad budget due to ad fraud will be around 22% of all digital advertising spending in 2023. This means that for every $100 spent on digital advertising, $22 is wasted on fraudulent activity. This figure is expected to rise to $172 billion by 2028.

By following our tips above, you’ll be able to plug some of the leaks in the dam. But of course, you want to plug all the leaks in and make sure nothing is getting past you. The best way to make sure you’re keeping all of your ad spend on target and not losing any to fraud is by using click fraud protection software. 

Although it might seem counterintuitive to spend money on protecting your ad budget, when you consider that you could be losing hundreds of dollars a day, it might make more sense as an investment.

ClickCease is a market-leading click fraud protection software service that is used in over 2 million online ad campaigns. By using a sophisticated and constantly updated series of algorithms, you’ll be able to minimize your exposure to click fraud and ad fraud activity.

If you’re running Google or Bing ad campaigns, then you’ll be able to prevent bot traffic and click farm activity and minimize invalid clicks on your PPC ads. ClickCease works on all of the most popular web hosting platforms, including WordPress, Wix, Shopify, Squarespace, and Drupal.

Although ClickCease blocks the majority of fraudulent activity, if any activity is detected after it has happened, then ClickCease can provide the details for you to apply for a refund. Unfortunately, Google no longer allows third parties to apply for refunds on their customers’ behalf.

Do I really need click fraud protection software?

So do you really need to use click fraud protection software?

Maybe it’s better to look at it from another angle.

Are you bidding on high-value keywords? The more you pay for your average PPC, the higher your chance of being exposed to click fraud. Although losing clicks on $1 keywords might sting a little, it’s when you get to those $10 and up search terms that you might start to notice a hole in your marketing budget. Your search term can include one of the expensive keywords, so, for example, ‘travel insurance’ and ‘best value health insurance’ all fall under the banner of ‘insurance.’

If you’re wondering what the most expensive keywords are, and by extension, those most at risk of exposure to click fraud, these are the top 8 most expensive industries for PPC campaigns.

$56.91 CPC

If your PPC keywords include some of these words, then your campaign is at heightened risk of click fraud or ad fraud. As some of the PPC prices can go anywhere up to $50 and over per word, these are very attractive for fraudsters.

Even invalid and genuinely accidental clicks on these keywords can really add up to making a big dent in your marketing budget. If you do use any of these search terms, take a look at your historical AdWords campaigns and see if you have been exposed to any invalid clicks.

Businesses that use any of these search terms could find that using a click fraud protection service, such as ClickCease, could boost their effective marketing spend by up to 30%.

What else does ClickCease do?

In 2022, we launched our new Bot Zapping tool. Currently available for WordPress websites, Bot Zapping allows website owners to block bot fraud such as:

Blocking fraudulent activity is one thing, but ClickCease also offers some great insight tools which are incredibly useful for your marketing. You can also get new competitor notifications whenever someone starts to bid on your keywords.

As ClickCease tracks all activity on your website from PPC advertising, you can also get an insight into customer behaviour. See mouse movements and where visitors to your site have clicked on your site to understand how customers interact with your business.

So as well as minimising fraud on your ad campaigns, you’ll also be able to get crucial marketing insight that could help you get the most out of your PPC advertising. When you look at the modern click-through rate as under 2% for search ads and around 0.35% for display ads, understanding how to maximize your results is essential.

We’ve come a long way since the days of 44% click rates on that very first online banner ad! Today you need as much help as you can get to win over potential customers.

Sign up for the best click fraud detection and prevention. ClickCease blocks fraud on Google, Bing, and Facebook Ads – so run a diagnostic on your campaigns to see how much invalid traffic you’re seeing.


Is click fraud illegal?

Although there are laws across the world that protect against click fraud, it’s not so simple to answer the question, ‘Is click fraud illegal.’ 

The act of defrauding advertisers is generally considered illegal in most countries, but the problem is policing it.

Clicking multiple times on a search result; creating a website designed to host banner ads and then channeling traffic through it; hiring a click farm to download an app 100 times a day. This is all obviously highly damaging and fraudulent practice, but hard to prove and a grey area when it comes to legality.

There are some cyber crime authorities to whom you can report activity if you believe there is a serious and organized threat occurring. These include Europol, the UK’s National Crime Agency, the FBI, and Interpol.

However, most of these agencies are set up to tackle more obvious cyber crime threats such as identity theft, people smuggling, drug dealing, terrorism, pornography, and other more tangible problems.

How does fraud protection software work?

One of the main benefits of using fraud protection software is that it is constantly learning about new threats and adapting its algorithms. When a suspect IP address, device, or VPN is identified, it’s then added to the list of blocked sources. So if you’re running a PPC campaign and you’re protected by software such as ClickCease, you’ll be able to benefit from the ongoing process of identifying suspect sources.