The Click Fraud Blog | ClickCease
click spam is a form of click fraud

What Is Click Spam and How Does It Affect PPC Ads?

One of the growing forms of click fraud in recent years has been click spam. Although click spamming is nothing new, with the growth of click fraud malware, this method of generating huge volumes of clicks and impressions has seen an increase too.

What is click spam?

Click spam, also known as click flooding, is a type of click fraud. Apps or mobile websites use inbuilt malware to flood ads or download links with automatically generated clicks. These clicks often hijack genuine user behaviour, and can work while an app is running in the background.

Also known as organics poaching, click spam can be used to claim credit for eventual organic installs of other apps. This means that if a user downloads an app (unrelated to the in-app ad), the developers of the app or mobile site receive a pay out as it looks like their software referred the genuine click.

As well as paying out to fraudsters who haven’t earned the referral genuinely, it also distorts marketers data. Advertisers might see the clicks and referrals as positive, when in fact they are almost entirely fraudulent.

How does click spam work?

Very simply, the user downloads an app, which can be anything from a utility app, such as a calculator or torch app, to a game or other tempting download. The app itself has features built in which conduct activity in the background on behalf of the user. This can include clicking on ads in the app, or converting impressions (views) on ads in the app into clicks.

Click spam can also be done in the form of install spoofing, or fake downloads on apps. This is the practice known as organics poaching.

How does this work?

  • The user downloads an infected app to their device
  • This app has code built in which creates many clicks (spam clicking) normally on ads, or allows an external device to click within the app
  • All ad clicks are assigned to the developer or click spammer and if there is an unrelated download from the app store, or if there is an in-app purchase or ad click, the developer gets the pay out
  • Besides defrauding marketers of their ad spend, click spam also distorts click data, often making certain platforms look much more effective than they are

When downloading an app that runs in the background, this could mean that an app is able to click spam ads almost constantly. For the user, this can just mean a depleted battery, such as with the DrainerBot malware.

But for the advertiser, it can mean that you see a lot of activity on your display ads but without the corresponding conversions. To make matters worse, any conversions that are made may not be attributed correctly and chances are there will be a high amount of spoofed clicks before there is any type of conversion.

Click spam differs from botnet activity in that the app generates this huge volume of click spam itself. By comparison, botnets leverage the power of multiple devices to generate fake traffic to ads or links.

As this type of click fraud happens within an app, it is usually the app developer that is the fraudulent party. These apps tend to be in the Google Play store and can affect Google Ads and Facebook display ads too.

Click spam isn’t limited to apps though, with mobile landing pages and web pages also capable of generating ad clicking activity and impressions on behalf of visitors. 

click injection and click spamming can be a big problem for marketers

Spotting organics poaching on your ads

As an advertiser, an obvious giveaway that you’ve been a victim of click spam is always going to be higher traffic with less conversions. This applies to pretty much all forms of click fraud or ad fraud. However, it can be harder to spot organics poaching or click flooding. 

The reason for this is that with an authentic device ID, it can look like a genuine session by a real live user. But usually there are some giveaways that can be used to identify spam clicks on your ads.

Check your analytics for the time between clicks and conversions. Usually organics poaching will claim a conversion that took place some time after the original click.

Make sure that apps have been validated by the ad networks, which is often a good indicator that the apps in question are genuine. Bear in mind though that on Google’s Play store, you do not have to validate your app, and it can take some time for apps to be validated. App developers can sometimes be kinda secretive with their coding, so just because an app isn’t validated doesn’t necessarily mean that it’s fraudulent.

However, what you can do is look at the analytics around specific app publishers. If you have a smaller app developer who seems to be delivering a high amount of traffic, dig into the stats a little to see what you can find. 

Click spam or click spoofing may show a high volume of traffic, but a relatively low amount of conversions. 

How to stop click spam

As a form of ad fraud, click spam is something that can be prevented using anti-click fraud software. ClickCease uses sophisticated algorithms to decode fraudulent activity and help you understand what is really happening with your PPC ads and conversions.

Yes, you can explore your click traffic manually, of course. And yes, it does take quite a bit of time, analysis and guesswork. Using ClickCease is a time and cost effective way to spot fake clicks from unscrupulous app developers and put a stop to those nefarious click spamming ways.

Best of all, you can try it out for free to find out exactly how much fraudulent traffic your ads get. If you’re paying for clicks online, we think you’ll find ClickCease a valuable addition to your PPC armoury.


Since working for ClickCease, Oli has become something of a click fraud nerd, and now bores people at parties with facts about click farms and internet traffic stats. When not writing about ad fraud, he helps companies to optimise their marketing content and strategy with his own content marketing business.

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Block click fraud from ruining your campaign!

Most discussed