Click Fraud: The Hidden Threat in Your Campaigns
Your ad metrics are looking great — but something’s not quite adding up. That high click-through rate isn’t paying off in conversions. Or perhaps traffic is surging from one specific, unexpected location. The culprit? Click fraud.
According to the Association of National Advertisers fraud costs businesses an eye-watering $120 billion USD annually, highlighting the severity of this hidden menace.
From inflated click-through rates (CTR) that mislead marketers into thinking ads are performing better than they are, to spammy leads or unusual traffic sources, click fraud presents itself in many forms. And its repercussions are far-reaching.
But worryingly, many marketers are unaware of this covert saboteur or are lulled into a false sense of security, believing modern ad tools provide sufficient click fraud protection.
In this article, we explore how click fraud works, its implications for marketing campaigns and how to stop it.
Let’s start with the basics. What is click fraud?
Click fraud is a deceptive practice where individuals or automated bots simulate user interactions with online advertisements or other types of links.
This manipulation aims to mislead marketers into believing real users are engaging with content. This then drains budgets by compelling marketers to focus rea that doesn’t have any genuine customer interest.
How does click fraud make money?
Other motivations can be behind click fraud too. Rather than sabotaging competitors, click fraud can also be used to make money, as fraudsters can gain revenue through inflated ad clicks.
There may also be ideological motivations, such as manipulating social media metrics to create a false sense of popularity for certain viewpoints. Cybercriminals also leverage click fraud to boost malicious webs search rankings.
How does click fraud work?
Click fraud is categorised into two main types: manual and automated.
Manual click fraud involves individuals manually clicking on ads. This type of click fraud mimics normal user behaviour, making it difficult to detect.
Automated click fraud uses scripts or software — known as click bots — that execute clicks without real user involvement. These bots mimic human actions, including mouse movements and randomised clicking intervals, to evade detection. They typically operate from a network of devices, known as a botnet, which further obscures the source of the clicks.
Is ad click fraud illegal?
Click fraud is considered a criminal offence, carrying fines and even imprisonment charges. Legal repercussions vary across jurisdictions. Here are a few examples:
The European Union
In the EU, the General Data Protection Regulation (GDPR) aims to protect personal data and address misuse, including data involved in fraudulent activities like click fraud.
Additionally, the Unfair Commercial Practices Directive (UCPD) prohibits deceptive practices that distort consumer behaviour, providing a basis for prosecuting click fraud.
The United Kingdom
In the UK, the Fraud Act 2006 and the Computer Misuse Act 1990 provide legal frameworks for tackling click fraud. These laws impose penalties for fraud through false representation and unauthorised access to computer systems.
The United States
In the US, the Computer Fraud and Abuse Act (CFAA) prohibits unauthorised access to computer systems, which applies to click fraud.
The Wire Fraud Statute criminalises schemes involving electronic communications intended to deceive and cause financial loss.
Additionally, multiple federal laws aim to combat click fraud. For example, California and New York have specific laws targeting computer crimes like click fraud.
Australia
In Australia, click fraud can be prosecuted under the Criminal Code Act 1995, which includes provisions against cybercrimes.
The Australian Consumer Law (ACL) also prohibits misleading and de conduct in trade or commerce. If click fraud involves deceptive practices to influence consumer behaviour, it can be prosecuted under the ACL.
Canada
The Criminal Code of Canada addresses click fraud through provisions against fraud and unauthorised use of computer systems.
Meanwhile, The Competition Act prohibits deceptive marketing practices, meaning click fraud falls under this act if it involves misleading advertising metrics.
The impact of click fraud
Just because click fraud is illegal doesn’t mean it doesn’t happen. Because click fraud occurs in a digital environment and often involves fraudsters operating from distant global locations, it is challenging to detect and prosecute. It remains a threat to marketing budgets and strategies — and worst of all, it may be going entirely unnoticed.
Let’s use CTR as an example. If your ad usually receives 150 legitimate clicks per day at a CTR of 1.5%, a sudden influx of 25 fraudulent clicks can artificially raise your CTR to 1.75% — or a 17% increase in volume.
Consequently, Google — oblivious to the click fraud at play — assumes your ad is performing well and displays it more often. Equally, you might look at the metrics and assign more budget to the ad, or use it as a basis for similar campaigns.
This would all be hinged on faulty information that the ad has spiked in performance, leading you down a costly and unrewarding rabbit hole.
Click fraud can skew other key metrics too, such as conversion rates and bounce rates.
And its impact is far from just minor, isolated cases:
- 22% of global ad spend was lost due to ad fraud in 2023
- 27% of organic and direct traffic consists of bots and fake users
- $1 USD of marketing budget is lost to ad fraud for every $3 USD spent
- 28% of digital traffic is not human
- 10% is the overall average invalid traffic across all digital advertising
The overall effect? Compromised campaign effectiveness. When funds are diverted to fraudulent clicks, fewer resources remain to engage real customers, diminishing return on investment (ROI) and hindering growth.
It’s also important to mention that some industries are affected more than others. Industries most affected include retail, finance, travel and gaming, where high-value keywords attract fraudsters looking to exploit competitive ads. But ultimately, any online business could be targeted, so awareness of click fraud and its hallmarks is relevant to any online business.
Common myths about click fraud
Many marketers lack of awareness of click fraud, its warning signs and how to combat it. This isn’t helped by prevalent myths surrounding click fraud.
Here are some of the most common click fraud myths — and the reality.
MYTH: Ad networks like Google protect me from click fraud
Reality: While companies like Google claim to have systems in place to detect invalid clicks, the reality is that many fraudulent activities slip through the cracks.
Ad networks have an interest in curbing click fraud to maintain their platform's credibility. However, their business model largely depends on the volume of ad clicks, including those that might be fraudulent. This creates a potential conflict of interest, as ad networks might not prioritise click fraud prevention to the same extent as advertisers who invest their marketing budgets for genuine engagement.
Advertisers need to remain vigilant and proactive in protecting their interests, as network priorities might not fully align with ensuring optimal ROI for each advertiser.
MYTH: IP address blocking protects me from click fraud
Reality: Modern click fraud bots are adept at changing IP addresses, often using each one only once, making this method ineffective.
MYTH: Click fraud doesn’t affect my campaigns
Reality: Fraudulent clicks can easily mimic legitimate activity, skewing data and draining budgets, and it’s almost impossible to identify using Google AdWords alone.
MYTH: Click fraud only affects paid search ads
Reality: Display ads are just as vulnerable as paid search ads when it comes to click fraud.
- Jean Chen, COO & Co-Founder, MondressyBoth paid search and display ads are at risk. Display ads are particularly targeted because they appear across various sites, making them a prime target for fraudulent activities. This misconception can leave businesses vulnerable if they focus solely on protecting paid search ads, while neglecting the broader spectrum of advertising reach.
MYTH: Click fraud only affects certain industries
Reality: The idea that click fraud primarily affects certain industries is misleading. The truth is, any business using online ads can fall prey to click fraud.
- Jessica Bane, Operations Director, GoPromotionalWhile industries like legal and finance, with higher cost-per-click rates, are prime targets, no sector is entirely safe. It's a widespread issue and requires vigilance from everyone involved in digital marketing.
How to identify and prevent click fraud
Detecting click fraud can be tricky. It’s not just about gut instinct – it's a methodical process of tracking key performance indicators across your digital advertising campaigns.
Source: Photo by Agence Olloweb on Unsplash
When it comes to Adwords click fraud detection, your first line of defence is understanding the unusual patterns that signal potential fraudulent activity.
Here’s how to identify and prevent click fraud according to the experts.
Check your key metrics
Naturally, a good place to start is by scrutinising your analytics data.
Check out your conversion rates. Does anything seem amiss? Look for dramatic, unexplained fluctuations – a campaign’s conversion rate suddenly jumping from 2% to 50% then back again, for example. Compare these rates against both your historical data and industry benchmarks.
Bounce rates are another critical metric. Fraudulent traffic typically exhibits unnatural browsing behaviour. Check your landing page analytics, segmenting PPC and organic traffic. If bot-driven clicks are flooding your campaigns, you'll see significantly higher bounce rates and potentially fewer recorded visits than actual ad clicks.
Your click-through rates (CTR) can also reveal hidden threats. Wildly inconsistent CTRs across campaigns or unexpectedly high rates might indicate malicious activity.
Analyse keyword quality scores
Google Ads ranks keywords with Quality Scores. These can help you identify if your ad has fallen victim to click fraud.
Check out the ‘Expected CTR’ of a keyword’s Quality Score in Google Ads. If you find a keyword has ‘Above Average’ as its expected CTR, while similar keywords in the campaign have ‘Below Average’, this could indicate a click fraud attack against that specific keyword.
Check campaign geo-targeting
If you notice a spike in performance, checking for locational trends can be a big giveaway if click fraud is afoot.
- Craig Tessier, Owner & Operator, Scrimshaw DigitalMy first encounter with click fraud was on an account I worked on targeting the Greater Vancouver area. As I had multiple accounts I was in charge of, I missed for about a month that one of our campaigns in this account was seeing higher than normal traffic, and click-through rates,
…What I noticed once I dug through each campaign, I noticed the geo-targeting for a single campaign wasn't just to Greater Vancouver, it was global. This allowed for someone in Central Asia to mass-click our ads within the campaign, which drove up costs.
Once this was noticed, I quickly fixed the issue, but it was a great reminder to check every campaign, ad group and ad, within every account, to make sure you've secured the backdoor so you don't fall victim to click fraud.
Audit your display ads
Don’t forget: display ads can experience click fraud too. It’s important to review your display ad campaigns regularly (every day if possible) to ensure they don’t appear on illegitimate websites, which can result in spammy clicks.
Keep an eye on the competition
Monitoring competitors’ activities can help identify if any foul play is at hand.
Keeping an eye on [competitors’] behaviour helps in spotting unusual patterns that might indicate click fraud. In my experience, I noticed a competitor aggressively bidding on our client's keywords. In response, we tightened our bid controls and adjusted our ad placements. This proactive approach helped us minimise the risk and impact of potential click fraud.
Review form submissions, user accounts and comments
If your website accommodates form submissions, user accounts or comments, you may be able to use these to find vital clues as to whether click fraud is occurring.
Check the timestamps of these interactions with paid ads activity. Sudden spikes in spam or dormant accounts coinciding with PPC activity could be a warning sign.
Check IP addresses
If you have a suspicion click fraud is at play, checking IP addresses on your server logs can provide further insight. While bots can formulate different IP addresses for each click, there may still be patterns you can decipher:
- Are there multiple clicks from the same subnet (i.e. only the last 3 digits of the IP address change?)
- Do these IPs resolve to data centres or locations where you aren’t targeting your ads?
- Did these IPs complete a conversion?
Wise up about Smart Campaigns
Smart Campaigns are 31% more likely to see fraudulent activity than standard campaigns.
To see if your Smart Campaign is affected, create a standard campaign to A/B test it against. If the Smart Campaign generates significantly higher levels of activity, it may be subject to click fraud.
You can also use Smart Campaign scheduling to your advantage to avoid times when fraudulent clicks are prominent.
- David Sides, Marketing & PR Strategist, The Gori Law FirmBy analysing our data, we discovered certain times and days when fraudulent clicks were more common. Adjusting our [Smart Campaign] ad scheduling to focus on high-quality traffic periods improved our ROI considerably.
Get automated click fraud protection software
Identifying click fraud is difficult, and following the above points can be time-consuming. As a shortcut, you can download click fraud prevention software to detect and eliminate click fraud for you.
We use platforms like ClickCease and CHEQ alongside Google Ads' native fraud detection. This multi-tool approach helps us catch different types of suspicious activity. For instance, when we noticed unusual click patterns during off-hours, our detection tools flagged these as potential bot activity.
From click fraud to clarity
One little click might seem innocent and nondescript. But as we’ve seen, en masse misleading clicks can cause havoc, undermining the effectiveness of marketing campaigns and leading to financial losses.
By following the tips and expert insights in this article, you now know how to stop click fraud, protect advertising investments and ensure your marketing reaches genuine audiences.
At Wide Angle Analytics, we are dedicated to providing 100% accurate website data while prioritising user privacy. Get a full view of key metrics to identify strengths, areas of improvement and potential fraudsters. Discover how we can enhance your marketing insights today.
Lauren Meredith is a seasoned content marketing strategist and writer helping online businesses connect with their audience and maximise organic success. Her SEO content secures #1 positions on Google, features in publications such as The Independent, Yahoo and academic domains, and has won an award at the Digital Growth Awards.