Click Fraud: What Is It & Why Does It Matter?

Digital marketing, and pay per click in particular, have become the go to methods of advertising for most businesses. Everyone from small businesses to global corporations can take advantage of the access to a huge market online. 

With over 4 billion people in the world connected to the internet on a daily basis, and nearly 2 billion of those buying something online each year, a well targeted PPC campaign is the difference between sinking and swimming. Add in the fact that there are 5 billion searches on Google every day, and you’ll understand how big a deal pay per click advertising is.

With this huge volume of traffic, and money, comes an obvious target for fraud. And click fraud has now come to be the most costly form of fraud committed each year surpassing credit card fraud. 

What is click fraud?

Click fraud is the act of clicking on a paid link, such as display ad or sponsored search result, with malicious or vindictive intent.

This can be to deplete the advertisers marketing budget, damage the performance or reach of the ad, or even to steal the cost of that click for yourself (a practice known as ad fraud).

We will look more in-depth at the sources and motives for click fraud later in this article. But suffice to say, there is a huge industry that has spawned around defrauding programmatic ads and advertisers.

From paid-to-click apps, to click farms, generating large volumes of fake clicks is easier than ever.

In fact, the issue of click farms is widely reported, with many of them selling their services to inflate likes and followers on social media. But this same technique can also be used for criminal gain, with millions of dollars at stake for enterprising gangs who know how to make click fraud pay using complex technological solutions and malware.

What is ad fraud?

The practice of ad fraud is an organised form of click fraud. Ad fraud is usually used to fraudulently inflate the pay out for websites publishers, mobile app developers, or on social posts or videos.

Often when referring to click fraud, people use the term ad fraud interchangeably. However, where click fraud can simply be accidental or malicious; for example rivals aiming to deplete your marketing budget; ad fraud is usually intended to line the pockets of the fraudster.

But is click fraud really that big a problem? 

The actual rates of fraud vary based on:

  • Your industry
  • Geographic location
  • Time of year

2020 research found that the average rate of click fraud across the campaigns we protect here at Proecho Solutions is 14%.

However, within that, there is a huge variation of fraudulent ad clicks depending on the industry. For example, the industries with the highest volume of fraud were found to be:

  • Photography – 65%
  • Pest Control – 62%
  • Locksmith – 53%
  • Plumbing – 46%
  • Waste Removal – 44%

Other notable industries subject to high levels of click fraud include real estate (31%), financial services (20%) and legal and law services (14%).

The truth is, click fraud affects almost every industry, with 90% of all campaigns on Google Ads being impacted in some capacity.

As programmatic advertising has become more complex, allowing us different ways to target demographics and a multitude of ways to pay for our advertising, so has click fraud become more sophisticated.

The practice of click fraud

As we’ve seen, there are multiple reasons to commit click fraud or ad fraud. It can occur on any paid link, whether display, paid search, social media, in-app promotion or other forms of paid digital marketing.

There most common reasons to get fake clicks on your PPC ad campaign are:

  • Vindictive competitors or customers who want to negatively impact your ad spend
  • Organised fraudulent developers who have created a way to get paid for clicking your ads, usually using fake publisher inventory
  • Malware apps or software created to collect the payout from ads (often with some help from bots)
  • Paid to click apps which pay users to click or watch ads in exchange for a small reward.

When you consider that the price for some keywords in Google Ads (previously known as AdWords) can be upwards of $50, or over $100 per click, you’ll soon see why multiple fraudulent ad clicks can really start to cause a problem. In fact, even with clicks at a dollar or so each, the volume of click fraud can quickly cause problems to the average marketer.

In 2017 it was estimated that around 1 in every 5 clicks on a PPC ad campaign were fraudulent in some capacity. Since then, the techniques have become more advanced and the sheer volume of fraudulent activity online has increased.

A study by the University of Baltimore found that click fraud cost marketers over $35 billion in 2020. And this is forecast to grow even more in 2021 and beyond.

What are the main sources of fake clicks or click fraud?

If clicking on someones ad repetitively sounds like a lot of hard work, you’d be right. A competitor clicking on your ad five or ten times a day might be a drop in the ocean for your advertising spend, but there are more damaging ad clicking methods.

High volume clicks:

Bots and web crawlers

Designed to crawl the web looking for information, usually for spam or data collection purposes. There can be ‘friendly’ bots, which are just looking to scrape contact info for example. Or deliberately vindictive bots which have the sole purpose of clicking on your ads hundreds or thousands of times to deplete your ad budget.

Click Farms

Either automated set ups, or human powered factories designed to click multiple times on specified links. Yes they do exist, usually in developing countries where people can be paid as little as $5 for 100 clicks.

Click farms are used by all sorts of businesses, often to inflate their following or engagement, and they can be hired to do multiple actions, from liking social media accounts, watching videos, sharing links or information, leaving comments and, of course, clicking on PPC adverts multiple times.

Although the bulk of click farms can be based in developing countries, there have been increasing instances of click farms based in Europe and the USA. By hooking up phones and tablets to a computer, you can automate the activity of hundreds of people.

Fraud rings and bot networks

Criminal gangs establish a mixture of publisher websites and automated bots to defraud advertisers. One of the best known is Methbot, a highly sophisticated scam bot network, with a complex set up which is designed to fraudulently collect the payout on video views using a network of computers. Thought to have originated in Russia, Methbot is estimated to make around $5-6 million each day in fraudulent clicks.

Ad fraud

Publishers create a website designed to host banner and text ads, then channel fake clicks through the website to collect a payout. Ad fraud often involves placing ads on websites with little chance of genuine traffic being able to find it, but with the opportunity for the site owner to maximize their income.

Medium to low volume clicks:


Your direct competitor can try and siphon off your PPC budget so that their ad ranks higher for relevant searches. They might just click your ad every time they see it, or they might instruct everyone in the office to click your ad – which could be potentially quite damaging.

Although competitors can try to manually inflate your PPC spend, you might find that this is a temporary measure or occasional practice.

There are some simple steps to minimise your exposure to competitors clicking on your ads, which we will look at later on.

Human error

People searching for something may accidentally click on your site in the SERPs, but then click out again. They may not even realise its a paid ad. Technically this wouldn’t be classed as click fraud, but an invalid click. There is no strategic sabotage going on here, it’s simply a mistake, although repeated mistakes can cost advertisers a fair amount of money.

Vindictive parties

Your ex employee, unhappy customer or even your sociopathic ex might have a reason to click multiple times on your ad just to pee you off. You’d best go and apologise.

Is it really that big a problem?

Now, you’re probably wondering why the hell would anyone really want to go to all that trouble. Is this really something that people do?

If you haven’t already then we suggest you run a quick search for ‘buy clicks’.

What you’ll find is a whole industry built around fake website traffic, often designed to boost views on websites or inflate the popularity of social media accounts.

Sites like Fiverr offer plenty of options for users to buy ‘likes’ or website traffic. And most of these services can, of course, be used maliciously.

Many marketers can also run bots to find new clients or to build an email list which they can sell. These simple bots may not be fraudulent, but with enough of them you could be looking at losing quite a lot of money through non purchasing site visitors.

Bots can be used in a variety of ways and are relatively simple pieces of programming, meaning that pretty much anyone with a decent level of coding knowledge can make their own bot. You can also buy bots from a variety of sources, for everything from research to more nefarious purposes.

It’s been proven that the bulk of internet traffic is actually bots, with some sources estimating 40% and others putting the figure at upwards of 50%. So when you’re aiming to run your next PPC campaign this is definitely an issue that you’re going to have to bear in mind.

Those running a PPC campaign might find that the amount of click fraud, sits around 20% of their total traffic. Bear in mind that Google doesn’t refer to the practice as ‘click fraud’ but prefers the term ‘invalid clicks’. This covers all bases from genuine mistaken clicks to the actual vindictive bot or click farm traffic.

Who is affected by Click Fraud?

You might think that click fraud is the kind of thing that only really affects the big boys; the Amazon’s, Citibank’s and Tesla’s of this world.

Of course, they are in the firing line as they target high value keywords. But in reality every online business is at risk from click fraud to some degree or another.

Automated click fraud doesn’t discriminate, with bots often just scouring the web for specific search terms. Even accidental clicks can really add up if your banner or sponsored result is in a competitive industry.

An industry with a huge amount of traffic and expensive keywords means more room for fraudsters to hide. It also means less risk of getting caught and a higher payout.

Here at Proecho Solutions we see that the most affected micro industries are: locksmiths, lawyers, water damage repair and… dentists. It seems that local service providers are prone to a higher rate of click fraud due to the competition, high CPC and the knowledge of the market.

No matter how little or how much money gets spent on campaigns, one thing is for sure. Every company that’s using PPC networks like Google AdWords or Bing Ads, is either vulnerable to click fraud or has been a victim of click fraud.

Dealing with Invalid Clicks in PPC Campaigns

As click fraud is a huge problem, and one that is growing by the day, there are several steps you can take to minimise and mitigate your exposure to it. The good news is that the major search engines like Google, Bing and even Facebook, do have some strategies in place to combat ad fraud and click fraud.

However many feel that their efforts fall short and that there is a whole world of invalid traffic, or click fraud, that isn’t picked up.

For example, Google does block things like high bounce rate visits (often the sign of an accidental click or obvious web scraper) or some multiple visits from the same IP address. But more often than not, you’ll need to flag up suspicious activity yourself and request a refund.

In the cases where Google takes a deeper look at the issue, you’ll normally find it can take anything up to a month for the issue to be inspected and for your refund to come through. When you’re looking at batches of ten clicks on $10 keywords, this can run into the hundreds or even thousands.

Spotting these multiple clicks from specific sources isn’t the hard part, in fact we’ll be looking at how to spot fraudulent clicks later on in this guide. It is the increasingly sophisticated click fraud approaches that cause the biggest headaches. With software able to imitate human behaviour, switch IP addresses using VPNs and proxies, or even those click farms pulling the wool over the search engines virtual eyes, additional measures are often needed to minimise exposure to click fraud.

Using dedicated click fraud prevention software is the most effective way to make sure that you’re tackling those invalid clicks.

Is click fraud illegal?

Although there are laws across the world that protect against click fraud, it’s not so simple to answer the question ‘is click fraud illegal’.

In the USA and several European countries, practices such as wire fraud, racketeering, deceptive business practices and data manipulation are illegal. So when it comes to legal challenges against click fraud, it will most often come to proving practices such as these.

The act of defrauding advertisers is also one that is illegal in most countries, but the problem is policing it. Although digital crime is an area that is becoming increasingly complex, and profitable, there are few resources globally to combat it.

Clicking multiple times on a search result; creating a website designed to host banner ads and then channelling traffic though it; hiring a click farm to download an app 100 times a day. This is all obviously highly damaging and fraudulent practice, but hard to prove and a grey area when it comes to legality.

There are some cyber crime authorities who you can report activity to if you believe there is a serious and organised threat occuring. These include EuroPol, the UK’s National Crime Agency, the FBI and InterPol.

However, most of these agencies are set up to tackle more obvious cyber crime threats such as identity theft, people smuggling, drug dealing, terrorism, pornography and other more tangible problems.

How can you identify click fraud?

We’ve established that click fraud is a pretty big issue, with lots of variations and the potential to really sting your cash flow. So how do you identify when you’ve been a victim of click fraud?

There are several manual checks you can do yourself to see if there has been any fraudulent activity on your ad campaigns. These don’t always give a 100% accurate reflection of what has been happening, but can serve as a useful outline and possibly flag up some of the more obvious violations.

Checking IP addresses

Google doesn’t give you the tools to check IP addresses that have visited your site, but you can use tracking tools, including WordPress plugins for IP address logging. You can also check your website visitor logs to see how many times the same IP address pops up over a specified time. If you notice that the same obscure location or IP address has been visiting your site regularly then this might be a red flag for you to try and block this IP address or location.

Google does offer some protection against multiple visits from a single IP address or device. Although it isn’t perfect and the parameters might not necessarily be what you would set yourself, it is a form of damage limitation.

Checking publishers

If you’ve been subject to one of the most popular forms of ad fraud, which is channeling your ad onto a dodgy website, then checking your publisher list will help you keep an eye on it. Look in the ‘placements’ section of your Google Ads and check the high traffic sites for any suspect activity. If you think any of them might be fraudulent you can block them from your publishers list.

A few giveaways that a site is fraudulent include pages which appear to be covered in ads, no content (or very little content of any substance) and recently registered domains.

Monitor campaign activity

Suspicious timings or spikes in engagement might be a sign that someone is targeting your ads. Especially if you seem to be getting lots of clicks and little in the way of engagement.

You might also spot a high click rate from a country that might have little to do with your market. For example if you’re a US based company and you appear to be getting lots of clicks from the Philippines but no conversions/sales, that could be a marker that you’ve been the target of a click fraud campaign.

Identifying other forms of click fraud

Aside from locations, devices, IP addresses and dodgy publishers, it can be hard to spot other forms of fraudulent traffic. Forms of fraud that mimic human behaviour or hide behind proxy servers are going to be hard for you to spot yourself. And as the processes and techniques are becoming more sophisticated, keeping track of developments and fraud can be a Herculean task. This is where using click fraud protection software comes into play and can really make a big difference.

How does fraud protection software work?

One of the main benefits of using fraud protection software is that it is constantly learning about the new threats and adapting its algorithms. When a suspect IP address, device or VPN is identified it’s then added to the list of blocked sources. So if you’re running a PPC campaign and you’re protected by software such as ClickCease you’ll be able to benefit from the ongoing process of identifying suspect sources.

How to manually block click fraud

Of course you’ll want to do everything you can to limit the amount of fraudulent clicks coming through on your ad campaign. It can be tricky and a little labour intensive to get everything battened down, but it is definitely worth doing these manual fixes.

Even if you’re not that tech savvy you’ll be able to find guides to making your PPC campaigns as watertight as you can. And where possible we have linked to the resources to help you use some of the best techniques to minimise your click fraud exposure.

Set up IP and ISP exclusions

If you’ve identified a pesky IP address that seems to be doing something strange and you’re pretty sure they’re messing up your PPC campaign you can set up some exclusions. As an IP address normally refers to a specific device or location, this can cut out fraudulent PPC activity from specific users.

Remarketing campaigns

If you’re not looking to boost your reach at the moment then remarketing could be a useful campaign strategy. It looks at visitors who have visited your site before and pops up on partner websites, ensuring your brand stays in their mind and possibly even encouraging repeat custom.

Of course one of the main benefits of remarketing campaigns is that you’ll only be showing up for people who have shown an interest in your business before. It should also limit your exposure to bots or click farms, especially if you’re not in their target area.

You can find out more about running remarketing campaigns on Google’s support pages.

Adjust your targeting

By tweaking your targeting for your ad campaign you can hugely reduce the exposure of your PPC campaign to fraudulent activity. Excluding certain geographic locations, languages, demographics and devices can make a big difference to the success of your advertising. If you see suspect activity coming from one particular demographic, exclude it and see what happens. 


4 Online Advertising Methods That Get Results

Updated: 6/3/2020

If you’re looking to expand your business and reach new customers, you can’t afford to ignore the power of online advertising. Whether you’re a local business with established customers or a pure-play online startup, online ads offer a quick, easy, and cost-effective way to publicize your services. How can you get started?


Search engine marketing (SEM) is the most-used method for online advertising, with Google providing by far the best opportunities for exposure. In fact, studies show that 85% of consumers search for businesses online when making a purchasing decision. If your site is languishing in the organic listings, paid advertising offers a quick way of achieving visibility and drawing traffic.

Although various types of search engine advertising are available, the most usual is pay per click (PPC), where you place a bid on the keywords for which you want to appear. The more you’re willing to pay for each visitor, the higher your position, although you won’t be charged unless a searcher clicks your ad. The methodology and approach that marketers take when developing, implementing and optimizing online advertising campaigns depend on each industry, market, and product. 

It is important to sit down and determine an advertising strategy prior to implementing an online search engine marketing campaign. Having a proper plan in place is critical for successfully targeting the correct audience and communicating the value of your product to drive conversion. 


Social media has been the fastest growth area of online traffic over the last few years. Trends continue to show steady growth for various social media marketing platforms. In fact, despite the recent revelations regarding the mishandling of millions of users’ data by Facebook, the social network has seen a 13% increase in user activity over 2017.

That means that social media will continue to present a massive opportunity for reaching connecting brands with their audience.  Putting the right advertising message in front of them can have excellent results.

Placing ads in social media can be as easy or complicated as you want. The major social media sites provide a vast range of tools for setting up campaigns on their platforms, and you can either pay for blanket exposure or use powerful targeting options to reach your perfect customer. 

In 2020, messenger ads via social media and SMS are becoming more prevalent. This can be an effective way to use retargeting ads to customers who have shown purchase intent but have not yet made a purchase. With high open and response rates, this digital marketing strategy is also worth taking into consideration.


Email marketing still remains one of the most under-rated and under-utilized form of online advertising. Yet, it is probably the most powerful form of online advertising that exists. However, email marketing requires a careful balance that hinges on important factors. Often times, users will subscribe to receive email because of a compelling enough offer, however, there needs to be a reason for a user to remain subscribed. Businesses should focus on providing highly-valuable content that users want to connect with in order to retain subscriber numbers. Keep a close eye on how your email audience reacts to the content you send and how often it is sent. 

Pop-ups, lead-magnets, and landing pages can be utilized in combination with email marketing. They are mechanisms used to collect user email addresses in exchange for a compelling offer of value. Often times this could be a free resource (ebook, webinar, etc.) or a discount or coupon.

Having an understanding of how digital marketing funnels operate is crucial to properly setting up online advertising tactics that are based on email marketing. The positive impact that a correct email marketing implementation has on an organization is the most effective method for growing loyal, long-term customers. 


Lastly, banner advertising has been the mainstay of online marketing for as long as browsers have been able to show graphics. You can either pay for banners by the impression, or by the number of clicks they attract. Simple banner ads on popular sites are a great way of achieving brand exposure, although their meager click-through rates mean that they’re not so useful for driving traffic and sales. 

With that said, it is important to keep in mind that online banner ads should not be expected to drive website traffic. Banner ads are intended for brand awareness and gaining market exposure. 

Online advertising has been around for decades, and that’s because it works. However, incorrectly executing online advertising can hurt companies instead of helping. Thus, it is important to understand exactly how each type of online advertising functions at each level of the purchasing process. By using these four methods correctly, however, organizations getting started can see an immediate and positive impact.

Becoming an expert in the field takes years of study and practice. Developing an understanding of how to properly set up and execute a online marketing strategy can be overwhelming. If you need help with taking your online advertising to the next level, contact us today


What Businesses Need To Know About The IOS 14.5 Update And Facebook Conversions API

Every so often, Apple releases a new iOS update and developers, marketers, and business owners have to figure out how it will fit into their digital strategies. It is no secret that Apple and Facebook have been feuding over privacy issues and the iOS 14.5 update is the latest step in the game. For businesses who use the Facebook Pixel to manage event tracking, this latest change could present a challenge.


Marketers and developers have been tracking user actions for a long time. This has helped to serve a more personalized (and more persuasive) selection of ads to users. Many marketers take advantage of the Facebook targeting tools to serve customers with more relevant ads.

Conventionally, Facebook and other online advertising platforms have gathered data about users’ behaviors using the Facebook Pixel (for web tracking) and Facebook SDK (for mobile tracking). These two client-side systems send information about user actions back to Facebook directly from the user’s browser. Such actions, or “events,” can include viewing certain content, adding products to shopping carts, making purchases, and a variety of other commercial activities.

That data is then used by Facebook and marketers on the platform to better target consumers with relevant ads. Often, it is used to retarget ads for products that users have previously viewed. If you’ve ever looked at a product page then suddenly received lots of ads about that product, you are familiar with this system.

Similarly, the data can be used to measure the efficacy of ads. By associating later actions with ad views, marketers can determine if they have effectively caused the desired behavior. Without this individual tracking data, marketers would largely be in the dark about whether their campaigns are effective except at the highest level and simplest metrics.

Modern advertising and a lot of commerce are fueled by the data collected by Facebook. Nearly all marketers using the Facebook Ads Manager are benefitting from these data collection methods. So, any changes to how that data can be collected can have big impacts.


iOS 14 has brought about a variety of new features and changes. However, the most impactful for marketers are the changes to Facebook’s tracking. Most specifically, Apple iOS 14.5 tracking now requires users to approve app access to their advertising IDs, the feature used to power the Facebook SDK on iOS devices.

The previous major version of iOS, version 13, brought similar changes to location tracking. These prompts reduced opt-in rates for location tracking by half on average. The Apple iOS 14.5 tracking changes are likely to bring about a similar drop in advertising ID access.

Using the conventional system for tracking mobile user activity, Facebook marketers would be blind to the efficacy of their campaigns on about half of their iPhone and iPad audience. That is a really serious drop in data access.

It is also important to note that mobile traffic accounts for a large portion of all online activity today. Many consumers are using their mobile devices as their primary screens. So, it is important for marketers to have a way to effectively access usage data for iPhones and iPads.


The good news is that Facebook already has a solution, although it may require some changes to your website and app. The Facebook Conversions API is an updated version of a tool that has been around for a while, the Facebook Server-Side API.

This API changes the model for how users are tracked for Facebook Ads. Rather than collecting data via a client-side tracker (i.e. on the browser), the API does everything on your server. Therefore, you can track various user events without having to rely on the iOS advertising ID. So, even if users deny access at the app level, you can still gather useful analytics.

There are limitations to what can be tracked client-side. However, the Facebook Conversion API is more advanced than many similar systems and is an increasing point of focus for the social media giant. These are some of the events that you can track and associate with ad views:

  • Affiliate payments
  • Email subscriptions
  • Locations
  • Form submissions
  • Leads
  • Phone calls
  • Purchases
  • Subscription changes

The API does more than just overcome Apple iOS 14.5 tracking limitations. It can also help with tracking failures due to bad connections, long page load times and ad-blocking software.

Furthermore, the Facebook Conversions API approach can be used outside of your website and app. It can be integrated with other business systems so that you can track events such as in-person purchases, and inbound phone calls.


Currently, marketers can still get useful information from the Facebook Pixel in browsers and the Facebook SDK on mobile devices. However, it is likely that opt-in rates on iOS devices will fall significantly with this update. Therefore, it is almost essential to implement the Facebook Conversions API alongside the client-side tracking methods to ensure a fairly comprehensive data set. It is important to ensure that you are not double-tracking activities; however, Facebook designed the systems to work together.

Moving forward, it is almost certain that Apple will continue to crack down on how its users can be tracked. For marketers, it is important to stay abreast of all the latest changes and to adjust strategies accordingly.

If you want to ensure that your brand is always positioned for digital marketing success, start working with the Proecho Solutions team. We provide full-service digital marketing services that will help supercharge your business’s growth. Contact us today to learn more.