Back when I was in middle school, my friends and I would race to finish our projects early so we could play Cool Math Games or any other browser-based video game the network allowed. Around my eighth grade year, the whole school became obsessed with this ridiculously pointless, yet addictive game called Cookie Clicker. 

The goal was to click a digital cookie that produced more cookies in return. These acted as the game’s currency, which players would spend on things like automated clickers, grandmas and increasingly ludicrous upgrades to generate even more cookies. As you progress in your senseless production of endless cookies, it spreads like a virus, engulfing entire cities, and eventually the world, in a doughy disaster. 

While the devastation of these clicks is contained in the game’s universe, real click farms can do a lot of damage to your organization. Rather than generating virtual baked goods, fake clicks target your pay-per-click (PPC) ads, harming their performance and draining your budget. 

But how does click fraud work, and why do fraudsters target PPC ads? Let’s take a closer look at the motivations and methods behind click fraud and what you can do to prevent it.

What is Click Fraud?

Click fraud is when malicious bots, a computer program or an individual exploit an online advertiser by artificially inflating traffic with repeated clicks on PPC ads. This fraudulent activity can drive up your ad spend, skews your Google Analytics data and brings down your conversion rates. 

How Does Click Fraud Work?

In a standard PPC advertising model, you pay a small fee for each click on your display or search ads. The idea is that these clicks come from potential customers who are genuinely interested in your business and could generate future profits. 

However, click fraud throws a wrench into this system by using farms or automated bot programs to flood your ad campaign with spam clicks. This generates large volumes of traffic, but results in little engagement, effectively wasting your ad budget. From bad bots and bored teenagers to competitors and publishers, there are countless perpetrators that commit click fraud. So, how can you defend yourself? 

Inside Click Fraud: Why do Fraudsters Use It?

The first step in fraud prevention is to understand the “how” and “why.” We’ve gone over the basics of how click fraud works; but, as with any cyberattack, it can come in many different forms. There are also numerous reasons why a bad actor might target your digital advertising in the first place, whether it’s for financial gain, ideological reasons or something else entirely.

Whatever the case may be, understanding the different types of click fraud you might face and the motivations behind them can help your team prepare for suspicious clicks and prevent fraud before it eats your budget away.

Different Click Fraud Methods

There is a litany of ways in which bad actors can go about generating fake clicks, including:

1. Ad Fraud

Ad fraud is one of the more common methods of click fraud wherein a scam publisher hosts your ad on a website built solely for generating fraudulent clicks. Because there’s no real content available to site visitors, it’s unlikely these sites produce any organic traffic, but you still get stuck with the bill. This one is particularly sinister because you’re directly paying for fake activity.

2. Click Farms

Click farm operations come straight from a dystopian novel, hiring people only to click on ads all day. In the era of social media, these are often used to artificially inflate likes and other forms of engagement across nearly every platform. And because the end payout is relatively little for the amount of time put in, click farm organizations often operate where labor is cheapest.

3. Bot Traffic

Much like the clickers you can purchase in Cookie Clicker, bots automate the process of ad fraud — only they’re much more efficient. Click bots use a computer program to repeatedly click on an ad, generating large amounts of fake traffic. This makes them easier to catch as rudimentary bots will show a ton of clicks coming from a single computer. However, fraudsters have gotten smart, routing bot traffic through different IP addresses using a virtual private network (VPN).

4. Ad Stacking

Ad stacking is another type of digital ad fraud in which multiple ads are “stacked” on top of each other in a single placement. The user can only see the top-most ad, but each click or impression counts for every ad in the stack. While this method doesn’t involve bots or click farms, it can still result in wasted ad spend and skewed campaign data.

5. Pixel Stuffing

Similar to ad stacking, pixel stuffing also relies on showing users invisible ads. Rather than layering them on top of each other, publishers will load ads in a single pixel on their website. As each user visits the site, they “view” all these ads at once, generating fraudulent activity for you and revenue for the site host.

Other Click Fraud Strategies

While the 5 methods outlined above cover some of the most common click fraud strategies, it’s certainly not a comprehensive list. Bad actors have found numerous ways to get around prevention methods and make a quick buck from your marketing budget. 

Some other common tactics fraudsters might use include:

  • Crowdsourced clicking asks users to view or click on your ads despite the fact that they have no intention of engaging with your business.
  • Faking video views with bots is a common tactic used to artificially boost engagement and generate ad revenue for host websites.
  • Location spoofing, or geomasking, evades detection by changing geographic locations using a VPN.
  • Rewarding views incentivizes users to click on ads to gain something in return. This is common in mobile app games where players get in-game rewards for watching ads.

Depending on the perpetrator(s), their intentions and the resources they have available, these methods can overlap, so it’s important to keep them on your radar.

Common Click Fraud Motivations

Just like any other cybercrime, the motivations behind click fraud are wide and varied. While fraudsters won’t be getting away with valuable data, they will be messing with yours. Plus, they’ll be putting your ad spend directly in their pockets. At the very least, cyber-trolls will skew your campaign performance data and cost you money in the process.

Understanding why a person or organization would target your PPC campaign in the first place is crucial to identifying fraud quickly and developing preventative measures. To help you spot a potential perpetrator, here are the top 3three reasons why people commit click fraud.

1. Reduce Advertiser Competition

In some instances, a competing company might use click fraud as a way to deplete your PPC budget while sinking your ad ranking. Because fake clicks often exit your website immediately, Google sees your ad as less relevant. This could result in your competitor’s ad ranking higher on a targeted search result page.

While it’s unlikely another company would leverage an army of click bots against your PPC campaign, it’s not unheard of for someone to instruct their employees to click on a competing paid ad. In addition to impacting your relevance and ranking, these clicks can inflate your ad spend temporarily. 

2. Artificially Increase Ad Revenue

It’s always important to watch out for competitors, but seedy publishers are also a common source of click fraud. In fact, many of the methods we mentioned can only be used by scam publishers as they own the website your ad appears on.

Here’s how it works: When you (the advertiser) approach an advertising network, like Google Ads, to place an ad, they assign it to a publisher who displays it. Because the publisher gets a small fee every time your ad gets an impression, they can unleash bots, farms and other scammy tactics to generate fraudulent clicks and, thus, revenue.

3. Cyber-Trolling and Ideological Motives

Sometimes, it’s not all about the money. While less common, suspicious clicks could be coming from cyber-trolls or people with more ideological-based motives. In the case of trolling, pranksters might release click bots for no other reason than to ruin your day. 

On the other hand, people or organizations could be targeting your business’s PPC campaign to boost their own ad or malicious website in the search engine rankings. Outside of online advertising, click fraud can also artificially inflate upvotes, signal-boosting certain ideologies.

This type of fraudulent activity can be hard to predict and track, as you never know what might put a target on your back and there’s no money trail to follow.

The True Cost of Fake Clicks

When customers click on your ads without planning on making a purchase, either accidentally or intentionally, it’s generally not a big deal. I know I’ve clicked on a paid ad to get to a website simply because it was at the top of the page. These are considered “invalid clicks” rather than fraud, as there’s no ill intent and they don’t generate large volumes of impressions.

On the other hand, when customers, competitors or other bad actors flood your ads with fake clicks, the costs can add up quickly. According to a 2021 report from Lunio, companies lose between $14,900 and $705,000 each year from click fraud. Not only is this money wasted on fake impressions, but it also hurts your relevance when people or bots immediately click away from your Google ad.

So how do you spot suspicious activity to prevent it in the first place?

How to Spot and Stop Suspicious Clicks in Your PPC Campaigns

Click fraud is relatively easy to detect when you know the symptoms to look out for. If you’re experiencing any of these warning signs, you may be a victim of a fraud attempt:

  • Repeated clicks from the same IP addresses and internet service providers (ISPs).
  • Random spikes in paid ad expenses that exceed predictions.
  • Anomalous campaign performance data, such as a drop in page views during peak impressions.
  • High click-through rates with abnormally low conversion rates.

While these symptoms can be a good indicator of click fraud, they don’t always provide full transparency into suspicious activity. Still, if you notice any of the signs above, you might want to take a closer look at your campaign.

Implementing Fraud Prevention Measures

Now that we know how to spot potential fraud, it’s time to learn how we can prevent it. Your advertising network might already have detection and prevention programs in place — for instance, Google uses machine learning to filter out bot activity. In any case, it’s always best to double-check your campaign with a few easy preventative measures.

1. Check Your Publishers

The first step to fraud prevention is to check your list of publishers for high-traffic sites that might have suspicious activity. If you think there’s fraud afoot, it’s easy to block specific publishers from your list.

2. Monitor IP Addresses

Inside your PPC campaign data, you can also find specific IP addresses and ISPs that show repeated clicks. Set up exclusions to prevent these devices or locations from taking advantage of your ad spend.

3. Focus Your Ad Targeting

If you notice specific regions, keywords or demographics that generate fraudulent clicks, a few tweaks to your targeting can focus your ads on relevant prospects. 

By making your PPC strategy as watertight as possible, you can minimize your click fraud losses and put your ads in front of people who care.

Ben Crosby is a content writer at Brafton. When he’s not writing copy for clients, you can find him cooking in the kitchen, playing video games or reading a good book.