Over $600 billion was spent on PPC ads in 2023. With this huge volume of revenue bad actors continue to manipulate ads to make money using fraudulent practices. While you might have heard the terms ad fraud and click fraud, and perhaps used them interchangeably, they are related but different.
However they do share a lot of characteristics. Lets look at what is ad fraud and what is click fraud, and the differences between them.
What is click fraud?
The act of fraudulently clicking on pay-per-click (PPC) advertisements to boost website income or deplete an organization’s advertising budget is known as click fraud. In contrast to invalid clicks, which are repetitive or created by the ad’s host or publisher, click fraud is deliberate, malevolent, and has no chance of generating a sale.
When pay-per-click advertising is used, click fraud occurs when a person, computer program, or automated script poses as a genuine user and clicks on sponsored search advertisements without intending to make a purchase.
So, referring to the facts presented above, it’s obvious that click fraud can negatively affect your business in several ways, including squandering ad money.
What is ad fraud?
When click fraud is managed on a larger and more organized scale, this is referred to as ad fraud. In order to redirect a business’ marketing budget to their own pocket, fraudsters employ massive ad clicker botnets, malware, and spoofing websites.
Ad fraud can be committed by cybercriminals in several ways. Let’s look at some of them:
- Hidden ads: When a user is not able to see an advertisement because of how it is displayed. Ad networks that base payments on impressions are the focus of this type of fraud.
- Click hijacking: This is the act of a hacker “stealing” a click by tricking the browser into thinking it is a click on a different advertisement. The attacker must get access to the user’s computer, the website of the ad publisher, or a proxy server for this fraud attack to be successful.
- Botnet ad fraud: Botnets are typically used by scammers to create thousands of fake clicks on advertisements or visits to the websites that display the adverts.
The main thing to remember when talking about ad fraud vs click fraud is that ad fraud is a more complex and larger click fraud.
Both click fraud and ad fraud are more often referred to under the blanket term, invalid traffic. This covers any form of non-genuine traffic to your paid ads whether it is malicious or accidental.
Who commits these types of fraud?
Ad and click fraud can be perpetrated by various actors, such as:
- Rivals: Ad fraud is a tactic used by rivals to sabotage the effectiveness of their competitors’ marketing initiatives.
- Publishers: To boost their ad revenue, fraudulent publishers often falsely exaggerate the traffic or click-through rates on their website. This is usually done using bots or automated scripts
- Third-party fraudsters: This refers to people or organizations that use automated scripts or botnets to create fake clicks, in order to defraud others or to undermine rival businesses.
- Ad networks and affiliates: In certain cases, companies in the advertising ecosystem, such as ad networks or affiliates, could commit fraud to increase their profits.
- Malicious software: When malware or malicious software is placed on a user’s device, it can spoof clicks or views and cause ad fraud without the user’s awareness. These are often browser extensions or mobile apps.
- Paid to click websites (PTC): These are where people sign up to get paid for clicking ads. While the clicker themselves is a genuine human, the PTC website can often be run by a fraudster who collects the revenue on these fake clicks, but doesn’t even pay the clicker!
While the term ‘fraud’ obviously implies a malicious and intentional process, the fact is that not all click fraud or ad fraud is intentional. There are many sources of invalid clicks, some of which can be hard to quantify. These can include:
- Accidental clicks
- Made for ads websites (MFA sites)
- Paid-to-click websites (PTC websites)
- Out-of-Geo clicks
- Poor ad placement (this is particularly a problem on apps and some low-quality ad networks)
- Web scrapers/crawlers
- Apps containing malware
- Browser extensions (there are some extensions such as AdNauseum which click on ads on purpose – others might be infected with malware)
Below are two popular lawsuits due to click and ad fraud:
Fabio Gasperini:
In June 2016, Fabio Gasperini, an Italian national, was extradited to the United States of America to stand trial for allegedly running an ad fraud botnet. Among other things, he was said to have made millions by defrauding marketers using a network of over 150,000 computers. The first click fraud case to be heard in American courts was Fabio Gasperini’s. Ultimately, the defendant was found not guilty of any felonies and was simply charged with a misdemeanor, for which he was fined $100,000 and had to serve a year in jail.
Vladimir Tsastsin:
Known as the “click fraud kingpin,” Tsastsin managed a collection of publishing firms that carried out online advertising for numerous agencies. Tsastsin and his group infected almost 4 million PCs with malware, driving users to their websites and advertisements, earning them over $14 million. Over ten years, Vladimir Tsastsin, an Estonian national, and six other persons faced charges in the US for wire fraud and computer intrusion.
Is click fraud or ad fraud illegal?
There is some ambiguity in the legislation on whether click fraud is permitted or not. While most nations don’t have explicit laws prohibiting click fraud, they usually do have laws pertaining to cybersecurity or “information technology.” The majority of court proceedings against click fraud center on issues including wire fraud, data theft, deception, and money laundering in conjunction with current fraud statutes.
Some of the world’s harshest anti-fraud rules are found in the European Union. The anti-fraud office, OLAF, provides strong anti-fraud protection at the federal level. Nonetheless, several states also prohibit certain facets of click fraud.
In fact, regarding digital rights, the European Union is among the world’s most advanced regions. One of the earliest pieces of legislation granting internet users control over their data was the GDPR.
How can you stop or avoid click fraud?
With almost every PPC ad campaign affected by some type of invalid traffic, knowing how to prevent and avoid losing money to fraudulent clicks is an essential skill. While there are manual processes you can take to reduce your exposure to fraud, the simplest and most time and cost-effective way is to use click fraud prevention software.
GeoTargeting
Targeting particular areas with localized campaigns is often preferable since it gives more control over PPC advertisements and ad budgets.
You can also exclude specific places as part of this that could be hotspots for fraudulent activities.
IP Address Exclusions
IP address monitoring becomes essential in the context of click fraud prevention in order to spot and stop suspicious activities. They are easily able to expose fraudulent activity.
For instance, click fraud may be present if a significant number of clicks or website visits originate from the same IP address. Alternatively, IP addresses from places you’re not targeting can be the cause.
In these situations, you should include those traffic sources by adding them to your Google Ads account’s exclusion list.
Click fraud prevention software
There are more options for click fraud prevention software than ever. But if you run any form of paid ads on Google Ads, Meta for Business or other paid search/display networks, you need to consider using one of these.
In general, whichever option you choose, whether its ClickCease, ClickGuard or Fraud Blocker, they will all include the following features:
- 24/7 fraud monitoring
- Click analysis and scoring
- Real-time email alerts
- Customizable blocking rules
- Automated reporting
- Exportable IP addresses
- VPN detection
- Blacklists
Using click fraud software also means that you pre-emptively and proactively block bad traffic and clicks across your ads. Some of these products will block just Google Ads, some might also block bad traffic on Facebook, Instagram, Bing Ads and TikTok. Shop around and see what works for you.
SME Paid Under