What is Click Fraud? Who Does It and How to Stop It

What is Click Fraud? Who Does It and How to Stop It

Pay-per-click (PPC) advertising is one of the most powerful digital marketing strategies for businesses and has been for many years.

When creating a PPC campaign, you pay Google to promote your advertisement, blog, or service page on their search engine. Your ad will appear at (or near) the top of the results for a given keyword, and you’ll only pay when someone clicks on the ad.

The quality of the keyword you set along with the content of your ad will determine how successful the campaign is overall. Once you run out of your set budget, the ad will stop appearing in the search engine.

PPC is a great strategy for getting more visits to your site, but it doesn’t come without its problems.

Click fraud is one of the biggest issues that PPC advertisers face. PPC fraud can exhaust your marketing budget and render your Google Ad useless in a short time. Luckily, click fraud is avoidable and preventable when you know how to combat these obstacles.

What is Click Fraud?

Click fraud is the act of repeatedly clicking on an ad with the intention to cause harm to the advertiser or company by depleting their marketing budget. It can be done by individuals, bots, or specialized software that focuses on click fraud.

The aim of click fraud is to exhaust the budget of the advertiser and stop them from advertising further. It also leads to a lower conversion rate for the company, making it harder for them to get sales. The aim of the fraudulent activity is only to click on the ad but not perform any further action on your site.

If you’re an advertiser, spotting click fraud early is key to preventing it from doing any further damage to your business or your clients. It’s estimated that click fraud can cost advertisers up to $35 billion every year.

Who Does Click Fraud?

Who might be behind click fraud that is harming your marketing? There are a handful of possible individuals or computer-based programs that could be responsible for ruining your advertising budget.

  • Competitors: By far the most common party interested in click fraud will be your direct competitors. The aim of your competition will be to drain your marketing budget by clicking on your ads as many times as possible. And since you’ll pay Google for every click, this can happen very quickly, significantly harming your advertising campaign.
  • Online fraud using bots: You’ll find many online scammers doing PPC click fraud using bots. This is likely a part of a large-scale ad fraud operation where networks do this for their financial gain or redirect the clicks to their own sites.
  • Disgruntled individuals: It might be a former employee, or someone seeking personal revenge on the advertiser, or even an unhappy customer that understands the concept of PPC.
  • Customers: Individuals can click on your link several times without knowing they’re causing an issue. This can occasionally be mistaken for true PPC click fraud.
  • Other advertisers: Some advertisers have click farms, which are essentially big groups of people that click on ads intentionally to drive up impressions, traffic, and potential revenue. This may not be directly harmful to you, but it is a nuisance for search engines as click farms can be hard to spot because they act like real users.

How Did Click Fraud Start?

The very earliest form of PPC fraud was done manually in the early 2000s. Publishers would sign up for Google AdSense and then click on their ads to get more revenue from the ads.

Seeing that this technique was quite effective, click frauds started to hire other people to do the clicking for them until eventually, click bots were developed around 2003.

The purpose of this type of fraud was to drive up traffic and revenue for an advertiser through click bots. These click bots would click on ads on sites with low traffic to drive their ad revenue up.

With time, click bots became more advanced, allowing the fraudsters to scale up their operations.

  • Clickbot.A was developed in 2006 and it paired 100,000 computers together to form the first large botnet. It was the first botnet to perform “low noise click fraud against syndicated search engines.”
  • DNSChanger was another one of the first large-scale ad fraud networks. It consisted of 4 million computers and ran between 2007 to 2011.
  • Miuref, active from 2013 to the present, continues to proliferate as a Trojan, although it is detected by most antiviruses today.
  • Stantinko infected 500,000 machines.
  • Bamital impacted one million desktops included in the network.
  • 404Bot – Active from 2018, 404Bot was able to bypass many preventative measures.

The sophistication of click bots is still growing as they’re getting stronger, larger, and more effective. It’s absolutely essential to recognize and stop them before they do any notable damage to your ad campaigns, your company, or your brand.

What Negative Impacts Does Click Fraud Have for Advertisers?

PPC fraud is one of the biggest problems advertisers face in today’s market. There are several negative impacts of this type of fraud for ad owners:

  • It will systematically drain your advertising budget.
  • Once your budget is drained, your ads will stop showing up, rendering them ineffective and even useless.
  • Even if your budget is not drained, your ad will lose the top spot for the keyword you’re targeting.
  • It skews analytics and amounts to misleading data, which might lead to ineffective changes to the campaign and additional advertising dollars spent.

These are all big problems for advertisers but there is a way of stopping the fraud thanks to growing efforts to fight against these issues.

Click Fraud Prevention Tactics

PPC fraud prevention is necessary if you want to increase the effectiveness of your ad campaigns.

If you use Google Ads, then the good news is that Google already has a Traffic Quality Center that will detect fraudulent clicks as they happen and remove them. Microsoft also has a Traffic Control Center offering similar services.

But these quality control services can still miss some clicks, so it is not wise to solely rely on Microsoft or Google Traffic Quality tools alone.

There are two main click fraud detection techniques:

  • Manual
  • Automatic (using PPC fraud protection software)


Manual click fraud prevention is recommended only to more advanced users who understand the backend.

1. Detect Click Fraud
You’ll need to go into your traffic analytics platform and take a look at the IPs accessing your ad.

As you look at the IPs, you’ll need to determine if there is anything unusual. If one IP tries to access your ad several times in quick succession, then odds are it’s fraudulent activity.

2. Exclude the Dodgy IPs
The next step is to exclude the IP addresses that look suspicious. If you use Google Ads, you can do it pretty quickly:

Go to your Google Ads account Open settings > Choose the campaign you want to exclude the IPs from > Click on “IP exclusions” > Enter the IP addresses you want to block.

Google created a full guide to make this process as simple as possible.

If you use Bing ads, you can do it by accessing your account and going to All campaigns > Click on the campaign > Edit > Other changes > IP address exclusions > Enter the IP address you want to block and hit Apply.

You can see the full guide for disabling click fraud for Bing ads here.


Using a dedicated piece of software to eliminate click fraud is the easiest way to avoid it, especially if you don’t know how to do it manually.

It will cost you a monthly fee but it’s also highly effective and a worthy investment compared to the amount of money you could lose through click fraud.

Some of the best click fraud prevention programs include:

Don’t Stress Over Click Fraud Problems

PPC click fraud is a big issue for advertisers and business owners. It causes you to lose your marketing budget for clicks that don’t lead anywhere. Click fraud has been around since the early 2000s but there are ways to deal with it. Follow our guide to fight against those click fraudsters.