What is PPC Click Fraud?

Ad fraud is any attempt to defraud digital advertising networks for financial gain. Scammers and criminal gangs frequently use bots and click farms to carry out ad fraud, but they’re not the only methods.

If you carry out any form of online advertising you cannot afford to ignore the impact of ad fraud.

Impact of ad fraud

$172b/year Ad Spend Lost to Fraud by 2028*

Figures from Statista estimate that costs related to digital advertising fraud worldwide will increase to $172b by 2028 – roughly 14 per cent annually and nearly double across a five-year period from 2023. This growth of 105% highlights not only the projected increase in advertisement spend and advertisement loss, but also infers that there will be a significant increase in advertising traffic over the next five years.

*Statista

18% of Web Traffic in Advertising comes from Bots*

The Association of National Advertisers (ANA), the representative organisation for advertisers in the US, estimates nearly 18% of all internet traffic in the marketing industry can be attributed to non-human bots which are actively engaged in ad fraud.

*Independent

$23b/year is Recoverable with Fraud Mitigation Platforms*

The use of third-party fraud mitigation platforms could recover more than $23b of advertiser spend lost to fraud. Deploying innovative fraud mitigation services such as IP monitoring, VPN (Virtual Private Network) detection, geolocation tracing, fraud scoring and blacklisting will help combat the sophistication of ad fraud.

*Fraudblocker

Understanding the ad network

An ad network is a technology platform that serves as a broker between a group of publishers and a group of advertisers. The ad network acts as a mediator responsible for introducing the right impression to the right buyer. It partners up with publishers (supply-side) and advertisers (demand-side) to help them reach their ad campaign goals.

Ad networks operate in conjunction with ad servers (AdTech used by publishers, advertisers, ad agencies to manage and run online advertising campaigns). Ad servers are responsible for making decisions about what ads to show on a website, then serving them. On top of that, an ad server collects and reports data (such as impressions, clicks, etc.) for advertisers to gain insights from and monitor the performance of their ads.

And it is here where the majority of vulnerabilities occur.

Where ad fraud is common

Hidden ads

This occurs when an ad is displayed in such a way that it’s not obviously visible to the website user. It targets the ad networks that pay out based on impressions (views of adverts) rather than active clicks.

Click hijacking

Used when an attack redirects a click on one advert and sends the user to a completely different ad result – effectively stealing the click. For this type of fraud to work, the attacker has to have compromised the user’s computer, the ad publisher’s website or a proxy ad server.

Ad fraud click hijacking

The attacker replaces an advert for Joe Bloggs Jeans with one for Sam Brown Chinos.

Fake app installations

Click farms* are set up to install apps thousands of times and interact with them in bulk, thereby distorting the number of times an advert might be shown within an app – especially on mobile apps.

Bots

Scammers create botnets and fake click farms to generate thousands of false impressions on an advert or fake visits to a website which displays ads.

Why are botnets so effective?

Imagine a thousand bots, all accessing different websites, mimicking human behaviour and looking like a real person surfing the web. The botnet creator now has a network which appears to be real and which can then be directed to a fake website.

This fake website now looks like it’s genuine, receiving high volumes of traffic from thousands of real people. Advertisers place ads on the website because they believe their ads will receive a high number of impressions.

The ad network that serves the ads pays the bot owner for the ads displayed and the scammers profit from a completely fake set-up.

Who runs the ad fraud scams?

Economists at the University of Baltimore have found that at present, one-in-ten ad-clicks across all eCommerce campaigns are fraudulent.

Many scams are run by illegal organisations and gangs who funnel the proceeds into organised crime, including money laundering, human trafficking and drugs.

Next generation of bot-click detection and website protection

Web Threat Protection and Ad Fraud Prevention integrate seamlessly with your security stack. By combining both products, you can rest assured your marketing, and your website are protected from malicious bots. Saving you time, money, and from risk of fraud.

Get your free protection audit Find out more

Award-winning malicious bot protection.

Cyber Award Winner 2021

AI-Enabled Data Solution of the Year – DataIQ Awards 2023 Finalist

Tech Innovation of the Year Winner – Leeds Digital Festival Awards

Cyber Security Company of the Year – UK Business Tech Awards 2023 Finalist

Best Use of AI – Tech Awards 2023 – Highly Commended

UK’s Most Innovative Cyber SME 2024 –
Runner Up