Click Fraud 101: Most Common Types of Fraudulent Clicks


Click Fraud is becoming an increasingly large problem for PPC advertisers. A recent study conducted by Professor Roberto Cavazos of the University of Baltimore found that 14% of all ad clicks are completely invalid. Many of these invalid clicks are generated by deliberate click fraud schemes with varying degrees of scale and sophistication. Other invalid clicks are driven unintentionally by web crawlers and scrapers tasked with collecting and indexing data. In this blog post, the CHEQ cybersecurity research teams detail the most prevalent forms of invalid clicks, explaining their origins and mechanisms.

1. Web Crawlers & Scrapers

What are these? Non-malicious scripts (bots) are designed to crawl and scrape websites with the objective of collecting, indexing, and cataloging data.

Why and How does this occur? Legitimate websites like search engines, travel aggregators, shopping sites, and price comparison sites will deploy bots to scrape competing or affiliated sites for the purpose of data collection, real-time price adjustment, and many other reasons. These bots are then added to the advertiser’s remarketing audience and start getting retargeted, causing additional ad-spend loss. Some of the legitimate scrapers will mark themselves as such, but unless the advertiser takes proactive action, then they will continue to eat up ad spend.

2. Malicious Bots (Automated Click Fraud)

What are these? Hacker-generated scripts (bots) are designed to mimic legitimate human traffic and perform actions that are tied to ad spend (views, clicks, form-fills, purchases).

Why and How does this occur? The party getting paid for the action is looking to increase its revenue by fraudulently inflating its traffic. The perpetrator could be a publisher, an ad network, an affiliate network, or any other party interested in inflating their numbers. These bots are generally divided into two types – GIVT (General Invalid Traffic), which is a more simplistic type of bot/scheme, and SIVT (Sophisticated Invalid Traffic), which utilizes very advanced methodologies and requires cybersecurity technology to catch and remove.

3. Malicious Human Visitors (Manual Click Fraud)

What are these? Disingenuous human-generated clicks are designed to inflate traffic, drain ad spend, or achieve some other kind of malicious goal. This can be performed by a large-scale click farm or by an individual user.

Why and How does this occur? This is a less sophisticated alternative to botnets used to generate fake activity on specific ads/campaigns. This can be deployed by a publisher/affiliate looking to inflate traffic, by a business looking to drain a competitor’s ad budget, or by someone looking to commit numerous other types of fraud.

4. Proxies

What are these? Users who are masking their identity for various reasons, using some form of a proxy server.

Why and How does this occur? People have many reasons to mask themselves online. It could be someone using a VPN to consume out-of-geo content, or it be a far more malicious form of cyber-attack using sophisticated web proxy servers. In any case, even if the goal of the proxy users isn’t to defraud the advertiser, they end up reaching landing pages and sites via online ads, costing advertisers big time.

Latest Posts

Ready to secure your
Go-to-Market efforts?

Get started