What is Ad Fraud, and How to Prevent it | CHEQ


In 2022, ad fraud actually surpassed credit card fraud in terms of both money lost and as a percentage of the industry revenue. In fact, according to research from Cheq, ad fraud makes up 10.5% of all digital marketing activity.

Of course, there are huge sums of money involved. And, despite the efforts of the major advertising platforms, there seems to be no end to the growth of ad fraud.

Increasingly, marketers are aware that they need to avoid ad fraud. As a result, the market for ad fraud prevention is growing rapidly.

So what can you do? And is ad fraud an issue that really affects your business?

What is ad fraud?

Ad fraud is the practice of fraudulently inflating the views or clicks on an online ad for financial gain. This normally involves hosting ads on a website or app and generating fake traffic, or invalid traffic, in a number of ways.

Primarily, ad fraud is a money-making scheme for unscrupulous app and bot developers or website owners.

Creating a successful digital ad fraud campaign takes a level of technical expertise.

For example, many campaigns involve using complex technical features such as domain spoofing, pixel stuffing, or click injection – all designed to maximize impressions and fool marketers. There’s also the matter of hiding traffic sources, generating fake traffic, and tactics such as impression fraud to fool the advertising platforms and bring in as much money as possible.

Ad fraud or click fraud?

Ad fraud is a form of click fraud, although one that is more organized. In fact, click fraud covers less organized forms of fake clicks and impressions, such as intentional malicious clicks from individuals.

Research from the University of Baltimore and CHEQ found that ad fraud and click fraud cost marketers $35 billion in 2020, which is thought to have exceeded $40 billion in 2021.

As ad fraud isn’t technically illegal, bringing legal charges against ad platforms or even ad fraud operators can be long-winded and complicated. Google, Bing, and others do have some processes to protect against the most obvious sources of click fraud, although this is widely considered inadequate.

What Are the Different Types of Ad Fraud?

Although the definition of ad fraud often involves bots or automated processes, there are other methods that include the human touch. These ad fraud techniques are the most common that you’re likely to encounter.

Ad fraud is the practice of hosting ads on a publishing platform and inflating the volume of clicks, impressions, or conversions to collect a payout.

Hidden Ads or Ad Stacking

There are several practices whereby sites can host ads that are technically not viewable by the human eye. Displaying the ad in a 1×1 pixel square, stacking multiple ads on top of one another, or displaying the ad outside the viewable area are the most common practices.

Using this approach, the site owner will get a payout for the ad being displayed, but the advertiser will see little or no traffic or clicks as a result.

  • Ad displayed in an imperceptible format
  • Zero to extremely low chance of traffic
  • Often used by fraudulent publishers looking to profit from multiple ads on their sites
Ad stacking is one method of ad fraud
Ad stacking is when multiple ads are inserted on the same real estate

Click Farms

Click farms are one of the main forms of mass-produced traffic for ad fraud. Essentially, bots or real people are hired to click on your ad. Of course, these are not potential genuine customers, so that click is worthless to the advertisers.

A click farm can be an actual place, often a warehouse in the developing world with hundreds of people assigned to like, click, and interact with content for hours a day.

Click farms can also take the form of remote workers. You might have seen those ‘make $ working from home’ ads online. Some of these can be remote clicking work using PTC (paid-to-click websites or apps). These paid-to-click businesses have been growing in size in recent years and now present a real problem to marketers.

  • Real people from unique IP addresses make click farms hard to combat
  • Non-genuine traffic with no chance of a conversion
  • Used by organisations looking to boost their views (often through paid campaigns)
Click farms in Asia are used to inflate traffic for ad fraud
From the show Silicon Valley, a depiction of an Indian click farm

Bot Traffic

The number one source of ad fraud, bot traffic, refers to automated systems set up to click or interact with sites. However, not all bots are created equal.

Simple bot programs are often set up to do simple repetitive tasks such as scanning through domains, clicking on a set group of ads, or performing a single repeated action across multiple sites. These types of bots are relatively easy to spot as they have a consistent IP address and cookie profile.

You might have noticed simple bot behaviour with spam messages in your inbox, or if you run a blog or website, you will probably have seen spam comments.

Increasingly sophisticated bot traffic is where headaches start for advertisers. These can do more complex tasks such as:

  • rotating IP addresses
  • mimicking user behaviour
  • using proxy servers to disguise their location

These bots can play the PPC system, both maximising exposure to the highest-paying ads and creating traffic that looks authentic for a higher chance of a big payout.

  • The main source of fraudulent clicks and ad fraud
  • Simple bots are easy to combat as they have predictable and simple behaviour
  • Complex bots are often used by criminal organisations to boost their income
Malicious bot traffic is another method of ad fraud.

Hijacking Clicks or Ads

This clever method uses malware to hijack the ad (also dubbed as clickjacking, click injection, or malvertising) on a website and replace the code in the hijackers’ favour.

For example, by changing the ad displayed, the hijacker can display their ad and not pay for the placement, with the original advertiser picking up the bill.

This can also work to redirect clicks to a different site, even if the original ad is displayed. So, the advertiser pays for the click, but the hijacker benefits from the traffic generated.

  • Malware designed to change the code of a display ad in the hijackers’ favour
  • Can either divert traffic from genuine ads or display a different ad on top of the advertisers’
  • Click injection can claim organic clicks fraudulently on hidden links and ads (without the users’ knowledge)

Impression Laundering or Arbitrage

This clever form of ad fraud siphons off legitimate display advertising onto less relevant or sometimes downright shady sites. These sites usually also have high traffic. This usually hits advertisers with a high-price CPM (cost per mile) campaign, where the ad success is measured in impressions rather than actual clicks.

By using a series of clever redirects, as far as the advertiser is concerned, their ad is being displayed on legitimate partner sites.

  • Ads can be seen on irrelevant sites or sites promoting illegal activity
  • These sites tend to be high-traffic traffic, so impressions can be very high

How to Protect Yourself From Ad Fraud

Although these are the most common types of ad fraud, the goalposts are always moving, and new PPC fraud forms are regularly popping up. And, as the practice isn’t outlawed, it can be very tricky to minimise or even be aware of your exposure to ad fraud.

There are a few things you can do to limit your exposure to ad fraud and get your ad spend under control. Some are things you can do in your PPC campaign setup; others will involve using a paid service. Depending on the potential for gain or loss, you might want to determine which is best for your business.

Monitor your data

At the absolute minimum, keeping an eye on your traffic sources and CTR data will help you identify if something fishy is happening. If traffic appears to be coming from a suspicious location, or you’re experiencing a high CTR but little in the way of conversions, then look closely at your online advertising partners and consider limiting traffic from certain locations.


If you suspect dodgy traffic is coming from some less salubrious partners, you can blacklist certain domains and IPs of “users” that click. As you have little control over malware or traffic coming through those sites, keeping them blacklisted is a good way to avoid the fraudulent traffic they might be attracting.

Ad Fraud Protection

With the rise of ad fraud, it’s advisable to use fraud detection services such as CHEQ Essentials. Click fraud prevention services are designed specifically to defend and protect your digital advertising campaigns. The sophisticated algorithms help protect against bot traffic, click farms, and other forms of invalid traffic, such as VPNs.

Ad fraud detection and protection is particularly suited to high-value or high-volume campaigns, especially those targeting competitive keywords. Marketing agencies dealing with multiple clients will especially see the benefits, although some surprising industries do fall foul of click fraud and ad fraud.

CHEQ Essentials is designed to protect online ads on major ad networks, including Google, Facebook, and Microsoft/Bing. Stop bots, get more leads, and maximise the return on your ad revenue by using CHEQ.

Sign up for a free trial and run your own ad fraud audit.

Latest Posts

Block invalid traffic with CHEQ Essentials