CHEQ Raises $150 Million, led by Tiger Global

Learn More

Eliminating Invalid Clicks on your Facebook campaign

Marketing spend on social media platforms reached $107 billion in 2019, accounting for 17% of global ad spend. Of all the social media platforms, Facebook is the big beast, with marketing spend on the social media giant reaching $70 billion each year from 8 million advertisers. Despite the rise in spending on paid social media – now third behind TV and paid search, the scale of invalid activity on platforms has been largely hidden. Though there have been long-held concerns about clicks on campaigns and draining of ad budgets, social media platforms have been relied upon to detect fraudulent clicks and overall invalid activity. It has been their role to credit marketers with losses they may have suffered through automated, bot, or fake account activity.

Given the launch of the first click fraud technology able to detect and prevent invalid clicks on all paid social campaigns, we explore the issues of invalid clicks on Facebook.

Invalid Clicks and Facebook

The definition of invalid traffic in social media has been set out by the Media Rating Council, The media industry’s measurement watchdog says:

“Invalid Traffic is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.” It is further broken up into Sophisticated Invalid Traffic and General Invalid Traffic.

Facebook policies on click fraud

Facebook has undoubtedly taken serious proactive approaches to combat click fraud. Facebook identifies this as “clicks generated through prohibited means, such as fake accounts, bots, scrapers, browser add-ons or other methods that don’t follow our terms.” The company has also taken firm action against bad actors hurting the integrity of their platform including click fraud and offers refunds for such activity when spotted by its algorithms or its advertisers.

While Facebook is fully committed to removing invalid clicks from its platform, data has shown that the issue persists, thus requiring third-party cybersecurity protection in addition to the current measures being implemented.

Facebook: sources of invalid traffic

Not uncommon with other paid social media platforms, there are a mixture of reasons for invalid clicks occurring on Facebook.

1. Fake accounts, data centers and bots

The largest source of invalid clicks based on what we see through clients protecting their Facebook spend using CHEQ for PPC, is “data center traffic”. This is consistent with fake and automated bot account activity. The digital advertising industry regulator, the MRC, notes that known data center traffic is “determined to be a consistent source of non-human traffic; not including routing artifacts of legitimate users or virtual machine legitimate browsing.”

Then there are fake accounts. Facebook understands and has taken action against fake accounts, however according to Facebook, 5% of its worldwide monthly active users (MAU)  during Q4 2019 and Q1 2020 are not real, according to the company’s Transparency Report 2020. In 2020, for instance the MRC asked Facebook for more information about Facebook’s efforts to monitor fake accounts on the platform and data about ad impressions served to “invalid accounts.”

This particular issue of fake accounts emerges in notorious cases, such as When pro-Putin Russian trolls pushed divisive issues on Facebook ahead of the 2016 US election, they created accounts that pretended to express the views of concerned Americans. In more recent revelations, for instance Roger Stone, a longtime friend and former top adviser to Donald Trump, bought more than 200 fake Facebook accounts according to FBI search warrants.

2. User agent spoofing

Sophisticated fraud also involves user agent spoofing. This involves a mismatch between declared user agent, such as a web browser, and the actual user agent being used to interact with online content.

3. Retargeting

There is also often cases of marketers using Facebook’s look-alike audiences further retargeting of bots. Facebook lookalike audiences let you reach a large number of people who share the same characteristics as your existing customers. In fact 33% of marketers use retargeting to win customers. However, in many cases, the retargeting efforts merely involved putting good money after bad bots that had engaged with Facebook ads – and which in many cases have indeed clicked or interacted with your Facebook ad post. This requires segmentation to prevent bots being targeted.

4. Click farms and inflated engagement

Click farms are a large and growing problem. This involves individuals with real accounts on Facebook paid to manually like specific pages. In developed countries this can involve paying $1 per 1000 likes. In setting out their opposition to fake likes, Facebook says “People behind these fraudulent activities are rational actors with clear financial motivations. They make their profit by promising and generating Page likes to admins around the world who typically don’t understand the negative implications of purchasing these likes.” For instance sites such as Boost Likes, openly advertise 1000 likes for your page for $75. Or for 100,000 likes the price is $4,200. Boost Likes says it aims to reach English-speaking audiences who can understand posts in English but this “cannot be guaranteed”. The site admits: “we cannot control what kind of people want to like your page with this worldwide audience.”

5. Facebook’s Audience Network

Facebook’s Audience Network, which advertisers use to extend their Facebook campaigns to third-party sites and apps, can be a conduit for ad fraud. LionMobi and JediMobi for instance were banned from the Audience Network by  Facebook, which refunded impacted advertisers in March 2019. These frauds often use click injection, where fraudulent developers get their apps installed on as many phones as possible – in this case, both developers peddled their apps in the Google Play store – and insert ad network SDKs into the apps. From there, they generate fake traffic, users, activity, ad viewing and clicks in their apps, collecting money for ad views from ad networks such as Audience Network. Outside sites can increase their own ad revenue by buying traffic, that is bots that repeatedly load pages to manufacture ad impressions out of thin air.

Facebook clicks: In context

Since its inception, Facebook has faced challenges from invalid clicks and deploys a dedicated and talented team of engineers and legal personnel to fight the problem. This has kept the platform above many other comparable advertising ecosystems. Facebook’s Director of Product Management Rob Leathern says the challenge in tackling the problem is the sheer number of fraud attempts combined with the multiple forms it can take.

“You have to defend a variety of different channels, whereas [attackers] can always focus their efforts into one particular area,” Leathern said. “And many of these adversaries are well-funded and persistent.”

Facebook’s invalid clicks may be far lower than many parts of the online ecosystem, in particular display advertising, though hundreds of enterprise clients have begun using CHEQ for PPC given the instant savings through further reducing invalid clicks, avoiding bots and reaching only real customers. It also provides a similar service for other paid social media networks such as Instagram, Twitter, and LinkedIn as well as fast-rising Pinterest ad campaigns.  In launching CHEQ for PPC, CHEQ CEO Guy Tytunovich, said “Google, Facebook and other PPC platforms do a good job in fighting fraud, and yet, there’s still an issue there, because there’s an inherent problem with solving it when you’re the biggest sitting duck on the internet.”


According to eMarketer, Facebook and Google together accounts for 58% of digital advertising spend in the U.S. Both ecosystems currently use sophisticated tools and consumers’ demographic information and location in order to serve users advertisements. However, given the large amounts of spending on Facebook protecting your ad spend, has become table stakes. If you are experiencing unusual traffic or poor results on your Facebook campaign, protect your Facebook ad spend from click fraud preventing infection of your CRM. Check out CHEQ for PPC. Get your free trial today.

Facebook enforcement against invalid clicks

2016: Fake Facebook accounts pushed divisive issues ahead of the 2016 election through the creation of accounts purporting to express the views of concerned Americans.

August 7 2019: Facebook files lawsuits against two app developers accused of generating fraudulent revenue, LionMobi — based in Hong Kong, and JediMobi — based in Singapore — generated “unearned payouts” from Facebook advertising.

October 2019: Facebook agrees a $40 million settlement with Facebook advertisers for the inflated video metrics which they incorrectly provided (between 2015 and 2016)

December 5 2019: Facebook takes action against iLike Ad Media which deceived people into installing malware compromising people’s Facebook accounts. This involved running deceptive ads through “cloaking”, disguising the destination of the link in ads by displaying one version of an ad’s landing page to Facebook’s systems and a different version to Facebook users.

April 9, 2020 Facebook court action against Leadcloak, Basant Gajjar, for software and services running deceptive ads, including scams related to COVID 19 and cryptocurrency.