Millions are being lost to click fraud every year and it’s estimated that global losses to digital advertising fraud will be over $50 billion a year by 2025. But what is click fraud? How does it work? Who is behind it and most importantly does it affect your paid media campaigns?

In this article, I’ll share how click fraud works, who is running it, how they make money from it and why the major ad platforms are unable to tackle it. You’ll get an understanding of the impact on your search and social campaigns and how you can start to protect them from click fraud.

What is click fraud?

Essentially, ad fraud, click fraud and fake clicks amount to the same thing. It’s the misuse of available tools with the aim of diverting money or goods from the marketplace into the hands of a fraudster operating within that ecosystem.

What impact does it have on online advertisers?

  1. Wasted ad spend

Click fraud can siphon off a significant portion of marketing budgets, whether you are spending £5k month or £500K a month, you are wasting a significant amount of your ad spend on fake clicks. 

  1. Inaccurate campaign data 

Digital marketers are constantly working with data to make the best possible decisions they can for where to allocate paid media spend. It’s a feedback loop that relies on having the most accurate data and insights into the customer journey for informing future decisions.

When that information is being corrupted by false traffic and bot clicks, it will have an impact on all future marketing decisions.

Most marketers are seeing suspicious behaviour on their websites and campaigns but knowing where that traffic comes from is more difficult to identify.

Who’s behind click fraud?

Many scams are run by illegal organisations and gangs who funnel the proceeds of ad fraud into organised crime, including money laundering, human trafficking and drugs.

How does click fraud work?

Scammers create botnets and fake click farms to generate thousands of false impressions on an advert or fake visits to a website or publisher where ads are displayed.

Imagine a thousand bots, all accessing different websites, mimicking human behaviour and looking like a real person surfing the web. The botnet creator now has a network that appears to be real and which can then be directed to a fake website. 

This fake website now looks like it’s genuine, receiving high volumes of traffic from thousands of real people. Advertisers place ads on the website because it looks like a high-traffic site that’s relevant to their brand.

The ad network that serves the ads pays the bot-owner for the ads displayed and the scammer’s profit from a completely fake set-up.

Where the fraudsters got caught

Methbot and 3ve are just two of the sophisticated bot networks which have been broken by a number of partners working together to stop ad fraud in recent years.

The amount of money syphoned illegally from the use of bots to create false ad impressions is staggering.  Aleksandr Zhukov, a Russian national, convicted in May 2021 as being behind Methbot, is believed to have defrauded the US digital advertising industry out of more than $7m.

3ve surpassed Methbot in scale and sophistication, infecting 1.7 million computers, spoofing 10,000 domains and making more than 12 billion fake ad requests per day.

More recently connected TV (CTV) apps were targeted by the PARETO botnet, found on nearly a million infected Android phones pretending to be humans watching ads on smart TVs and other devices like Roko. PARETO-associated traffic accounted for an average of 650 million daily bid requests, the result of 29 Android apps spoofing more than 6,000 CTV apps.

What you can do to protect against click fraud

On Google Search and Microsoft Search Ads, you can add a list of IP addresses as an exclusion list. Google ads give you a tool that lets you paste in IP addresses (including some IP address ranges) but it only allows you to add up to 500 IP’s. This can be useful for adding competitor IP’s to combat clicks from competitors.

You can slightly extend the range of IP addresses you can exclude by using “ranges” but even then, you’re limited in what you can achieve and some of those rows should be taken up by your own IP address and those of your competitors.

On Facebook Ads, this means creating an exclusion list (a custom audience that is excluded from seeing ads) that has nothing to do with IP addresses and can be much broader in scope.

How do you figure out what to exclude?

The truth is that without ad fraud detection software, it is impossible for an advertiser to detect bots responsible for fraudulent ad impressions and clicks. 

Beacon is software that detects and blocks bots responsible for click fraud in two ways:

  1. Bot detection 

Beacon detects invalid clicks across all major paid search and paid social channels (including Google Search Ads, Bing, Facebook, Instagram, Twitter, Snapchat, and more) as well as programmatic/display advertising.

  1. Click fraud protection 

Automated protection ensures that when a bot is detected, the device fingerprint is added to Beacon’s unique bot protection database. This database is used to block bot impressions (for CPM) and clicks (for CPC) on your paid campaigns. Beacon provides protection on Google, Bing, Facebook, FAN and Instagram. 

How it works 

The first step is to run a trial that provides a baseline analysis to detect bots. This proof of concept gives new users the opportunity to test drive the software before subscription.

Once the click fraud protection is switched on, Beacon blocks bots that it’s identified as interacting with the user’s ads, plus others it knows to be active in their sector for similar businesses.

Find out more here –


Effectively combating click fraud means giving attention to the issue and implementing cutting-edge software to protect your campaigns.  Fraudulent traffic cannot be eliminated but you can mitigate to reduce it significantly, giving you cleaner campaign data and a much higher return on your ad spend.