Published: 20/04/2020

Click Fraud

Click fraud is when a user – human or bot – pretends to be a legitimate website visitor and clicks on an ad, button or hyperlink. Click fraud aims to fool a platform or service into thinking legitimate users are interacting with a landing page, ad or app.

Typically, click fraud occurs on a large scale and all targeted links are clicked multiple times. Automated bot traffic can be leveraged effectively to continually click links.

Threat actors may use different click scam techniques, including:

  • Ad Fraud: This click fraud strategy is primarily used to damage a competitor’s PPC budgets
  • Rankings & engagements: Automated click bots can be used to generate artificial engagement around specific social media content to improve a post’s organic visibility, or to improve a landing page’s click-through rate from the search engine results pages (SERPs)

What is a click bot?

Click bots vary in complexity, from the simplest bot accessing a landing page to a sophisticated bot programmed to mimic human behaviour.

To further disguise the nefarious activity, threat actors utilise multiple internet-connected devices, each of which will have a unique IP address, to manufacture the appearance of legitimate user behaviour i.e. it looks as though each click comes from a different user. This network of devices is known as a botnet.

How to prevent click fraud

If a threat actor is using a botnet to carry out a click fraud campaign, it can be challenging for the target organisation to detect malicious behaviour before it is too late. However, by learning what ordinary traffic looks like, you are equipped to quickly and accurately detect anomalies and block bad bots.

Collaborate with an expert bot management vendor that specialises in analysing intent and identifying patterns in user behaviour to ensure you understand what constitutes normal in the unique context of your traffic environment.

Frequently asked questions about click fraud

How can you detect click fraud?

Click fraud detection typically involves comparing the number of clicks on a particular link against what is considered normal for your site. But it also requires tracking the behaviour and intentions of individual users as they progress through a journey, so that bad bots can be quickly identified at critical moments e.g. when completing an order form, making payment or taking another action that would compromise sensitive information.

How is click fraud carried out?

It is possible to carry out click fraud in a number of different ways but typically a threat actor will use automated botnets, which means that multiple devices across the internet can be used to generate fraudulent clicks.

Why do attackers carry out click fraud?

Attackers are motivated by financial gain, whether by directing profits into their own pockets via spammy adverts and/or landing pages or they control botnets around the world to lower the search ranking of competitors to make their own services appear more attractive.

Who uses click fraud?

Click fraud is typically carried out by professional criminal organisations that use sophisticated networks of botnets to generate artificial traffic volumes. Click fraud can also be committed individually by a wider variety of threat actors including cybercriminals, hacktivists and competitors.

What is click flooding?

Click flooding occurs when bad bots repeatedly refresh the page or complete a series of actions at a rapid speed, exhausting server resources and slowing down the site for genuine users.

What is the goal of click fraud?

Click fraud is used to generate advertising revenue through click charges, or to take control of and manipulate search results.

Why is click fraud so prevalent?

Click fraud has been prevalent on search engines since the advent of paid-for-placement advertising, but it is constantly evolving with new tactics and ever more sophisticated methods.

How do you spot click fraud?

It requires sophisticated detection capabilities that can monitor user journeys from start to finish, identifying and blocking bad bots as quickly as possible without getting in the way of genuine users.

What is click injection?

Click fraud attack methods are constantly evolving at a rapid pace, so it’s hard to identify and block malicious activity on the fly. Click injection (also known as clickjacking) occurs when malware infects a legitimate website which can be used to trigger fake clicks to generate revenue.

Why is click fraud a problem for ad networks and publishers?

Click fraud is a particularly common problem for online ad networks, search engines and publishers because it can manipulate positions on search engine rankings, and because genuine traffic is being siphoned off to unscrupulous parties.

How can you avoid click fraud?

The best way to reduce your exposure to risk is by working with an expert bot management vendor that specialises in analysing intent and identifying patterns in user behaviour to ensure you understand what constitutes normal in the unique context of your traffic environment.  A strong detection solution will be aware of this constantly changing environment and employ sophisticated algorithms that are able to identify anomalies at scale so that bad bots can be automatically blocked before causing damage or inadvertently generating revenue for cybercriminals.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.