Last updated: 15 July 2025

Click fraud is a huge issue, costing some advertisers as much as 80% of their ad budgets. In this article, we explain what click fraud is, how criminals profit from it, and outline two key strategies to help you prevent fake clicks on your ads.

What is click fraud?

In online advertising, there are three main players: advertisers, publishers, and ad networks. Advertisers pay to have their ads shown online, publishers earn money by displaying those ads on their websites, and ad networks act as intermediaries, collecting payments from advertisers and sharing the revenue with publishers.

Typically, advertisers pay a small fee to the ad network each time someone clicks on their ad. For example, a flower shop in New York might pay Google Ads $5 for every click on their "Buy Flowers Online In New York" ad. If the click occurs on a publisher’s website, Google Ads usually splits that $5 roughly 60/40, with the larger share going to the publisher.

This system has attracted criminals who pose as legitimate publishers, generating thousands of fake clicks on the ads displayed on their sites. These fraudulent clicks, known as click fraud (or ad fraud), cost advertisers billions of dollars annually.

For a deeper dive into click fraud, check out our detailed article What is click fraud?.

How do criminals earn money from click fraud?

Criminals create publisher accounts with ad networks and use them to display other people’s ads on their websites. They then generate clicks on these ads to earn money. If they clicked repeatedly from the same home computers, the ad networks would likely detect this and suspend their accounts. To avoid detection, they use technology and deception to make the clicks appear as if they come from genuine website visitors.

One common method involves using bots - computer programs designed to mimic human behavior - that visit the criminals’ websites and click on the ads. These bots usually run on servers, but their traffic is routed through “residential proxies” and “cellphone proxies,” which are regular people’s computers and cellphones, making the clicks look like they originate from real users. While this may sound complex, bot creators and proxy services are easily found with a simple online search.

The bots visit these sites tens of thousands of times each day but only click on ads occasionally - about 5% of visits result in a click - to keep up the illusion of real visitors.

Every time an ad is clicked, the ad network charges the advertiser and passes a share of the revenue to the criminal.

Since click fraudsters often run multiple websites displaying ads, the total amount stolen from advertisers is substantial.

Why aren't ad networks detecting click fraud?

Most ad networks do a poor job of spotting click fraud. A cynical view suggests this might be because they have little incentive to act, as they earn money from every click-whether genuine or fake. To show how widespread the problem is, here are the estimated click fraud rates for major ad networks as of early 2024:

  • LinkedIn: 48%
  • Facebook: 36%
  • Bing: 29%
  • Twitter: 26%
  • Google: 12%

Polygraph works by reverse engineering click fraud bots, researching new fraud techniques and detection methods, monitoring click fraud gangs, and interviewing current and former scammers to stay ahead. Though we are a small cybersecurity company, we detect click fraud far better than the ad networks themselves.

How to reduce click fraud

While you can’t completely stop click fraud, you can reduce it significantly by taking several steps. Set your conversion goal to purchases only to avoid training ad networks with fake leads or add to carts. Limit campaigns to search only, turning off display and search partner networks where most bots live. Use exact match keywords with extensive negative search term lists to block common bot triggers. Exclude unknown demographics from targeting, since bots often appear as unidentifiable users. Apply tight location targeting to reduce fraudulent clicks from outside your area. These changes will lower your click fraud but won’t eliminate retargeting fraud and fake leads entirely.

The best way to prevent click fraud

As mentioned earlier, focusing your advertising on search ads reduces your exposure to click fraud, but bots can still trigger your ads through retargeting click fraud. Polygraph detects these bots by tricking them to reveal themselves, and blocks their fake leads and add to carts before they can influence your campaigns. By blocking this fraudulent activity, Polygraph re-trains the ad networks to recognize and send you only genuine human traffic-since these networks base their traffic delivery on your conversion signals. Additionally, Polygraph reveals which scam websites generate fake clicks, highlights the ad networks involved in the fraud, and provides detailed information about each flagged click. This valuable insight also supports your efforts to claim refunds from ad networks.

In summary

Click fraud is draining your advertising budget, and relying solely on ad networks to catch it is a mistake. By limiting your ads to search results only-excluding publisher sites and search partners-you can significantly reduce click fraud. However, retargeting click fraud can still pose a serious challenge.

The most effective way to protect your budget is to use a click fraud detection service like Polygraph. It detects even the most advanced click fraud bots, stops fake leads and add to carts, and re-trains ad networks to send you genuine human traffic instead of bots, helping you minimize your risk.