The anatomy of a click fraud gang | Polygraph Click Fraud Detection And Prevention

Last updated: 11 July 2025

Click fraud is a sophisticated internet crime that steals billions of dollars from advertisers every year. The perpetrators range from small websites and cybercrime gangs to Nasdaq-listed multinational corporations. This article focuses on a prolific Asia-based cybercrime gang responsible for a significant share of the world’s click fraud.

What is click fraud?

Most websites display adverts as a way to monetize their content. Every time a visitor clicks on an ad, the website owner earns a small fee from an advertising network.

Let’s imagine Rolex wants to advertise their latest luxury watch and decides to use Microsoft Ads - an advertising network - to manage the process. Rolex agrees to pay $20 every time their ad is clicked and instructs Microsoft Ads to display the ad across the internet. A visitor goes to bbc.com and clicks on the Rolex advert at the top of the page. In this scenario, Rolex pays $20 to Microsoft Ads, and Microsoft Ads gives around $10 to the BBC.

In this example, Rolex is the advertiser, Microsoft Ads is the advertising network, and the BBC is a publisher website.

Criminals exploit this advertising model by running their own publisher websites and use bots - software pretending to be human - to click on the ads.

The scam typically works like this:

A criminal creates a website and contacts an ad network to open a publisher advertising account. This account allows the criminal to display adverts on the scam website and earn money each time an ad is clicked.

The criminal then hires a bot programmer - a software engineer who specializes in creating bots - to build a click fraud bot. To help the bot appear more human-like, the programmer routes its traffic through a residential or cellphone proxy service, ensuring the bot uses a unique IP address every time it clicks on an ad.

The bot visits the criminal’s website thousands of times daily, with roughly 10% of visits resulting in ad clicks. The advertising network is deceived into thinking the clicks are genuine, allowing the criminal to earn hundreds of thousands of dollars every month.

The anatomy of a prolific click fraud gang

This Asia-based gang exclusively targets US advertisers, due to the lucrativeness of the US advertising industry, and the fact that stealing money from American advertisers is ignored by local police. The gang operates with impunity, knowing there is no risk of extradition should they ever be pursued by US law enforcement.

The gang uses a franchise model, with each franchise responsible for its own operations, except for the bot development and maintenance which is managed by a central team.

Each franchise hires Americans living in Asia-typically working locally as English teachers or small business owners-with the promise of high pay-outs for very little work. The job entails creating US companies and applying for publisher advertising accounts at a well-known advertising network. They use this advertising network as it has less than ideal click fraud detection capabilities.

Typically, the Americans pose as AdTech companies (advertising technology companies) to increase their legitimacy and improve the chances of their publisher advertising accounts being approved.

Whether or not the Americans understand they're breaking the law is a question. They probably don't know what click fraud is, but their massive earnings must raise suspicion.

Each franchise creates dozens of websites for their American employees, and uses the publisher advertising accounts to display adverts on some or all of these websites.

The central bot development team places a lot of effort into creating bots which closely imitate humans. They create multiple bots using various technologies and place the bots on servers in the US. The bots route their traffic through residential and cellphone proxy services to hide the servers' IP addresses, and to make the bots look like regular internet users.

The bots visit the gang’s scam websites hundreds of thousands of times per day, and click on the ads roughly one out of every 10 visits. The financial loss to advertisers is huge.

To maximize revenue, the bots perform a search on the criminals' websites before clicking on an ad. For example, searching for "law firm new york" will display ads relating to law firms in New York. These search terms are selected for their high value-by forcing expensive adverts to appear on the scam websites, every fake click generates a high return.

A challenge faced by the gang is the fact their bots never purchase anything at the advertisers' websites. That risks their publisher accounts being flagged by the advertising network as having low quality traffic. To avoid this problem, the bots occasionally submit bogus leads at the advertisers' websites-roughly 1 out of every 20 fake clicks results in a bogus lead. These fake leads, known as conversion fraud, trick the ad network into thinking the criminals' bots are real people interacting with the advertisers' websites.

At the end of the month, the advertising network transfers the ad click revenue to the American employees' companies' bank accounts, with around 80% transferred onwards to the criminal gang, and the remaining 20% kept as wages.

Since Polygraph is aware of every website operated by this gang, and is able to detect their bots and fake clicks, Polygraph customers have complained to the advertising network used by the criminal gang about the large amount of click fraud on their ads. This almost never results in any action taken against the criminals or their websites.

How to protect adverts from click fraud?

If you restrict your ads so they appear only in search engine results-in other words, preventing your ads from being displayed on publisher websites-you'll reduce your exposure to click fraud. However, you may still experience retargeting click fraud.

Polygraph protects your ads from all forms of click fraud, including those described above. We do this by detecting and disabling the bots responsible for click fraud on your ads. Then, by feeding this intelligence back to the advertising networks, we help re-train them to stop sending you fake traffic and instead deliver genuine human visitors. This means you don’t need to restrict your ads—such as limiting them to search results only. You can keep your advertising as broad as you want, while we ensure the ad networks show your ads only to real people. Typically, our clients see their click fraud rates drop by over 80%.

In summary

Click fraud is a costly and evolving threat that targets advertisers worldwide. Using Polygraph’s advanced detection tools, you can significantly reduce fraudulent clicks, protect your ad spend, and improve your campaign performance. Don’t let scammers steal your budget—start using Polygraph today to safeguard your advertising investment.