Last updated: 5 July 2025

In earlier articles, we covered the basics of click fraud (see What is click fraud?) and why bots click on search ads (see What is retargeting click fraud?). In this article, we explain a sneaky click fraud method called piggyback click fraud.

How do criminals make click fraud bots?

Before explaining piggyback click fraud, let’s review two common methods scammers use to create click fraud bots.

Create a custom click fraud bot from scratch

This method involves building a bot using a software framework, then routing the bot’s traffic through residential proxies so it has a normal-looking IP address each time it clicks an ad. This is the most common and cheapest click fraud technique. However, it requires technical skill to build the bots, and in the unlikely event that law enforcement seizes the scammer’s server, being caught running click fraud bots is risky.

Use a bots-as-a-service (BaaS) platform

Some scammers use bots-as-a-service platforms to create and operate click fraud bots. This approach is easier than building bots from scratch but requires trusting the provider’s capabilities and data security, and hoping they ignore any criminal activity.

Another risk for scammers using BaaS is the paper trail-they must register accounts, provide details of their click fraud websites, enter payment info, and their bots’ actions are likely logged on the provider’s servers and backups.

Both methods carry risks if the scammer is caught. Piggyback click fraud eliminates these risks.

What is piggyback click fraud?

Piggyback click fraud is a sneaky tactic used by large publishers and click arbitrage scammers. Polygraph has identified major publishers, including some Google Search Partners, using piggyback click fraud as their business model.

Here’s how it works:

  1. A scammer buys traffic from ad networks known to have high levels of bot traffic. Many of these ad networks are well-known in digital marketing, including some multinational corporations. The scammer’s goal is to get bot-infested traffic from a “legitimate” source.
  2. This traffic arrives at the scammer’s website. Since many visitors are bots programmed to click ads, they click on the ads on the scammer’s site.
  3. Because most ad networks lack effective click fraud detection, these bot clicks are counted as valid, and the scammer gets paid for every click.
  4. If the scammer’s traffic is flagged by their ad network, they can show proof of buying traffic from a “legitimate” source, claiming innocence.

The downside to piggyback click fraud is that scammers pay for the traffic they send to their sites. However, because this traffic is cheap and heavily bot-infested, scammers can still profit using a click arbitrage model. (What is the difference between click fraud and click arbitrage?)

Polygraph can detect all the click fraud techniques described here.

In summary

Piggyback click fraud is a sneaky scam where criminals buy visitors from seemingly legitimate ad networks, relying on the bot-infested traffic to click ads on their websites. This means scammers don’t need to create their own bots, and if ad networks question their traffic, they can show proof of buying it-claiming innocence and shifting blame to the traffic source.