What is the difference between click fraud and low quality visitors? | Polygraph Click Fraud Detection And Prevention

Last updated: 5 July 2025

Online advertisers often face a frustrating problem: lots of clicks, but few conversions. There are several possible reasons - your website might load slowly, have a confusing user experience, or present a mismatch between the ad and landing page messaging. But one of the most common and costly causes is click fraud: fake or worthless clicks that drain your budget without bringing in real customers.

In this article, we’ll start by explaining how online advertising works, walk through two common click fraud techniques, define what qualifies as a low-quality visitor, and finally break down how to tell the difference between fraudulent clicks and legitimate - but ineffective - ones.

The basics of online advertising

Imagine you’ve just opened a pizza delivery restaurant in Brooklyn, New York. After some research, you find that 25% of potential customers search on Google for “pizza delivery brooklyn” before ordering.

You try searching for that phrase online and notice your website only appears on page 11 of Google’s results - making it nearly invisible to most customers. To fix this, you decide to buy ads to get your restaurant listed on the first page by using Google Ads.

Google Ads is an online advertising platform where you select keywords to target and agree to pay a fee each time someone clicks your ad.

You create an advertiser account on Google Ads and set up an ad campaign targeting keywords like “pizza delivery brooklyn,” “brooklyn food delivery,” and “brooklyn best pizza,” agreeing to pay up to $3 per click.

Your ads will appear both in Google’s search results and across the “Google Display Network,” which consists of numerous websites - like your favorite news site - that show Google Ads to their visitors.

To participate in the Google Display Network, publishers open publisher accounts with Google Ads and request permission to show ads on their sites. Once approved, they add a small piece of code to their webpages that fetches and displays ads.

Publishers earn money whenever someone clicks an ad on their site. For example, if your pizza ad appears on a publisher’s website and a visitor clicks it, Google charges you around $3 and pays roughly $1.80 to the publisher.

In this ecosystem, three parties play key roles: advertisers who pay to display ads, publishers who host the ads and earn from clicks, and ad networks that connect advertisers and publishers - keeping a sizable share of the ad spend for themselves.

What is click fraud?

Some dishonest publishers have found it easy to make money by clicking on the ads displayed on their own websites. These worthless clicks are known as click fraud, and they cost advertisers over one hundred billion dollars every year. It’s a highly profitable crime, and many people are successfully carrying it out.

If a publisher simply clicked ads from their own computer, ad networks would likely catch them because too many clicks would come from the same browser and IP address. To avoid detection, publishers try to make each click appear to come from different devices and IP addresses.

One basic method is asking friends and family to click ads from their computers, but this is labor-intensive and not cost-effective. Instead, publishers commonly use “bots”-software designed to mimic human behavior-to click on ads.

Publishers hire programmers to create bots that visit their websites, click ads, and then browse the advertiser’s site to look more authentic. To appear genuine, the bot visits frequently but only clicks ads occasionally. These bots route their traffic through various residential proxies-IP addresses from real people’s home internet connections-to make each visit look like it comes from a different location. The bots also randomly alter their device characteristics so each click appears unique.

While this may sound complex, it’s actually quite accessible. There are many companies offering residential proxy services at low costs, sometimes as cheap as $300, enough to generate tens of thousands of fake clicks.

The programmer sets up the bot on a server, configures it to use residential proxies, and the bot then automatically visits the publisher’s website to carry out click fraud.

Another common click fraud method involves sending real visitors to the publisher’s website and using tricks to force them to click ads.

This technique has the advantage of bypassing all bot detection systems since real humans are involved. However, it’s more expensive because criminals must pay for genuine website traffic instead of simply running bots.

In this approach, the publisher buys web traffic and directs visitors to their site. Ads appear normally, but a hidden ad is placed inside an invisible iframe that follows the visitor’s mouse pointer. So, when the visitor clicks anywhere on the page, they unknowingly click the hidden ad.

To make this work, the website tricks visitors into clicking somewhere. For example, an alert might pop up warning a virus is downloading, with a “cancel” button to stop it. When the visitor clicks “cancel,” they actually click the hidden ad. The advertiser’s website then loads inside the invisible iframe.

Polygraph is able to detect and prevent the two click fraud techniques described above.

Do the ad networks detect click fraud?

Most ad networks are not very effective at spotting click fraud. Some might argue this is because they have a conflict of interest - they earn revenue from every click, whether it’s genuine or fraudulent. This raises the question: what incentive do they really have to stop click fraud? It’s striking that a small cybersecurity company like Polygraph can outperform large ad networks when it comes to detecting fraudulent clicks.

What is a low quality visitor?

A low quality visitor is a genuine click on your ad that is unlikely to lead to a sale. Examples include:

Someone who clicks your ad by mistake.
Someone who clicks your ad but, after visiting your site, realizes your product or service isn’t what they want.
Someone who clicks your ad but gets distracted and leaves without engaging beyond the landing page.
Someone who sees your ad due to misconfigured targeting-for instance, showing your pizza delivery ad to people outside the US.

While these clicks come from real people, they are low quality and end up wasting your advertising budget.

You can improve the quality of your clicks by properly configuring your ads and ensuring your landing pages are relevant, well-designed, and user-friendly.

In summary

Click fraud involves fake clicks on online ads generated by bots or people who unknowingly click your ads. These clicks will never convert into sales. To protect your campaigns, you need a dedicated click fraud detection and prevention service like Polygraph, as relying solely on ad networks is risky-most do a poor job detecting click fraud.

On the other hand, low quality clicks come from real people but still don’t convert. Since these clicks are legitimate, the best way to minimize their impact is by properly configuring your ads and ensuring your landing pages offer a clear, relevant, and engaging experience for visitors.