Ad fraud is an endless challenge for those in the digital advertising industry. However, for advertisers running PPC campaigns, it doesn’t matter whether they’re spending $100 or 100,000 dollars: ad fraud has devastating effects on their marketing budgets, ROAS, and campaign data. 

Here’s a shocking statistic: 20% of clicks on PPC ads are caused by click fraud. However, organizations that are seeking solutions that prevent click fraud from affecting their campaigns need to look past “click fraud” as an umbrella term. 

In fact, there are multiple types of ad fraud that target PPC in particular. In this post, we’ll talk about the types of ad fraud advertisers need to be aware of, how to detect them, and finally, how best to prevent them.

Cyber security illustration

The 5 types of ad fraud affecting PPC campaigns 

In general, click fraud is carried out by two main actors: fraudulent publishers and competitors. 

Fraudsters use a variety of vehicles to perform click fraud. Below, we’ll go through the five main types. 

Bad bots 

Bots in general account for 40% of all internet traffic. However, bad bots are the ones that advertisers need to be on high alert for. They carry out click fraud by mimicking real human workflows across web applications, appearing as real users. 

Bad bots are an extremely malicious form of ad fraud and are known for performing repetitive tasks, such as initiating fake clicks, at an extremely fast rate. This enables them to generate a massive amount of fraudulent clicks to PPC campaigns that drain budgets quickly. 

Not only do bad bots deplete PPC budgets, but they also increase the cost of your PPC campaigns and make it extremely challenging to run profitable campaigns. 

Click farms 

Click farms vary in sophistication, but the concept is simple. Imagine a large room filled with people sitting in front of computers and/or phones. These workers are paid low amounts of money to manually click on online PPC ads, with the intention of running up clickthrough rates and draining PPC ad budgets. 

Although they’re often unsophisticated operations, click farms are often based in countries where there’s little regulation on ad fraud (such as China, India, and the Philippines). This makes it even more difficult to prevent the impact of click farms. 

Data center traffic

Data centers and hosting providers are both useful mediums for fraudsters. They provide all the required infrastructure to run fraud schemes, such as fast, high-bandwidth networks, anonymity, and on-demand, elastic hardware.

Fraudsters weaponize data centers mostly by using them as proxy/anonymizer VPN to cover their operations and/or location, and to launch malware and automated software from these computers. Several fraudulent operations have been exposed where fraudsters were using hundreds of servers in cloud data centers to run browsers and emulators, generating massive amounts of mobile and desktop traffic.

Click Spamming 

Fraudsters perform click spamming to capture PPC budgets by flooding ads with fraudulent clicks. Click spamming fraud happens when fraudsters execute clicks for real users who haven’t made them.

Click spamming occurs when a user opens a mobile web page or an app where fraudsters are already operating. From here, fraudsters can:

  • Perform fake clicks in the background
  • Send clicks to invisible ads operating in the background 
  • Send clicks from a user’s device to random vendors and receive a payout for ads 


Geomasking is an ad fraud technique that fraudsters use to hide the location of the clicks that they generate. Advertisers often spend more or less on PPC campaigns depending on their location (this is dependent on which locations they deem to be more valuable). 

GPS map illustration

Fraudsters spoof IP addresses to trick advertisers into thinking that clicks are more valuable than they are, resulting in payouts for fraudulent clicks. 

Fraudsters also hide their locations so that the fraud they perform cannot be analyzed by patterns in locations. 

The signs your PPC campaigns have become victim to click fraud — and how to prevent it 

Advertisers can usually detect click fraud when they observe the following:

  • Large spikes in the number of clicks on PPC ads
  • Low conversion rates despite peaks in the number of clicks
  • Traffic coming from unusual locations or geographies 
  • A decrease in page views despite peaks in the number of clicks 
  • A high bounce rate despite peaks in the number of clicks

Advertisers usually use one of the following methods to prevent click fraud from affecting their campaigns:

  • By using Google Ads to block invalid activity from bad bots, click farms, and other forms of ad fraud. Google can block IP addresses using its invalid click detection filter, yet advertisers can still experience some fraudulent activity slip through the cracks. 
  • Relying on PPC platforms to monitor campaigns for click fraud, and blacklist certain IPs and fraudulent publisher campaigns. Although many of these do insist on checks and balances to make sure click fraud doesn’t occur, this method doesn’t guarantee the prevention of click fraud on an absolute level. 

However, both of these methods are largely manual and reactive, and rely on third parties to prevent click fraud. 

For advertisers who are serious about protecting and optimizing their campaign for maximum ROAS, implementing a dedicated anti-fraud solution is the only robust, automated method of preventing click fraud before the damage is done.