New report:
Invalid Click Rate Benchmarks
What is Click Fraud?
- July 9, 2025
Table of Contents
If your ads aren’t delivering results, click fraud could be the culprit. Fraudulent traffic is draining ad budgets on Google, Facebook, and Instagram, costing businesses billions each year. But the real kicker is that it’s only getting worse.
This guide breaks down what click fraud is, how it works, and how you can stop it before it completely destroys your marketing.
What is click fraud?
Click fraud is the intentional act of generating fake clicks on online ads to drain advertisers’ budgets or fraudulently generate revenue. It can be executed by bots, click farms, competitors, or fraudulent publishers, but the result is often the same: your business pays for ad interactions that have zero chance of converting.
There are different types of click fraud, but they are usually done to achieve one of two end results:
- Wasted budget: The advertiser pays for a click that has zero chance of converting, thereby wasting and potentially depleting their ad budget.
- Fraudster profits: The fraudulent party profits from the click due to the placement of the ad on their own website or app.
In the first scenario, a business competitor might repeatedly click your own ads, depleting your ad budget and effectively removing your ads from search engine results (this tactic is known as competitor click fraud). In the second case, fraudsters potentially accrue large sums of money by generating fake and invalid clicks on ads hosted on their own sites or apps.
Learn the difference between click fraud vs invalid clicks
How much money does click fraud cost advertisers?
Click fraud drains billions from advertisers every year. Juniper Research estimated $84 billion in losses due to ad fraud in 2023, affecting desktop, mobile, and in-app advertising. The losses are estimated to grow to $172 billion in 2028.
Other studies put losses at $23 billion (Cheq) and $5.8 billion (White Ops & ANA), though some studies underreport fraud due to limited access to data.
Estimates from Lumen Research suggest that only a fraction of ad spend is truly productive–9% of digital ads are viewed for more than a second. But that’s not all.
21% of ad impressions on Chrome were from “non-human” sources (Source: Wall Street Journal)
20% of all digital ad spending is wasted (Source: CNBC/Adloox)
25% of all desktop clicks were determined to be fraudulent (Source: Pixalate)
All this means only a small percentage of business spend is used to reach real customers, and fraudsters still pocket a large chunk of that.
Then, there are invalid clicks, which make up about 11.7% of all clicks in Google Ads.
But, advertisers aren’t the only victims. To avoid fraud, brands are cutting ties with publishers. JPMorgan Chase, for example, reduced its ad placements from 400,000 websites to just 10,000 trusted publishers. Others, like Procter & Gamble and Unilever, have slashed ad budgets by hundreds of millions, showing the ripple effect of click fraud across the digital ad industry.
In summary:
- Click fraud costs billions: Juniper Research estimated $84 billion in losses in 2023, estimated to grow to $172 billion in 2028.
- Most digital ads go unnoticed: Only 9% of digital ads are viewed for more than a second, according to Lumen Research.
- Invalid clicks are widespread: 11.7% of all clicks in Google Ads are classified as invalid.
- Brands are pulling ad spend: JPMorgan Chase cut ad placements from 400,000 to 10,000 websites to avoid fraud.
Why is click fraud so difficult to stop?
Why are marketers losing entire countries’ GDP to fraudulent clicks? Here are a few reasons:
1. It is easy to commit click fraud
Fraudsters can quickly set up Made For Advertising (MFA) websites, fill them with low-quality content, and embed PPC ads. All they really need is a webpage and some bots or real workers to execute the clicks. They generate fake ad engagement and drain advertiser budgets without real conversions. These MFA websites are also used in other types of fraud, like Facebook ad fraud.
2. Click fraud is highly lucrative
Click fraud isn’t just easy—it’s also incredibly profitable. Fraudsters can earn substantial revenue by exploiting ad networks, with very little risk of being caught. For example, in 2018, a 3ve ad fraud ring was uncovered, which used botnets to generate over 3 billion fake ad impressions per day. It scammed advertisers out of an estimated $29 million before it was shut down
3. Click fraud strategies are a dime a dozen
One sneaky trick by fraudulent website owners is to hide ads with Ad stacking and pixel stuffing, generating fraudulent clicks on ads that you can’t even see.
4. Click fraud can be hard to detect
Another challenge is that click fraud can be very difficult to detect, especially as it continues to evolve. Traffic from Bots Farms has become much more sophisticated in recent years, and they are better than ever at mimicking human behavior, making them harder to spot and block.
How does click fraud work?
Most click fraud today follows a process similar to this:
Step 1: Fraudsters set up fake traffic sources
Fraudsters create fake websites, bot networks, or click farms designed to generate artificial ad interactions. Some use hacked devices or malware-infected computers to copy real user behavior.
Step 2: Ads are displayed to fake users
They register with ad networks as publishers, embedding pay-per-click (PPC) or video ads on their sites. Legitimate advertisers unknowingly bid for placements.
Step 3: Fraudsters generate fake clicks
Click fraud is primarily executed using bots, automated scripts, or low-paid human workers to repeatedly click ads and generate invalid traffic. Some fraudsters even hide ads through ad stacking and pixel stuffing to inflate impressions.
Step 4: Bots avoid detection
Advanced fraud operations use AI-driven bots that copy human behavior to a disturbing degree—scrolling, watching half videos on YouTube, and even logging into accounts—making it harder for ad networks to flag their activity.
Step 5: Perpetuators collect their profits
Advertisers pay for worthless clicks and views while fraudsters collect payouts from ad networks. The money flows into fraudulent publishers’ pockets, leaving businesses with wasted paid search advertising budgets and no real conversions.
Types of click fraud
Each type of click fraud uses a unique method of operation, but each just as damaging to advertisers.
Here are the most common types of click fraud:
- Pixel stuffing: Fraudsters cram multiple ads into a 1×1 pixel, making them invisible to users while still charging advertisers for impressions. Learn more about pixel stuffing
- Ad stacking: Fraudsters layer multiple ads on top of each other, charging advertisers for impressions even though only the top ad is visible. Learn more about ad stacking
- Location fraud: Fraudsters spoof geo-locations or use VPNs to make ad traffic appear from high-value regions, inflating ad costs without real local engagement.
- Video viewing fraud: Fraudsters use view bots like YouTube bots to fake video views, making advertisers pay for ad plays seen only by automated scripts. Learn more about viewbots
- Click bots: Malware-infected devices silently click ads in the background, generating fake engagement at scale while advertisers pay for non-human traffic. Learn more about click bots
- Incentivized clicks: Users are paid or rewarded to click ads, driving up costs for advertisers despite having no real interest in the product or service.
- Click farms: Low-paid workers manually click ads at scale, making fraudulent traffic appear human while draining your advertising budget. Learn more about click farms
- Affiliate ad fraud: Fraudsters inject cookies without user consent, falsely claiming referral credit and stealing commission payouts from legitimate advertisers. Learn more about affiliate fraud
- Source spoofing: Fraudsters manipulate website headers to fake user data like location, device, or browser, tricking advertisers into paying for misleading traffic. Learn more about device spoofing and IP spoofing
- Domain spoofing: Fraudsters fake domain names to make low-quality sites appear as premium publishers, tricking advertisers into paying higher ad rates. Learn more about domain spoofing
- Competitor click: Rivals repeatedly click your ads to drain your budget, drive up costs, and reduce your campaign’s effectiveness without generating real conversions. | Learn more about competitor click fraud →
- Redirect attacks: Fraudsters manipulate redirects to inflate click counts, bouncing users between ads to generate fake engagement and increase advertiser costs.
Learn more about the different Types of Click Fraud →
Examples of click fraud
Once in a while, a huge story breaks about an operation that defrauded businesses of millions. But as you already know, the practice is much more prevalent. Here are a few of the most (in)famous examples of click fraud and click farms uncovered in recent years.
2025: Synthetic Echo
Synthetic Echo is a recent AI-driven ad fraud scheme that used fake media sites to siphon millions from advertisers. Researchers uncovered over 200 fraudulent websites impersonating major publishers like BBC and ESPN. These AI-generated sites trick real users into boosting ad impressions, allowing fraudsters to cash in on fake engagement while advertisers pay for views that don’t convert.
2021: Tag Barnakle
In 2021, the Tag Barnakle fraud operation infiltrated ad servers to inject malicious code, hijacking legitimate ads to redirect users or generate fake ad views. By exploiting Revive, an open-source ad-serving system, the fraudsters compromised numerous publishers, making advertisers unknowingly pay for fraudulent traffic.
2017: WeChat Click Farm
In 2017, authorities in Thailand busted a massive click farm run by three Chinese nationals. Using 476 phones and over 347,000 SIM cards, they faked likes and views on WeChat, making it appear as though hundreds of thousands of real users were engaging with content. To evade detection, they constantly switched accounts, mimicking organic activity to bypass fraud detection systems.
2016: Methbot
Methbot was run by a Russian criminal gang that used fake websites and bot-driven traffic to siphon millions from advertisers. They rented data center IPs to mimic human behavior—scrolling, clicking, and even half-watching videos—to bypass fraud detection. The same group was behind the 3ve botnet computer program, which infected 1.7 million computers, generating fraudulent ad views that reportedly stole between $7 million and $180 million.
Learn more about The biggest Ad Fraud Scams ever
The industries most affected by click fraud
There is a direct relationship between expensive PPC keywords and click fraud, with highly competitive industries being most affected.
In finance, keywords can cost upwards of $100 per click, making them prime targets for large scale click fraud operations.
The legal industry also has some very expensive keywords, with phrases like “las vegas personal injury attorneys” or “los angeles truck accident lawyer” reaching an astonishing $500 per click!.
Here are some examples of the cost of a single ad click among the top 5,000 keywords on Google Ads for the legal industry:
Read more: The most expensive Google Ads keywords
After the finance and legal industries, here are the industries most affected by click fraud:
- Business services: Hosting and conference calling can cost $60+ per click.
- Online gambling: Advertisers pay around $100 per click to attract customers.
- Forex trading: Another high-CPC industry, averaging $100 per click.
How can you detect click fraud?
If you are seeing odd results in your campaigns, or are not sure if your ads are being affected by click fraud, here are a few warning signs to look out for:
- Sudden traffic spikes: A sharp increase in clicks without a rise in conversions could point to click fraud.
- High click volume from unusual locations: Large numbers of clicks from regions outside your target market may suggest bot or click farm involvement.
- Short session durations: Fraudulent clicks often come from users who leave the site almost immediately.
- Unusual click-to-conversion ratio: A steep drop in conversion rates despite high click volume is often an indicator for non-human traffic.
- Repeating IPs or device patterns: Multiple clicks from the same IP address or a small set of devices suggest automated fraud.
We cover these warning signs and more in our article on how to detect click fraud.
How to prevent click fraud
Even though Google refunds marketers for invalid clicks, they don’t catch everything. Meaning, a significant portion of invalid clicks can get through, draining your budget without proper reimbursement.
But you can still prevent click fraud in your campaigns using the following strategies:
- Monitor traffic for suspicious activity: Track IP addresses, click timestamps, and conversion rates to spot anomalies.
- Use IP exclusions: Block known fraudulent IPs in Google Ads to prevent repeat offenders from seeing your ads.
- Avoid Made-for-Advertising (MFA) sites: These sites exist to generate fake ad clicks with low conversion potential.
- Implement honeypots: Hidden form fields can trap bots, helping to filter out automated click fraud.
- Run re-remarketing campaigns: Targeting past visitors reduces exposure to fake traffic from fraudulent publishers.
Learn more about how to prevent click fraud here.
Fight click fraud with Fraud Blocker
Click fraud isn’t going away; in fact, it’s getting worse.
As fraud tactics become more advanced, advertisers who fail to act will continue to lose millions in wasted ad spend. Google’s detection systems may only catch a fraction of fraudulent clicks and thousands of campaigns are still vulnerable to bot-driven traffic, competitor clicks, and MFA websites.
The only way to stay ahead is to proactively detect and block fraudulent traffic in real time. That’s where Fraud Blocker comes in. Our advanced AI-powered click fraud detection software monitors every click, analyzes traffic patterns, and automatically prevents your ads from being served to bots, click farms, and malicious actors.
Don’t wait for click fraud to drain your budget—take control today. Start a 7-day free trial today and start protecting your ad spend.
Facebook
Twitter
LinkedIn
Email