Bot fraud in ads campaigns


Buying online traffic is a booming business, when you begin an advertising campaign with platforms such as Google and Social Media, you need to know some facts so you don´t loose a significant amount of revenue. For example, did you know that in 2022 69% of companies registered around the world have lost more than 6% in revenue due to bot-driven account fraud? Did you also know that from this 40% of companies lost 10% revenue or more which is a significant increase from 2021 where only 5% of companies reported that kind of revenue loss? While this loss is increasing, the rate of innovation with this technology is increasing with 83% of companies saying that bots are becoming more sophisticated and difficult for security tools to detect. Finally, in the last 12 months, a majority of companies (62%) have spent more than $500,000 fighting bots. The key takeaways from this article explain what´s happening in this new landscape that is quickly finding ways to illegitimately take your money and find continuous legal ways to do so.


Click fraud occurs when invalid or illegitimate clicks are made by malicious software, competitors, or bots and can be very damaging financially to both SMB businesses and large corporations. There are many techniques that can be used to carry out click fraud, such as, clickjacking, click spamming, click injections, and click bots.


Click bots are just like they sound, they´re coded to click on PPC (pay per click) ads, such as Google Ads, and execute clicks on the desirable links. While this may sound slightly harmless, they are incredible at their job and can perform repetitive tasks very quickly. More and more these are becoming automated and increasingly sophisticated with some bots able to mimic the nuances of human behaviour to avoid being detected, some of these include pausing or lingering on a web page and performing human like mouse movements. Click bots work with botnets and these allow the bots to continuously click on the same ad even if they are detected, as botnets are networks of thousands of devices with different IP addresses.

              MALICIOUS BOTS

              These bots go unnoticed and can destroy your ad campaigns, they imitate human behaviour and can complete complex tasks quickly and efficiently. Here are a few things that these bots can do:

  • Malicious bots can click on your paid ads repeatedly wasting money with every click
  • They can also browse websites, fill out forms, complete downloads, click on links, and even fill in shopping carts. All of this leads to skewed data, lost revenue, and failed marketing campaigns.
  • Networks of botnets can actually infect user devices without them knowing and carry out fraudulent clicks using that device at an increasing rate.

This is so important to note as the level of today´s malicious click bots is massively increasing and advancing daily while going completely unnoticed by marketers and companies carrying out advertising. This is a massive threat to your budget and will impact the success of your campaigns possibly without anyone noticing.


Click bots could be coming from anywhere and anyone as they are actually quite easy to create and use, with anyone with a coding background able to create them. They could be created by your ad publishers and affiliates, your competitors, or random bot operators. Essentially, all one has to do is create the click bots is:

  1. Embed them onto a device like a computer server or data center
  2. Host ads on low-quality websites or apps owned by the person committing the bot fraud
  3. The bots click on as many ads and landing pages as possible and can go for as long as needed. With campaigns running for months at a time, bots can easily rack up thousands of fraudulent clicks amounting to serious money lost for the advertiser who believes those are real clicks which will never convert.
  4. The bot creators will then collect the payout for the paid ad clicks.


As we have now seen, bots have evolved to the point where they surpass simple monitoring, they now require equally advanced solutions to fight it. There are some in house options, as well as, some more advanced solutions.

              IN HOUSE METHODS:

              Although these may seem most cost effective at first, for larger campaigns it would be highly advised to use more advanced methods. With in house methods, you are relying on detecting early signs of click bot activity and this is highly time consuming and requires specific manual action. Some of these methods include:

  • Monitoring your traffic daily and checking for inconsistencies or trends that seem unusual like peaks in volume or location. Google Analytics is a good option to monitor these trends and if you´re unfamiliar with Google Analytics, they have an Analytics Academy where they will teach you all about Google Analytics and how to use it properly to monitor your online activities.
  • Establish IP exclusion lists which allows you to monitor the locations where your ad clicks are coming from. For example, if you´re targeting the UK and you start to see clicks coming from Indonesia, these are likely bot clicks or farms.
  • Carefully select the countries and regions you´re targeting so as to minimize the chances that click bots will target your ads.  This also allows you to focus more closely on where your clicks are coming from and will alert you to any odd trends as mentioned above.
  • Specify the timing of your ads campaigns, don´t run them 24/7 as fraudsters work on a 24/7 basis so if you have ads running outside of your time zone, you are more likely to be targeted by bots from other geographical locations.
  • Don’t display your ads on poor quality sites with large amounts of banners and advertisements as these sites are usually designed specifically for ad fraud and attract this behaviour.


As mentioned above, creating your own in house methods to detect bot clicks can be time consuming and expensive depending on the hours and man power you need. While you may want to use the in house methods as they seem more cost effective, also remember that you may not catch the bots this way and you may still lose money to ad fraud. This is where anti ad fraud software is recommended. Anti bot fraud software enables you to:

  • Identify where they are coming from
  • Monitor traffic automatically throughout your campaign to detect and prevent fraud
  • Target and retarget real leads based on clicks and through this optimize your campaign budgets
  • Collect reliable analytics and ensure you´re getting real data that allows you to properly execute your marketing campaign

It is important to ensure we are using up to date software to monitor these ever evolving bots, here is a list of the top 10 anti bot fraud software options on the market for 2022:

  1. SEON: Real-time risk scoring & unique data enrichment
  2. DataDome: Specialized store and classifieds bot protection
  3. Arkose Labs: 100% guaranteed bot attack detection
  4. Cloudflare: Tools for faster, safer websites
  5. ClickGUARD: Protecting PPC Google Ads campaigns
  6. Radware Bot Manager: Protect from all automated threats
  7. Reblaze: All-in-one private cloud security
  8. BioCatch: Behavioural insights to protect accounts
  9. Outseer: Making waves in the Fintech world
  10. CHEQ: Blocks invalid traffic and botnets


While these bots are flooding the ads market and becoming increasingly sophisticated, we need to stay vigilant and focus on our businesses best interests. In order to save money, time, data collection, and overall to protect your ad investments, it is important to apply in house or anti bot fraud software for larger campaigns. This way you can keep your dollars safe and your target market as your converted leads.