What is ad fraud? | Ad click fraud

Online advertising fraud is a major issue for digital ad networks. Click fraud is a common type of ad fraud used to scam ad networks.

Learning Objectives

After reading this article you will be able to:

  • Understand what ad fraud is
  • Learn about the different types of ad fraud, and how bots can be used for ad fraud
  • Explore the differences between click fraud and ad fraud

Related Content

Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is ad fraud?

Ad fraud is any attempt to defraud digital advertising networks for financial gain. Scammers often use bots to carry out ad fraud, but not always – there are a number of methods that scammers can use to trick advertisers and ad networks into paying them. Ad fraud that uses bots is typically click fraud.

What kinds of online advertising fraud are there?

There are a variety of ways that cyber criminals can carry out ad fraud. Some of the methods include:

  • Hidden ads: When an ad is shown in such a way that the user doesn't actually see it. This kind of fraud targets ad networks that pay based on impressions (views), not clicks.
  • Click hijacking: This is when an attacker redirects a click on one ad to be a click for a different ad, effectively "stealing" the click. For this fraud attack to work, the attacker has to compromise the user's computer, the ad publisher's website, or a proxy server.
Ad fraud click hijacking - attacker replaces Joe's Tacos ad with Sam's Tacos
  • Fake app installation: Ads are often shown within applications, especially mobile apps. For this fraud method, teams of people (often in click farms*) install apps thousands of times and interact with them in bulk.
Click farm app download - dozens of app downloads at once
  • Botnet ad fraud: Scammers can use botnets to generate thousands of fake clicks on an ad, or fake visits to a website displaying the ads. See below for more on how this works.

*A click farm is a group of low-paid workers who click en masse on targeted links, usually at the direction of scammers or cyber attackers.

How does bot-driven ad fraud work?

Scammers can use click bots to produce fake clicks on digital ads that appear on properties the scammers own, generating revenue for them.

Click bots are programmed to imitate real users and click on certain links. Often these bots are distributed across multiple devices in a botnet. In this way they appear more legitimate, since each bot will have a different IP address because it's coming from a different device.

A botnet is a group of Internet-connected devices that have been compromised by an attacker. Each device will have a bot installed on it, possibly in addition to other malware.

How is ad fraud related to click fraud?

Often, ad fraud is a type of click fraud. Click fraud is a broader term that covers all kinds of use cases for fake clicks. It is typically carried out either by click bots or by a click farm – social media bots can be responsible for it as well. Learn more about click fraud.

How can bot management detect and prevent ad fraud?

Cloudflare Bot Management can use machine learning to judge user behavior against a baseline, and identify the "users" that are likely to actually be bots. Malicious bot activity can be filtered out, while real users and good bots are allowed to continue interacting with a web property like normal.

Smaller sites can gain more visibility into and control over ad fraud with Super Bot Fight Mode, now available on Cloudflare Pro and Business plans.