SOLUTIONS
Deliver Superior Online Experiences
Mitigate DDoS Attacks Stop Malicious Bot Abuse Accelerate Internet Applications Ensure Application Availability Optimize Web Experiences Stream Videos On-Demand
Secure Employee Applications and Devices
Deliver Zero Trust Access to Applications Implement Secure Access Service Edge (SASE) Protect Users Accessing the Internet Protect Corporate Networks Manage Secure Contractor Access Replace Virtual Private Networks (VPNs) Secure Your Remote Workforce Stop Zero Day Attacks with Browser Isolation
 
Protect and Accelerate Networks
Mitigate L3 DDoS Attacks Connect network infrastructure with Cloudflare Transform Corporate Networks
Code on the Network Edge
Build a Serverless Application Deploy a Static Website Configure a CDN Define Conditional Request Routing
Manage a Secure Cloud
Secure Hybrid, Cloud, & SaaS Platforms Enable SSL for SaaS Applications Reduce Cloud Data Transfer Costs
Register a Website
Register or Transfer a Website
INDUSTRIES
eCommerce Gaming Media and Entertainment Public Sector Public Interest Groups SaaS
FOR INFRASTRUCTURE
Application & Network Security
DDoS Protection WAF Bot Management Magic Transit Rate Limiting SSL / TLS Cloudflare Spectrum Network Interconnect
Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing Stream Delivery China Network
FOR TEAMS
Cloudflare for Teams Access Gateway Browser Isolation
FOR DEVELOPERS
Serverless Applications
Cloudflare Workers Cloudflare Workers KV
Domain Registration
Cloudflare Registrar
Website Development
Workers Sites Cloudflare Stream
FOR EVERYONE / PUBLIC
1.1.1.1 1.1.1.1 with WARP (App) 1.1.1.1 for Families Cloudflare Radar Election Campaigns Project Galileo Athenian Project
INSIGHTS
Analytics Cloudflare Logs Web Analytics
FOR INFRASTRUCTURE
Advanced Security
Bot Management Firewall rules Magic Transit Spectrum (TCP/UDP) SSL WAF
Performance & Reliability
CDN DNS Image Resizing Load Balancing Stream (Video) Argo Tunnel
 
Insights
Analytics
Domain Registration
Registrar
FOR SERVERLESS APPLICATIONS
Workers Quick Start Workers Site Sample Workers Projects Workers Tutorials Command-line (Wrangler) Runtime
FOR TEAMS
Access Access Audit logs Gateway Gateway Activity Logs
EXPLORE CLOUDFLARE API
Cloudflare API API Authentication
DOCUMENTATION HUB
Dev Documentation Hub
RESOURCES
Resource Hub Whitepapers Webinars Solutions & Product Guides Case Studies Analysts
EXPLORE
What's New? Network Map Cloudflare in China GDPR
GET STARTED
Register Your Website Welcome Center Get Help
LEARN
Learning Center Security DDoS Bot Management SSL Identity and Access Management Performance CDN DNS Cloud Serverless Network Layer
CONNECT
Blog Community
CONTACT
+1 650 319 8930
CHANNEL & ALLIANCE PARTNERS
Partner Network Partner Portal
TECHNOLOGY PARTNERS
Overview Analytics Partners Bandwidth Alliance Interconnect Partnerships Peering Portal

What Is Ad Fraud? | Ad Click Fraud

Online advertising fraud is a major issue for digital ad networks. Click fraud is a common type of ad fraud used to scam ad networks.

Share facebook icon linkedin icon twitter icon email icon
What is a Bot?
What is Bot Management?
What is Credential Stuffing?
What is Content Scraping?
Glossary

Ad Fraud

Learning Objectives

After reading this article you will be able to:

  • Understand what ad fraud is
  • Learn about the different types of ad fraud, and how bots can be used for ad fraud
  • Explore the differences between click fraud and ad fraud

Related Content

Spam Bots

Bot Traffic

Good Bots vs Bad Bots

What is a Bot?

Bot Management

What is ad fraud?

Ad fraud is any attempt to defraud digital advertising networks for financial gain. Scammers often use bots to carry out ad fraud, but not always – there are a number of methods that scammers can use to trick advertisers and ad networks into paying them. Ad fraud that uses bots is typically click fraud.

What kinds of online advertising fraud are there?

There are a variety of ways that cyber criminals can carry out ad fraud. Some of the methods include:

  • Hidden ads: When an ad is shown in such a way that the user doesn't actually see it. This kind of fraud targets ad networks that pay based on impressions (views), not clicks.
  • Click hijacking: This is when an attacker redirects a click on one ad to be a click for a different ad, effectively "stealing" the click. For this fraud attack to work, the attacker has to compromise the user's computer, the ad publisher's website, or a proxy server.
  • Fake app installation: Ads are often shown within applications, especially mobile apps. For this fraud method, teams of people (often in click farms*) install apps thousands of times and interact with them in bulk.
  • Botnet ad fraud: Scammers can use botnets to generate thousands of fake clicks on an ad, or fake visits to a website displaying the ads. See below for more on how this works.

*A click farm is a group of low-paid workers who click en masse on targeted links, usually at the direction of scammers or cyber attackers.

How does bot-driven ad fraud work?

Scammers can use click bots to produce fake clicks on digital ads that appear on properties the scammers own, generating revenue for them.

Click bots are programmed to imitate real users and click on certain links. Often these bots are distributed across multiple devices in a botnet. In this way they appear more legitimate, since each bot will have a different IP address because it's coming from a different device.

A botnet is a group of Internet-connected devices that have been compromised by an attacker. Each device will have a bot installed on it, possibly in addition to other malware.

How is ad fraud related to click fraud?

Often, ad fraud is a type of click fraud. Click fraud is a broader term that covers all kinds of use cases for fake clicks. It is typically carried out either by click bots or by a click farm – social media bots can be responsible for it as well. Learn more about click fraud.

How can bot management detect and prevent ad fraud?

Cloudflare Bot Management can use machine learning to judge user behavior against a baseline, and identify the "users" that are likely to actually be bots. Malicious bot activity can be filtered out, while real users and good bots are allowed to continue interacting with a web property like normal.

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.