Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing AMP Real URL Web Optimizations China Network
Video Streaming & Delivery
Cloudflare Stream Stream Delivery
Advanced Security
Magic Transit DDoS Protection WAF Bot Management Rate Limiting SSL / TLS DNSSEC Cloudflare Spectrum Argo Tunnel
Insights
Analytics Cloudflare Logs
Cloudflare for Developers
Cloudflare Workers Cloudflare Workers KV Workers Sites Mobile SDK
Cloudflare for Teams
Cloudflare Access Cloudflare Gateway
Cloudflare for Everyone
1.1.1.1 Cloudflare for Campaigns
Domain Registration
Cloudflare Registrar
Cloudflare Marketplace
Cloudflare Apps
Performance
Accelerate Internet Applications Accelerate Mobile Experiences Ensure Application Availability
Security
Mitigate DDoS Attacks Prevent Customer Data Breaches Stop Malicious Bot Abuse Protect Users and Devices
Industries
Gaming SaaS eCommerce Media and Entertainment Public Sector Public Interest Groups State & Local Government
Partnerships
Partner Program
Solutions Partners
Services Program
Technology Partners
Peering Portal Bandwidth Alliance Analytics Partners
Integrations
IBM Cloud WordPress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes WP Engine
Develop
API Guide Developer Hub Developer Fund
Explore
Case Studies Analysts Cloudflare in China Network Map Webinars What's New? White Papers GDPR
Learn
Welcome Center DDoS Learning Center CDN Learning Center DNS Learning Center Security Learning Center Performance Learning Center Serverless Learning Center SSL Learning Center Bots Learning Center Cloud Learning Center Access Management Learning Center
Connect
Blog Contact Sales Community Support
Contact
+1 650 319 8930
Advanced Cloudflare Configuration
Explore Cloudflare API v4 Expose a Secure Local Tunnel Configure with Terraform Documentation
Customize Your Site
Customize Using Workers Altering Headers Conditional Request Routing A/B Testing Browse All Code Snippets
Build Serverless Applications
Deploy a Static Site Deploy Using Workers.dev Get Started with Tutorials Clone Examples on GitHub

What Is Ad Fraud? | Ad Click Fraud

Online advertising fraud is a major issue for digital ad networks. Click fraud is a common type of ad fraud used to scam ad networks.

Share facebook icon linkedin icon twitter icon email icon
What is a Bot?
What is Bot Management?
What is Credential Stuffing?
What is Content Scraping?
Glossary

Ad Fraud

Learning Objectives

After reading this article you will be able to:

  • Understand what ad fraud is
  • Learn about the different types of ad fraud, and how bots can be used for ad fraud
  • Explore the differences between click fraud and ad fraud

Related Content

Spam Bots

Bot Traffic

Good Bots vs Bad Bots

What is a Bot?

Bot Management

What is ad fraud?

Ad fraud is any attempt to defraud digital advertising networks for financial gain. Scammers often use bots to carry out ad fraud, but not always – there are a number of methods that scammers can use to trick advertisers and ad networks into paying them. Ad fraud that uses bots is typically click fraud.

What kinds of online advertising fraud are there?

There are a variety of ways that cyber criminals can carry out ad fraud. Some of the methods include:

  • Hidden ads: When an ad is shown in such a way that the user doesn't actually see it. This kind of fraud targets ad networks that pay based on impressions (views), not clicks.
  • Click hijacking: This is when an attacker redirects a click on one ad to be a click for a different ad, effectively "stealing" the click. For this fraud attack to work, the attacker has to compromise the user's computer, the ad publisher's website, or a proxy server.
  • Fake app installation: Ads are often shown within applications, especially mobile apps. For this fraud method, teams of people (often in click farms*) install apps thousands of times and interact with them in bulk.
  • Botnet ad fraud: Scammers can use botnets to generate thousands of fake clicks on an ad, or fake visits to a website displaying the ads. See below for more on how this works.

*A click farm is a group of low-paid workers who click en masse on targeted links, usually at the direction of scammers or cyber attackers.

How does bot-driven ad fraud work?

Scammers can use click bots to produce fake clicks on digital ads that appear on properties the scammers own, generating revenue for them.

Click bots are programmed to imitate real users and click on certain links. Often these bots are distributed across multiple devices in a botnet. In this way they appear more legitimate, since each bot will have a different IP address because it's coming from a different device.

A botnet is a group of Internet-connected devices that have been compromised by an attacker. Each device will have a bot installed on it, possibly in addition to other malware.

How is ad fraud related to click fraud?

Often, ad fraud is a type of click fraud. Click fraud is a broader term that covers all kinds of use cases for fake clicks. It is typically carried out either by click bots or by a click farm – social media bots can be responsible for it as well. Learn more about click fraud.

How can bot management detect and prevent ad fraud?

Cloudflare Bot Management can use machine learning to judge user behavior against a baseline, and identify the "users" that are likely to actually be bots. Malicious bot activity can be filtered out, while real users and good bots are allowed to continue interacting with a web property like normal.

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.