Home » Unmasking the bot bandits: the elusive faces behind click fraud

Unmasking the bot bandits: the elusive faces behind click fraud

by Tech Reporter
7th Sep 23 1:24 pm

Stewart Boutcher, CTO & Data Lead at Veracity Trust Network outlines the motives of criminal actors targeting businesses through click fraud and how to combat them.

Online click fraud is thought to affect up to 40% of unsuspecting businesses. Nevertheless, this invisible threat to the internet economy often goes undetected, with the majority of victims unaware of the harmful effects that click theft can have on their profits and success. An increased understanding of the motives behind this unique type of cybercrime could, however, put an end to this blindness – highlighting the need for more stringent monitoring and security measures to protect digital marketing investments.

A bot of bother

There are plenty of unscrupulous people out there ready to take advantage of your desire to gather the greatest possible number of clicks. They will go to great lengths to create ‘false’ clicks on your online adverts in order to skew your numbers and decimate your ad budget – be it through paying people to continually click on your sponsored posts or by using bots and exploitative scripts to automatically do their dirty work.

Not all bots are made equal

It may surprise you to learn that bots can be employed in this nefarious way. Aren’t bots responsible for boosting your rankings and generating qualified leads to increase interactions with your target audience? Well, yes. But not all bots are benevolent or benign.

The University of Baltimore recently found that 40% of all internet traffic is non-human. In other words, almost half of all the visitors to your website could actually be bots. What’s more, one in ten of the ad clicks you receive in your ecommerce campaigns are thought to be fraudulent, with the proceeds often being used to fund other crimes. 90% of all Google and Bing PPC campaigns are affected, causing companies to lose an average of $1 for every $5 they spend on digital marketing. Former Google CFO, George Reyes, identified click fraud as one of the biggest threats to the internet economy as far back as 2004 but, despite this warning, the problem continues to run rife.

The real question is: why?

When bots masquerade as human visitors, they inflate your click-through rates and impression numbers, often leaving you none the wiser. The pennies you spend eventually pile up to pounds and the line between ethically earned revenue and deceitful gains blurs.

Discovering that you have been paying for non-human traffic to come to your website is more than frustrating. In addition to anger or disappointment, however, it’s likely that you’re also feeling baffled. What could the perpetrators possibly gain from this and who is responsible for carrying out these faceless attacks?

The motives:

The gold diggers

For some, it’s all about the cash. Believe it or not, bot-driven schemes are perfect for pilfering online revenue. Fraudsters set out to exhaust your ad spend, acutely aware that once you reach your daily limit, your ad will stop showing to the real, human visitors you’re aiming to attract. This then gives them greater opportunity to draw attention to their own product, illustrating how it’s not just clicks that they’re stealing but also your customers and potential profits.

Bots can be used to slide profits from under your nose in other ways, too. Cybercriminals often employ them to buy out popular concert or event tickets, preventing those who wish to attend from purchasing a pass. These devious cheats will then put the tickets up for sale at a vastly inflated price, lining their pockets in the process. This is exactly what happened at the UK’s Eurovision song contest, leaving the BBC baffled despite our bot warnings.

The power seekers

In the cloak-and-dagger world of cybercrime, some villains aren’t just after material wealth – they also seek dominion over the digital realm. Botnet operators deploy armies of bots to steal traffic from thousands of websites. The bots redirect any genuine human traffic to a platform or site also owned by the botnet operator – a practice known as click hijacking. In most cases, clicks will be redirected to a competitor offer. However, thanks to the rise of services like ChatGPT, a greater number of convincing fake sites are also emerging, not only leading to the poaching of clients but also convincing advertisers themselves to place ads on platforms that won’t see any return on investment, since the proceeds go directly into the perpetrator’s pocket.

The cybercriminals behind the attacks:


As explained above, competitors often resort to click fraud to deplete their rival’s advertising budget quickly. By repeatedly clicking on their competitors’ ads, they aim to exhaust the daily ad spend, causing their ads to stop displaying and potentially leaving the field open for their own ads to gain more exposure.

Another motive behind competitor attacks is often to increase the amount that you will pay for a specific search term. The more traffic that search term receives, the more you will be charged per click. If bots artificially inflate your cost-per-click rates without generating additional profit or sales, you will eventually reach a point where you are unable to compete for use of that search term, finding yourself forced to dilute your marketing campaigns with less effective strategies. If fraudsters were to go far enough, they could even cause companies to go out of business as it simply costs too much for them to continue advertising at all.

Publishers and publishing networks

Some unscrupulous website owners and ad publishing networks will engage in click fraud, too. It’s all about increasing their ad revenue by generating fake clicks on the ads displayed on their sites, creating the illusion of high click-through rates that will only motivate you to pay more for their ads.

Affiliate marketers

Affiliate marketers who receive commission for the number of clicks generated may also attempt to inflate their earnings by engaging in click fraud. They may use various methods, including incentivising users to click on ads or employing automated scripts to produce fake clicks.

Advertisers themselves

In certain cases, advertisers themselves may engage in click fraud in order to artificially inflate the performance rankings of their own ads. By clicking on their own ads or hiring others to do so with bots, they create the impression of high engagement and campaign efficiency, which can then be used to generate a greater number of ad placements or better deals with ad networks.

Organised fraud rings

Dedicated cybercriminals may also orchestrate large-scale click-fraud campaigns for financial gain. As mentioned earlier, they use botnets (networks of infected computers) to generate massive numbers of fraudulent clicks, leading to substantial ad revenue losses for advertisers and ad platforms alike.

Script kiddies

Finally, inexperienced hackers (also known as script kiddies) may be tempted to commit click fraud just for the thrill of it. These malicious users enjoy causing disruption or mischief and may not have specific motives other than the satisfaction of carrying out the act itself.

Combatting click fraud

As you can see, bots can be used to lead businesses astray, presenting them with an exaggerated sense of accomplishment. Companies may base critical decisions on false data, leading them down a treacherous path of misguided strategies and financial struggle. The results can be devastating, particularly in a volatile economy marked by soaring levels of competition.

The reality is that businesses cannot afford to allow click bots to go unnoticed. With the right technology, it’s entirely possible to detect attacks and stop fraudsters in their tracks – and it doesn’t have to be expensive. There are specific, affordable programs out there that are trained to deal with bot attacks for you. Much like antivirus software, which scans your systems and protects your data in the background, click fraud solutions continually scan your online traffic to prevent bots from decimating your ad spend and scaring away customers by slowing things down. It’s a small price to pay for such significant return on investment.

In a world where digital crime is rife, it’s imperative to ensure that your business is appropriately armed with the right digital protections. The best tools achieve up to a 95% success rate and run on machine learning and AI, meaning that they’re capable of evolving alongside increasingly sophisticated bot-based threats. It’s time to expose the bot criminals for who they are and invest in an additional cloak of protection that will safeguard your future and marketing assets.

Leave a Comment

You may also like