Frequently Asked Questions

These are the questions we hear a lot on our click fraud protection service and you can find the answers below.

get protection global bot database


How exactly do you protect?

We have written a step-by-step protection algorithm right here. Please take 5 minutes to get familiar with the primary steps to protect yourself against click fraud.


How can I find out what size of my advertising budget is being clicked away?

According to our research and world experience, up to 25% of the advertising budget is clicked away on average. Still, it depends a lot on the degree of competition of the business niche. For instance, there are fewer clicks in the b2b segment compared to b2c due to less competition and lower bids per click.

Why do I need your services if Google returns part of the funds?

The matter of fact is that Google does not return everything it could, but it does not mean it doesn’t work well or tries to deceive you in its favor. Click detection is a probabilistic event, and Google returns you money in the case of a highly probable detection of bots. Our service is less tolerant to potential fraud, and it blocks all suspicious visitors, based on the fact that it is better to be safe than sorry because the cost of losses is high!

How quickly can I get my website protected?

It usually takes several days for one website to get protected. First, we need to start collecting your visitors’ data and access Google through the API to stop displaying ads to parasites. Read more about the protections steps below.

Are you going to sell my data to your competitors?

No, we won’t. A minimal number of specialists analyzing your data have access to it. We specify in detail the issues related to the confidentiality of your data in the contract. In other words, it’s not possible because we value our reputation and want to stay in this market for a long time.

How can I be sure that you don’t click fraud?

Here is our parent company (notissimus.com). We have been on the market for years, working with vast companies, and we developed our business reputation in 8 years. It sounds tempting to engage in click fraud while offering click fraud protection but trust us, we’ve never done it and never will.

What determines the cost of your services?

Only the traffic to your website, because we need to analyze visitors on the fly, identifying fraudsters (bots), and blocking them from seeing ads. The higher the traffic, the more servers (and other resources) we need for analysis.

How does click fraud works?

PPC (pay per click) campaigns continue to become complex by the day, making it possible for advertisers to target various demographics easily. It has also become possible for them to pay for their advertisement using more than one method. Click fraud has, in the process, ended up becoming more sophisticated, necessitating the need to learn about click fraud prevention.

Is it possible to analyze only traffic from ads without taking into account the search engine?

We analyze all traffic because bots often enter the website, get a tag (cookie), and then start to click.

How will I see your work results?

You can access this information from your account. We post information on saboteur detection several times a day on the website with adjustments of advertising companies for them. Your account is available at this link, but without registering and configuring your website, you won’t see anything!

Is your service right for me?

If you engage in any type of pay-per-click advertising, we may save you money and protect you from click fraud. If you spend +$150 or more per month on pay-per-click advertising, we highly recommend using our protection.

How much money can I save using clickfraud.dev?

That depends on how you use it. Most advertisers are able to optimize their spending by at least 20% within a month. They achieve the same results while spending less, improving their ROI. It also depends on where you run your campaigns and the number of different placements you have.

saving money

What is click fraud?

What is fraudulent clicking?

For those who never heard this term before, we want to explain. Click fraud is a click on your advertisement made by users not interested in buying and consuming your product or service. The primary purpose of such transitions is to harm a competitor by wasting his budget on no-purpose clicks.

Contextual advertising experts regularly record this negative phenomenon on Google Search. Although automatic click fraud recognition algorithms are integrated into the search engines today, practice indicates that it’s not always possible to identify and prevent scammers’ actions in time. That is why we strongly recommend that advertisers monitor abnormal budget cuts independently and take timely measures to fight against click fraud.

What type of click fraud is out there?

There are two types: manual and automatic.

  1. Manual click fraud does not entail real problems in most cases since it is usually performed by representatives of competing companies, which means it is done unprofessionally. Search engines detect them pretty quickly and compensate for the advertiser losses. However, there are exceptions when a competitor company spares no expense and hires entire teams of people to click fraud the budget of its competitor. Special agencies do this very efficiently, using different IP addresses, mimicking the behavior of ordinary users as accurately as possible. This type of click fraud is found in costly, high-margin, and highly liquid themes.
  2. Various programs, bots, and algorithms are used for automatic click fraud, made to ruin the competitor’s budget. The more complex and sophisticated the algorithm of this kind of automation, the harder it is for the search engine to identify it and protect you from it. The complexity of such programs or bots depends on the cost of their use, which usually varies from 1 to 10 thousand dollars.

Now, let’s figure out who may be clicking away your budget.

The first suspects are usually other companies operating in the same niche. It may be the owner of a competing company or his employees who hand-click on advertisements and waste your budget on non – targeted actions.

The other suspects are the owners of the websites where you place your advertisement. They get their percentage from the cost of each click. Not many people earn on click fraud here because the owner of the project content risks falling under the suspicion of a search engine and being left without a website and profit. Therefore, only small resources can be engaged in click fraud, and such an advertising platform will probably lose the partnership of the search engine in a short time.

The so-called random click fraudsters are the most unexpected and unpredictable segment of users who can click fraud your ads. Usually, these people’s actions do not have a clear motivation, and they can be called real saboteurs because their clicks on advertising are made for entertainment and nothing more.

Finally, another group of specialists in click fraud – these professionals make a living doing click fraud. Business owners turn to these people to spend the entire advertising budget of a competitor. This type of click fraud is costly, but the more professional the team, the more difficult it is to deal with them.

These professionals know exactly how to behave to avoid falling under suspicion and successfully reduce the advertising budget of a competing firm.

Invalid traffic is any advertising engagement that isn’t out of genuine interest in the advertised offering. Invalid traffic can be malicious (that’s ad fraud), non-malicious or accidental. All invalid traffic takes ad spend and provides zero return on investment.

Even though search engines try to monitor and fight click fraud, advertisers should constantly keep their fingers on the pulse and pay attention to any changes in advertising campaigns.

The following signs may help you notice click fraud:

  • Abnormal increase in the number of clicks on ads. You should continuously monitor your ads’ click dynamics. If the number of clicks on your ads has increased dramatically for no apparent reason compared to the base period, while the number of displays has remained the same, you are most likely dealing with click fraud.
  • Suspiciously high CTR indicator on thematic platforms. The CTR of ads on third-party websites is usually lower than on search results. If the figures say the opposite, we can assume that website owners switch to your advertising to increase profits.
  • With an increase in advertising costs, the conversion rate remains practically unchanged. This phenomenon may not necessarily indicate click fraud, and there can be a lot of reasons for this. Still, it’s better to be safe than sorry, so you should turn to web analytics programs so that they can help you find out for sure whether it is clicked fraud.
  • An increase in the number of visitors during a very short time on the website. In such cases, the duration of the visit does not usually exceed 10 seconds, and sessions combine a common IP address, network, or region.
  • The analytics system records many transitions from other regions in advertising campaigns for certain GEO positions. It may also indicate an attempt to reduce the advertising budget by click fraud.

These are just the most apparent and basic signs of click fraud. In fact, there are a lot more of them, so advertising campaigns need to be constantly monitored, by the advertiser himself, in particular.

First of all, it’s a chance to block your ads’ display on partner websites. In other words, if using analysis and website reports, you have identified the resources from which the website receives inappropriate traffic, feel free to exclude them from the display.

Another method allows you to block ads from certain IP addresses (up to 500 addresses), but this technique is not very effective in the fight against massive click fraud. It’s primarily used to block the IP addresses of employees of the client company or advertiser so that the organization’s employees will not drain the budget of the advertising campaign by clicking on the ad links. It’s also done to ensure that specialists will not wind up CTR, but it’s extremely rare.

Here are some essential practical tips to help advertisers.

  • If you notice an ad that is being fraud clicked, you can try to stop it. There is a chance that a competitor will stop tracking your ad, and you will be protected from click fraud for some time after resuming display.
  • If you notice signs of click fraud, contact the search engine technical support. Specialists will check your hypothesis and help you solve the problem.
  • You can also prevent attacks by launching a new campaign with different identifiers. This method will save you from budget draining for a short period of time. However, this measure will not last long, and shortly after, the click fraud will resume.
  • Temporary campaign shut down (for instance, for a week) with subsequent resumption. This method can mislead competitors, especially if you constantly switch off and on the advertising campaigns at different times.
  • Competent targeting to reduce non-targeted displays.
  • Accurate definition and timely addition to the list of keywords that exclude incorrect search

Unfortunately, there is no general way to deal with click fraud. Still, if you have a certain level of observation and awareness, you can save your budget from drainage and protect your advertising from non-target traffic.

You can claim a refund from Google for invalid clicks for 60 days by clicking the button below.

Click fraud is a global issue that is likely to affect your business. If Google fails to detect that click fraud is occurring, your company is responsible for gathering evidence to present to Google to recover the lost advertisement spending.

Google does not provide official statistics detailing how often click fraud occurs. However, the ad model of paying per click based on keywords is a system that is open to abuse by any party with malicious intent.


Google has systems in place that detect and prevent click fraud in some cases. However, Google reimburses your company for the lost money in the form of Google account credits. The issue with this crediting approach is that the click fraud attack has already taken place, and potential customers will see your competitors’ adverts instead of yours.

If the wrong clicks somehow outsmart Google’s security system and were not found by it later, you can take matters into your own hands. You can apply to Google.Support with a request to start an invalid traffic investigation. According to Google, “Because of the large number of data points we look at, an investigation into your account may take several business days to complete.”, in practice, however, it may take up to several weeks. The minimum amount of information you need to provide to Google specialists are:

  1. Customer ID – you must provide the account identifier where you suspect Google.Ads are being clicked spam.
  2. Your contact email address – verify that you can receive messages from google.com.
  3. Date range of the invalid activity – Google will not analyze clicks older than 60 days prior to the date of requesting an invalid traffic investigation.
    Campaign name, ad group name, and/or the keyword affected by the invalid activity.
  4. Domain name of the publisher site, if you suspect that the click spamming was performed from a specific source.
  5. A description of why you suspect that clicks are invalid.

Additionally, share with Google support specialists other data that may indicate that your ads are click spammed (if you have any), for example:

  1. suspicious IP addresses and IP subnets addresses.
  2. the value of the GCLID parameter, GCLID is the code added to the ad address after clicking by the user. The parameter automatically includes data about the campaign, ad group, keyword, and ad from which the click was made.
  3. all information about the URL of the referring page from which suspicious clicks are generated.

Of course, you can also include specialized reports and documents – if you have them. The last step is to provide all this information to the Google Help Center. To send such a notification, please complete the Click Quality Step-by-step from that page- https://support.google.com/google-ads/contact/click_quality.

Although Google declares full support and helps for all its users, in practice, even submitting an application to start an invalid traffic investigation is not easy at all. Especially if we take into account smaller entrepreneurs who do not have the time (or knowledge) to search for individual data in Google.Ads panel.

Remember that if you do not provide Google with relevant data, the analysis may not be complete – and funds spent on invalid traffic will not be refunded.

Pay-per-click (PPC) is that category of Internet advertising in which the advertiser pays for an ad placement only when someone clicks on the ad. Pay-per-click has become very popular with advertisers and search engines alike in recent years. For advertisers, PPC provides unprecedented accuracy in determining just how many people actually saw an ad.

It’s now illegal, and just recently in 2020, it was finally considered a crime in the US, and more countries will follow in making it illegal soon. If accused and found guilty, fraudsters can go to prison for up to 10 years.

Invalid clicks are clicks on ads that Google deems illegitimate. This can be considered as unintentional clicks or clicks that include malicious software.

Invalid click is a measure that tells how many unusual clicks happened. Not all invalid clicks are fraudulent. Some clicks don’t offer value, such as double-clicks from users and clicks that aren’t considered genuine. These clicks are detected by the ad network (Google.Ads) and can be removed from your overall costs.

There are many forms of click fraud. It can range from accidental clicks by actual customers to click farms. Each industry is affected by click fraud differently, and not just one, but multiple parties can be responsible for this.

  1. Competitors. Most Google.Ads click fraud situations are carried out by competitors who click on an advertisement, wasting their ad budget and turning off the advert for the day. If a business can’t afford to outbid position one, repeatedly clicking the top advert will waste their competitor’s budget, bringing them into the top spot in ad ranking.
  2. Webmasters. If no competitors are trying to take advantage of your PPC campaigns, certain webmasters likely will be, sooner or later. Webmasters display Google.Ads on their sites. To make more money, webmasters require more clicks, and instead of taking the time to develop and grow their website, they’re tempted to click their own ads. These fraudulent clicks generate the same profit as genuine clicks.
  3. Disgruntled advertisers. Click fraud may come down to repeat advertisers who click the same ad for many reasons. Sometimes users click on ads and then, after a few days, click on them again. Ideally, the user should be allowed to click on an ad once before converting, however, sometimes it takes more than one click to convert. This naturally increases your average conversion cost.

No. Over the years Google has made it increasingly difficult to obtain a refund and it’s up to the advertiser to prove that there is suspicious behavior occurring. This can often be in the form of unusually high click volumes on certain keywords or strange CTR. Automating the task of creating a support ticket and communicating with Google Support needs to be done either by the advertiser or your PPC manager. Our service should be used as a proactive solution to click fraud.

We track a multitude of information including:

  1. Unique IP address
  2. Geographic Location
  3. Browser Type
  4. Operating System
  5. Device Type
  6. Host Name
  7. Referring Page
  8. Exact Date & time of click

Imagine a thousand bots, all accessing different websites, mimicking human behavior, and looking like a real person surfing the web. The botnet creator now has a network that appears to be real and which can then be directed to a fake website. This fake website now looks like it’s genuine, receiving high volumes of traffic from thousands of real people. Advertisers place ads on the website because they believe their ads will receive a high number of impressions. The ad network that serves the ads pays the bot owner for the ads displayed and the scammer’s profit from a completely fake set-up.

Pixel stuffing happens when one or more ads of normal dimension, say 468 x 60, are compressed into a tiny 1×1 pixel frame on a publisher’s site. Every time a visitor lands on this website they will trigger an impression, even though the ad is virtually invisible to them. By reducing ads to only 1×1 pixel, bad actors can trigger impressions from a greater number of ads than they would legitimately be able to fit on a page.

Ad injection is the technique of surreptitiously inserting ads on a publisher’s website without their consent. This can be done by placing the ads over the originally shown ads, replacing the original ads altogether, or by placing ads on websites.

Short for a robot, a bot is an automated software program designed to carry out specific tasks over the internet, such as crawling websites and indexing content for search engines.

As bots are very good at repetitive tasks, they are the weapon of choice for fraudsters. A bot can run tirelessly and perform tasks much more efficiently than a human. Clicking a thousand times on an ad or scraping all the information from a site. There are a lot of bots on the Internet. Approximately 40% of global internet traffic is generated by bots and fake users – only 60% by real people. A bot can be made from almost any device with a chip and connectivity, such as webcams, thermostats, connected cars, connected fridges, mobile phones, etc. 

As bots are getting more sophisticated, it is becoming increasingly difficult to detect them. Bots used to live only in data centers, now they live on user devices with the real user and device IDs. They used to have a robotic click behavior. Now they replay normal distributions that mimic human behavior. Fraudsters for example record real mouse movements on illegal movie streaming platforms (where real humans go to) and replay it on sites the bot visits to avoid detection.

A click bot is a bot that is specifically designed to execute click fraud. Simple bots will access a specified page and click the desired link. These are the easiest bots to detect because their behavior is distinguishable from human behavior. More advanced bots will imitate human user behavior, like mouse movements, pausing, longer time spent per page, and random time spent per page. The humoresque actions make these bots much harder to detect.

Click fraud is usually carried out by bots. However, it can also be operated by low-paid workers as well. As a group, these workers are known as a “click farm” and run from developing countries with cheap wages.

However, click farms are a lot less efficient for fraudsters and a lot more resource-intensive. It’s a lot easier to write code and create click bots than hiring dozens of workers, which is why most click fraud comes from bots.

  1. Although correlated, good click-through rates (CTRs) are still not indicative of good conversion rates, since it is still not clear if a visitor would buy an advertised product once he/she clicked on the ad (cost per action (CPA)-based models (where the advertiser only pays when the product is purchased) provide better solutions for the advertisers (but not necessarily for the search engines), since CPA are more indicative that their ads are “working).
  2. It does not offer any “built-in” fundamental protection mechanisms against click fraud since it is very hard to determine which clicks are valid vs invalid in general (it can be done relatively easily in some special cases but not in general). Therefore, major search engines launched extensive invalid click detection programs and still face problems combating click fraud.

Here are some impacts of click fraud or fraudulent click activity:

  1. Conversion rate is decreased, you may get clicks but no conversions.
  2. Campaign budget wastes away.
  3. Impacting business revenue by draining useless reach of advertisers who don’t wish to purchase.
  4. Skews the advertiser’s data – if your PPC campaign gains a lot of conversions and clicks, then keep it running. However, once that ad gets clicks with no conversions, consider taking the ad down. Clicks don’t mean conversions. This skewed data makes it difficult for advertisers to decide which ads should be kept and which should be stopped.

Dubbed the “Biggest Ad Fraud Ever” by Forbes, the attack called the Methbot campaign, enabled a group of Russian criminals to make between $3 to $5 million a day by faking clicks on video ads. The group Ad Fraud Komanda acted carefully and efficiently. Using fake domain registrations they tricked programmatic advertising algorithms into buying their space over big-name brands. Next, the criminal group sent fake traffic from more than 570,000 bots to those ads.

Since the bots appeared to “watch” the almost 300,000 million video ads a day, the platform paid the criminals according to the pay-per-click system. With an average PPC rate of $13 per thousand views, the hackers were able to reap substantial gains. The bots were intelligently programmed to mimic the reactions of real users, with fake mouse movements and social media login information. Criminals took pains to make the bots appear as close to real users as possible, even stealing hundreds of thousands of addresses and associating them with U.S internet providers so the system would think they belong to American addresses.

Essentially, click bombing is when your Google.Adsense ads get clicked much more than normal. For example, if a malicious user goes to your website and clicks on one of your Adsense ads 100 times. This would be click bombing.

Ultimately a simple scam. Bots are sent to a business’s website in order to get tagged for retargeting ads. Bots are then sent to the fraudster’s website to “look” at the ads that the business is paying to display.

Marketeers buy ad impressions on a cost-per-thousand (CPM) basis like in mobile display or video ads. However, these ads are shown to a fake audience like bot traffic.

Fraudsters trick marketers into paying them a commission even though the sale would have happened anyway by tricking the analytics/attribution platforms and sending fake data into Google Analytics. Fraudsters make it appear as if a user clicked an ad to come to the site, even though no ads were ever run. By doing so, the fraudster claims credit for sales that would have happened anyway. And no ad was ever seen or click on.

Sophisticated bots are able to closely mimic human behavior. By looking at how users interact with a site, anomalous behavior that does not fit the site’s behavioral profile can be flagged.

Fraudsters deploy tools like Puppeteer or Selenium, which were originally created to help programmers test their work, but they make it simple to write bots that visit pages and click on ads.

Residential proxies allow bot makers to “bounce the traffic” through residential IP addresses and disguise it. If the traffic were obviously from Amazon data centers, it could easily be blocked by fraud detection.

You may have heard of IP addresses and their importance in identifying fraudulent click sources. One of our service’s unique features is the ability to detect fraudulent clicks without using IP addresses. Device fingerprinting (or browser fingerprinting) allows us to distinguish between a user’s features and IP address. These include screen size, color depth, device maker and model, and browser versions. These data points are combined to create a fingerprint in real-time. A user could change their IP address to remain anonymous, but device fingerprinting allows you to identify them without relying on their IP address.

7 ways click fraud  may be done

  1. Individuals deploying automated clicking programs or software applications (called bots) specifically designed to click on ads.
  2. An individual employing low-cost workers or incentivizing others to click on the links.
  3. Website publishers manually click on the ads on their pages (attempting to generate revenue for themselves).
  4. Website publishers manipulate web pages in such a way that user interactions with the website result in inadvertent clicks (iframes).
  5. Website publishers subscribing to paid traffic websites that artificially bring extra traffic to the site, including extra clicking on the ads.
  6. Advertisers manually click on the ads of their competitors
  7. Website publishers being sabotaged by competitors or other ill-wishers.
Why clickfraud.dev?

What differentiates clickfraud.dev from other click fraud detection software?

Our software was written by engineers and mathematics with years of experience developing enterprise-level ad serving and ad network technology. Originally produced for use with our own advertising campaigns, now you can use the same click fraud protection techniques used by leading online advertisers.

Our service provides advanced monitoring and protection service for businesses and agencies running Google PPC campaigns. In our software, you’ll find unique features exclusively developed by us enabling you to immediately and automatically protect your Google Ads campaigns.

our team

Why is click fraud dangerous for you?

get protection


Wasted ad budget

Unless detected and blocked, bots waste your PPC budget. You might spend over 20% on irrelevant traffic


Incorrect data

The accuracy of your ad campaign data is affected and can lead you to wrong data-driven decisions.


Poor Conversion

Fake clicks have zero potential for sales, they drive your CTR up and push your conversion rate down.

Statistics of click fraud

By reviewing a few statistics, we can see that click fraud farms are running rampantly.

  1. Fraudulent PPC ad clicks amount to 20%, costing businesses up to $60 billion per year.
  2. In 2018, Google had advertising revenues of $116 billion which is $23.2 billion in click fraud.
  3. From 2015-2020, click fraud seems to be growing at about 52% year over year, and click fraud on PCs has grown 4%.
  4. Mobile device click fraud was over 100% in 2017and could be closer to 200% in 2020.
  5. AT&T produced the first banner ad which had a 44% click-through rate.
  6. You can expect an average of 0.19% click-through rate on display ads.
  7. In 2017, around 1 in 5 ad clicks were fraudulent.
  8. The Russian Methbot Operation made close to $5 million per day from click fraud and ad view fraud bots.
  9. In 2015, Bloomberg reported that 22% of all click fraud hit the finance industry.
  10. Between 2016-2018, companies lost $7.2 billion to click fraud.
    You may save around 21% by doing a click fraud audit.
are you a victim?

What can you do to minimize the risk of click fraud?


Conduct your initial research on known IPs and add them to your blocked list. This will help your law firm avoid the hassle of getting clicks from easily avoidable sources. You can add the exclusions simply by jumping on your Google.Ads settings page and moving to the IP Exclusions subcategory.

Trustworthy partners

If you are running Google Display Partner Network, make sure that you select the most relevant and trustworthy partners to display your ads. Additionally, you can set your goals for remarketing and retargeting, making your ads visible to a specific selection of searchers who either visited your website before or were physically present in certain locations around your area.


Add strict geotargeting and exclude certain locations. Fraudulent activity from click farms is often coming from locations with lower labor rates. You can look for the most commonly known regions and exclude them from your campaigns.


Monitor your analytics, reports, and metrics. You might be able to identify patterns on some of the clicks you are getting that lead you to spot a competitor who’s clicking on your ads. If, for example, you find a specific IP performing very similar actions without converting to a signed case, you can add it to your list of exclusions.

how it work?

Our software tracks each and every visitor who visits your site. It automatically blocks the IP or devices which are clicking your Google.Ads. Keep fraudsters away from your ads.



We track every click on your ad, collecting valuable data and information to gain insight into how your ads are interacted with.



Our industry-leading AI-based algorithms separate real potential customers from fraudsters and bots.


Block bots

Once a fraudulent click is detected the Google.Ads will be hidden from the fraudster.

neural network

Warning signs of ad fraud

are you a victim?


 Abnormally high CTR

Unrealistic click-through rates (CTRs).


Poor on-site analytics

 High bounce rates and short session durations.


Datacenter IP addresses

The visitor to your page is originating from a hosted server (VPS), not a residential or corporate computer


Suspicious site lists

The majority of fraud originates from obscure sites, whereas the majority of real human visitors go to recognizable publishers.