Beware of no-cost conversions

June 6, 2023 ∙ 4 minute read

This article explains how scammers are using no-cost (free of charge) conversions to disguise fake ad clicks, waste advertisers' time and money, and fool advertising networks into believing bot clicks are from real people.

What is click fraud?

Before we dive into how scammers are using no-cost conversions to scam advertisers and ad networks, let's make sure we understand what is click fraud.

Click fraud is a crime which steals billions of dollars from advertisers every year. Scammers use the pay-per-click (PPC) advertising model to monetise their websites, however instead of waiting for genuine internet users to click on their ads, they use bots, resulting in millions of fake ad clicks every day.

Based on our own data, at least 5% of ad clicks are fraudulent, with the figure increasing to around 80% for adverts in the finance, medical, and legal industries.

Click fraud works as follows:

  1. A scammer, typically someone with a strong understanding of the PPC ecosystem, creates a website, contacts an advertising network like Google Ads or Microsoft Ads, and opens a publisher advertising account. The publisher advertising account allows him to place other people's adverts on his website.
  2. Instead of waiting for real people to visit his website, he programs a bot to come to his website and click on the ads. To avoid detection, he uses a bot framework like puppeteer-extra and its stealth plugin, routes the bot's traffic through a residential proxy service, and uses technology to randomise his bot's device fingerprint. The result of this effort is the bot appears to be a real person, with a unique IP address and device fingerprint every time it clicks on an ad. It most likely won't be detected by the advertising networks. Polygraph, experts at click fraud detection, can detect even the most advanced click fraud bots.
  3. After clicking on an ad, the bot will sometimes generate fake conversions at the advertiser's website. This will be a no-cost (free of charge) conversion, such as submitting a leads form, creating an account, or adding items to a shopping cart. The fake conversion tricks the ad network into thinking a real person clicked on the ad, and wastes the advertiser's time as he fruitlessly contacts the fake lead.
  4. Since the advertising networks have less than ideal click fraud detection, and are easily fooled by fake conversions, advertisers are charged for most fake clicks. The money is shared by the advertising networks and scammers, in a roughly 50/50 split. Polygraph is monitoring a large number of click fraud scammers earning USD 1M+ per month per website. Most click fraud scammers have multiple websites.

There are a few variations of the above scam, including retargeting click fraud.

What is conversion fraud?

One of the challenges faced by click fraudsters is the fact their bots never purchase anything at the advertisers' websites. This is a problem as the ad network may eventually flag the scammers’ traffic as being low quality. This could result in the scammers’ publisher advertising accounts being suspended.

To get around this problem, the scammers’ bots periodically generate fake conversions at the advertisers' websites, such as submitting fake leads, creating accounts, and adding items to shopping carts. The fake conversions occur after the bots have clicked on ads, as this increases the scammers’ traffic quality scores at the ad network. Only some bot clicks result in fake conversions, as this simulates the volatility of real people filling out leads forms, creating accounts, and adding items to shopping cards.

Why do bots target no-cost (free of charge) conversions?

Generating no-cost conversions such as submitting fake leads is easy, since the click fraud bots only need to find leads forms on the advertisers’ websites, and submit bogus data. Typically, the data submitted will be real people's information, so when the advertiser contacts the leads, he'll be met with confusion, or his calls and e-mails will go unanswered.

If the click fraud bots tried to create paid conversions, such as purchasing products or subscriptions, it would increase the scammers' costs, and introduce the complexity of maintaining valid credit cards. By comparison, generating no-cost conversions is free and easy.

Why aren't the advertising networks detecting click fraud and conversion fraud?

That’s the multi-billion dollar question. Polygraph, a relatively small company, is able to detect the vast majority of click fraud, yet the advertising networks continue to struggle, with some unable to detect even the most simple click fraud.

A cynical explanation is the advertising networks have a conflict of interest, since they get paid for every click, real or fake. More likely, the problem is a lack of effort and care by the teams assigned to detect and prevent click fraud.

How do I prevent conversion fraud?

To prevent conversion fraud, you need to prevent click fraud. This is because conversion fraud occurs after click fraud. Polygraph gives you everything you need to detect and prevent click fraud:

  1. Polygraph tells you which of your ad keywords are being targeted by click fraud bots, so you can remove those keywords from your ad campaigns. This prevents click fraud bots from being able to see or click on your ads.
  2. Polygraph tells you which scam display websites are clicking on your ads, so you can block scam display websites from being able to click on your ads.
  3. Polygraph gives you granular details of every fake click, including why it's fake, so you can apply for click fraud refunds from your advertising network.

Try Polygraph today.


Click fraud scammers are generating fake conversions at advertisers’ websites to fool the advertising networks into believing their bots’ fake clicks are from real people. The scammers use no-cost conversions, such as submitting leads forms, as it's far simpler than using paid conversions such as purchasing products.

Since conversion fraud occurs after click fraud, to prevent conversion fraud you need to prevent click fraud. Polygraph gives you everything you need to detect and prevent click fraud.