What is piggyback click fraud?

April 9, 2024 ∙ 2 minute read

In previous articles we explained the basics of click fraud (What is click fraud?) and why bots are clicking on search ads (What is retargeting click fraud?). In this article we'll discuss a devious click fraud technique known as piggyback click fraud.

How do criminals make click fraud bots?

Before we discuss piggyback click fraud, let’s review two of the most common ways scammers create click fraud bots.

Create a custom click fraud bot from scratch

This involves creating a bot using a framework like puppeteer-extra, installing its stealth plugin to make the bot appear human-like, and routing the bot's traffic through residential proxies to ensure it has a normal-looking IP address every time it clicks on an ad.

This is the most common click fraud method and isn’t detected by ad networks. It’s also a cheap way to do click fraud. The challenge is the amount of technical skill required to create bots, and in the highly unlikely event the scammer’s server is seized by law enforcement, it's not great to be caught running click fraud bots.

Use a bots-as-a-service (BaaS) platform

It's possible to use one of the many bots-as-a-service (BaaS) platforms to create and run click fraud bots. The upside is it's easier than creating your own bots, however it requires trusting the BaaS provider knows what they're doing (are the bots truly stealth bots?), hoping they keep their clients’ data secure, and will turn a blind eye to any criminal activities.

An additional problem for click fraud scammers is the paper trail – they have to register an account at the BaaS, provide details of their click fraud websites, input their payment details, and their bots' actions will likely be logged on the BaaS' servers and backup devices.

As you can see, both creating bots from scratch and using a BaaS platform comes with risks, especially if the scammer is caught doing click fraud. This risk is eliminated by piggyback click fraud.

What is piggyback click fraud?

This is a devious click fraud technique used by large publishers and click arbitrage scammers. Polygraph is aware of major publishers, including Google Search Partners, who use piggyback click fraud as their business model.

It works like this:

  1. A scammer buys traffic from ad networks known for having large numbers of bots. Most of these ad networks will be well known within the digital marketing world, and some of them are famous multinational corporations. The scammer’s goal is to get garbage traffic from a “legitimate” source.
  2. The traffic from the ad network arrives at the scammer's website. Since a lot of the traffic is bots which have been programmed to click on ads, they click on the ads on the scammer’s website.
  3. Most ad networks have no real click fraud detection systems, so the bots' clicks are considered valid and the scammer gets paid for every click.
  4. In the unlikely event the scammer’s traffic is flagged by his ad network, he can show the receipts from his “legitimate” traffic source and claim innocence.

The downside of piggyback click fraud is the scammers need to pay for the garbage traffic they send to their websites, however it’s usually cheap - and so bot infested - that it’s easy to make a profit using a click arbitrage model. (What is the difference between click fraud and click arbitrage?)

Polygraph can detect all the click fraud techniques discussed in this article.

Summary

Piggyback click fraud is a devious scam which involves buying visitors from supposedly legitimate ad networks, and relying on the bot-infested traffic to click on the ads on the scammers' websites. This means the scammer doesn’t need to create his own bots, and in the unlikely event the ad networks complain about his traffic, he has receipts which prove he’s “innocent“ and the fault lies with his traffic source.

Try Polygraph today.