What is retargeting click fraud?

February 10, 2023 ∙ 3 minute read

In this article, we explain the steps involved in retargeting click fraud, and tell you how you can protect your ad campaigns from this click fraud scam.

What is retargeting?

Retargeting is an advertising technique which shows your ads to people who've previously visited your website. For example, imagine you visited an online store, browsed around, added something to the shopping cart, and then left before buying anything. As you continue using the internet, you'll start noticing ads for the online store, trying to tempt you to return and become a customer.

The key point to understand here is you visited a website, and were then shown ads for the website.

What is retargeting click fraud?

Retargeting click fraud is one of the many ways scammers are able to steal advertisers' marketing budgets. It typically works like this:

  1. A scammer creates a website, and opens a publisher advertising account at an advertising network like Google Ads. The publisher advertising account allows the scammer to place other people's adverts on his website.
  2. The scammer creates a click fraud bot, and takes a number of steps to make the bot appear to be a real internet user. This includes using a bot framework such as Puppeteer-Extra and its stealth plugin, and using random residential proxies to hide the bot's real IP address. An additional benefit of the residential proxies is it allows the bot to have a different IP address every time it clicks on an ad, causing IP address blocking to have little to no impact on the bot's success. You can read more about why blocking IP addresses won't protect your ads from click fraud.
  3. The scammer researches high value ad keywords, such as "lawyer in NY, "online MBA", and "knee surgery". The idea here is the scammer wants his bot to target lucrative ad keywords, as they'll maximise the amount of money he can earn.
  4. The bot goes to google.com, searches for one of the high value ad keywords, and clicks on every search result, including the ads. At each website, the bot browses around, and acts like a regular user, such as submitting a contact form or adding items to the shopping cart.
  5. At this point, the bot is ready to be retargeted, as the advertising network has been tricked into believing the bot is a real person. The bot navigates to the scammer's website, and is shown a high value advert which it clicks on. This earns money for the scammer.
  6. The bot will generate fake conversions at some of the advertisers' websites, to further trick the advertising network into believing it’s dealing with a real person. You can read more about conversion fraud.

That's the basic process. The bot tricks the advertising network into retargeting high value adverts on the scammer's website, which the bot clicks on, earning significant income for the scammer.

How to prevent retargeting click fraud?

Retargeting click fraud isn't random, and instead targets high value ad keywords. If you remove the at risk ad keywords from your search campaigns (add them as negative keywords), the bots won't be able to see your search ads, and therefore can't click on them. This has the side effect of preventing your ads from displaying (retargeting) on scam display websites.

Polygraph is able to detect the bots clicking on your ads, so we can tell you which keywords they're targeting. You simply add these keywords as negative keywords, and your ads will no longer be at risk of retargeting click fraud.


Retargeting is a digital marketing technique which causes your ads to be shown to people who've previously visited your website. Unfortunately, criminals are taking advantage of retargeting by using it to force high value ads to appear on their scam websites. Bots are able to click on these ads, generating massive income for the scammers, and huge losses for advertisers.

Polygraph gives you the data you need to prevent retargeting click fraud from stealing your marketing budget.

Try Polygraph today, free of charge, and protect your ad budget from click fraud