Why do display networks have so many bots?

February 20, 2024 ∙ 2 minute read

In this article we explain why display networks - also known as audience networks - have so many bots. We discuss why these bots exist, who profits from them, and what you can do to protect your ads from click fraud.

What is click fraud?

At least USD $100B (billion) is stolen from online advertisers every year. The people stealing the money are website publishers, and bots are their henchmen. Their crime is called click fraud.

It typically works like this:

  1. A website publisher contacts an ad network such as Google Ads, Microsoft Ads, Meta Ads, or LinkedIn Ads, and opens a publisher advertising account. This account allows him to place other people’s ads on his website.
  2. Instead of relying on legitimate visitors to click on the ads, he programs a bot to come to his website and click on the ads.
  3. These bots, known as click fraud bots, are very advanced. They're usually built using a stealth bot framework such as puppeteer-extra and its stealth plugin, their IP addresses are constantly changed using residential proxy services, and their device fingerprints are randomised to imitate normal computers and cellphones.
  4. To the casual observer, the bots look like real people visiting websites and clicking on ads.

Polygraph, a relatively small cybersecurity company, is able to detect these click fraud bots, but for some reason the ad networks can't or won't. Google even added a feature (--disable-blink-features=AutomationControlled) to its web browser to make it more difficult to detect click fraud bots.

Who profits from click fraud?

Let's explain this by following the money.

  1. An online store wants to attract more visitors, so they contact one of the large ad networks and open an advertiser account.
  2. They create an advert, and choose to publish it on the display/audience network. They agree to pay a few dollars every time it's clicked.
  3. The ad network pushes the advert onto the display network, where people and bots can click on it.
  4. For every click on the ad, the store owner pays money to the ad network, and the money is shared with the website publisher.

There are a few things to note here. The first is how both the ad network and website publisher earn money every time a person or bot clicks on an ad. They both profit from click fraud.

The second issue is the large number of click fraud websites on the display network. There are millions of publisher websites using bots to generate clicks on ads. These range from obvious scam websites to listed multinationals. It's a huge problem.

How can I prevent click fraud?

As stated earlier, the ad networks are unwilling or unable to detect and prevent most click fraud bots. The possibly cynical explanation is they have no incentive to make an effort, as they get paid for every click, real or fake.

To quantify the size of the problem, below are the click fraud rates for the main ad networks in early February 2024:

  • LinkedIn: 48%
  • Facebook: 36%
  • Bing: 29%
  • Twitter: 26%
  • Google: 12%

The click fraud rates affecting your ads depends on the ad network you're using, your industry, and the keywords you're targeting. Polygraph can quantify your click fraud problem.

To prevent fake clicks on your ads, you need to turn off search partners, and turn off the display network or use a whitelist. That will prevent scam display websites from showing or clicking on your ads.

You also need to prevent bot clicks on your search ads, as click fraud bots will try to force your ads onto display websites using retargeting click fraud. To prevent retargeting click fraud, you need to detect the fake clicks on your search ads, see which search terms the bots are using to trigger your ads, and add those search terms as negatives. Polygraph can help you do this.

You should avoid broad and phrase keyword matching, as they make it easy for bots to find your ads, and you should avoid performance max and its peers, as they'll show your ads on click fraud websites.

Finally, we recommend you don't waste your time on IP address blocking, as it's a gimmick.

Conclusion

Click fraud is an online scam which steals at least USD $100 billion every year. Website publishers are using display networks to monetise their websites, with a significant percentage of these websites using bots to click on the ads.

The advertising networks have no incentive to deal with the issue, since they get paid for every click, real or fake, so their click fraud detection and prevention systems range from non-existent to lacking basic features.

To protect your ads from click fraud, you need to avoid search partners and display networks, and monitor your search clicks for retargeting click fraud. Polygraph are experts at detecting and preventing click fraud.