Extending Your Advertising Defense: The Importance of Click-Level Protection

This is part four of a multi-part series. Check out part one, part two, and part three of this series on the definition and market impact of click fraud.

Fraudsters are creative. Ever since the advent of digital advertising—and in particular the programmatic advertising ecosystem—fraudsters have developed even more sophisticated and inventive ways to steal from the economic lifeblood of the modern internet.

Safeguarding advertisers’ budgets requires a comprehensive approach, including both impression-based ad fraud protection and click fraud protection. As advertisers are shifting their focus to lower funnel metrics like clicks, conversions as measures of success, the fraudsters are witnessing this transition and are following the money. 

Show me the incentives, and I’ll show you the outcome. With ad dollars flowing to those performance metrics, fraudsters will design schemes for clicks, by appearing legitimate during the ad serving process. Understanding how impression-based ad fraud and click fraud are distinct is a useful endeavor for organizations as it can inform campaign design and goals.

Impression Fraud vs. Click Fraud: Understanding the Difference

Impression, viewable, and click ad fraud each exploit different stages of the ad lifecycle to generate invalid activity and drain ad budgets.

Impression ad fraud involves serving ads in ways that make them technically count as impressions but are never seen by real users—for example, loading ads in 1×1 pixel iframes hidden on a page.

Viewable ad fraud manipulates metrics to make ads appear viewable according to industry standards, even when users aren’t actually seeing them—such as quickly stacking multiple ads in the same placement to artificially inflate viewability rates.

Click ad fraud occurs when fake or incentivized clicks are generated to mimic genuine user interest—like bots or click farms triggering clicks without any real engagement or intent. 

Impression fraud, at its core, is a volume-based attack where the goal is to target and impersonate media types where CPM rates have historically been the highest. These tend to be associated with Connected TV, Audio, Video, and Rich Media Display. Effective detection and protection of these sophisticated attacks require extensive breadth and depth in signal collection. To look like a million bots on the internet is a powerful concept and is just the start of what an attacker can leverage this ability for. Impression fraud can propagate in areas where there is opaqueness in the buying process, like purchasing inventory without insight into the quality of the supply source. 

Click fraud involves the deliberate manipulation of engagement metrics such as clicks, conversions and call to actions to generate fake engagement. Fraudsters employ a range of tactics to mimic valid user behavior, from malware that hijacks ad creatives during serving, to advanced attacks that lie dormant for hours or days before targeting the click redirector. This results in both operational and financial losses for platforms.
Click fraud can erode advertiser trust in targeted inventory, drain competitors’ ad budgets by inflating costs, and in more advanced cases, use malware to generate clicks from real devices, bypassing impressions altogether. Based on our observations, these attacks can often remain undetected and appear legitimate throughout the ad serving process, as they are designed to exploit specific click events within the ad serving process.

Why Separate Protection Strategies Are Necessary

It follows, naturally, that defending against impression-based ad fraud and click fraud attacks requires distinct tools and tactics. 

That’s in large part because many key signals indicating click fraud can show up after the impression occurs. Key signals of a click based attack could be from events such as abnormal click rates, no user activity following a click, rapid or repetitive clicks. 

Protecting your organization from both impression-based and click fraud attacks requires a comprehensive approach that focuses not only on the impression, but also on the entire customer journey.

What’s more, with the advent of new threat vectors that live outside the traditional programmatic ecosystem—like actors targeting inventory within retail media networks (RMNs) —these threats now span more touchpoints than ever before.

Comprehensive Protection

As fraudsters continue to build new and increasingly sophisticated attacks—as seen in the recent BADBOX 2.0 investigation—organizations need to find solutions that keep pace with threat actors across both impression-based ad fraud and click fraud attacks. Such an approach safeguards platforms, brands and publishers from complex attacks using both impression-level and click-level signals, flagging fraudulent traffic at every stage of an attack.

A comprehensive approach reinforces the feedback loop informing the detection engine for both impression-based ad fraud and click fraud attacks; the intelligence gathered from each mitigated attack results in stronger protections for every future attack, pushing threat actors out of the ecosystem entirely.

And finally, the ROI of a comprehensive and layered protection is clear: campaigns have cleaner impression and click metrics, technology partners have fewer clawbacks, ROAS is maximized by allowing advertisers to focus on genuine activity, and targeting algorithms are fed only accurate, actionable information.
Boxing out IVT with comprehensive protection measures makes sure campaigns are accurate and reflect only intentional human activity.