OWASP Automated Threats

False clicks and fraudulent display of web-placed advertisements.

What is Ad Fraud?

Falsification of the number of times an item such as an advert is clicked on, or the number of times an advertisement is displayed. Performed by owners of websites displaying ads, competitors and vandals.

See OAT-016 Skewing instead for similar activity that does not involve web-placed advertisements.

Ad Fraud is also known by terms such as advert fraud, adware traffic, click bot, click fraud, hit fraud, impression fraud and pay per click advertising abuse.


The symptoms of Ad Fraud

  • 1
    Common patterns - such as the same referer or user agent - in click or impression spikes (peaks)
  • 2
    Low conversion ratios during the spikes
  • 3
    Unusual peaks in the number of clicks or impressions
  • 4
    No increase in the number of conversions during peaks in impressions or clicks
  • 5
    Drop in the number of page views during peaks in impressions or clicks
  • 6
    Higher bounce rate during peaks in impressions or clicks


Sectors targeted by Ad Fraud

  • Entertainment
  • Financial
  • Health
  • Retail
  • Technology
  • Social Networking


Can InfiSecure prevent Ad Fraud?

InfiSecure can block all click fraud and ad fraud activities. InfiSecure can identify and restrict automated usage by fingerprinting the user agent for its unique characteristics and using the information to reject or restrict value of related clicks/impressions. InfiSecure identifies common bot patterns in users’ system fingerprints, IP addresses and HTTP headers (such as user agent, cookies, etc.), especially for requests during traffic peaks, and track relationship to conversation ratios in real-time.