Ad fraud is big business. Not only are scammers using automation to reach new scale – contributing to a criminal enterprise that’s eight times the size of credit card fraud – but fake engagement causes knock-on effects. For advertisers, bad data sullies marketing campaigns and drains budgets. For ad platforms, despite what they say publicly, invalid clicks still contribute to the bottom line.

Meta projected that 10% of its 2024 revenue came from scams and banned goods, Reuters reported, with the social media giant internally estimating that its platforms show 15 billion scam ads a day. Meanwhile, our analysis of more than 100 million clicks found invalid click rates running about 50% higher than what Google reports. Both cases demonstrate the conflict of interest in fighting fraud.

The current model – where the platform giants act as both ad salesman and fraud policeman – is broken. In this new landscape, supercharged by increasingly autonomous bots, advertisers should no longer outsource fraud detection to the platforms that profit from it.

The ad fraud conflict of interest

At this point, fraud is more of a feature than a bug in digital advertising. Remember that most ad networks operate on a volume-driven revenue model in which every click, regardless of authenticity, contributes to the platform’s bottom line. Aggressively eliminating fraud would mean admitting their reach is smaller than marketed. These publicly traded companies face pressure to maintain traffic metrics and billable inventory. As a result, we’re more often seeing platforms catch the most obvious bots while sophisticated invalid traffic persists.

Meta’s leaked documents offer valuable insight into the inner workings. Internal memos revealed that enforcement teams track fraud but operate under strict guardrails on how to act on it. One review found the company ignored or rejected 96% of valid user reports flagging scam ads and the threshold for actually banning an advertiser required 95% certainty of fraud. Otherwise, anyone below that just got charged higher ad rates and kept running.

And actions against fraudulent advertisers were capped at 0.15% of revenue. This tells us that fraud is flagged but the bottom line matters in deciding what to do with it.

Marketing Technology News: MarTech Interview with Max Groth, CEO at Decentriq

The problem with self-reporting

A similar dynamic plays out with invalid clicks. For example, Google reports an average invalid click rate of 11.4%. Our independent analysis across 43,000 accounts, however, finds a rate of 17.8%. Adding to the issue, invalid click rates have doubled since 2010 thanks to the increased sophistication of AI-driven bots and ad fraud malware.

Since then, it’s become much harder to differentiate between human and bot engagement. This is because bad actors are using artificial intelligence and machine learning to create bots that pause on content and simulate scrolling, thereby mimicking human viewing behavior and making detection far more difficult. Additionally, they’re using malware to infect user devices, secretly drive traffic to scammer-controlled domains, and make it unclear whether ad clicks are coming from users or “ghost click farms”. In turn, ad fraud is only growing and marketers are losing about one in five dollars.

And downstream, bad data means autobidding starts chasing bot patterns and retargeting non-existent users. Google’s Smart Bidding, Performance Max, and automated campaigns start learning from signals that increasingly include traffic that isn’t real. The result is inflated cost per action (CPA), distorted return on advertising spend (ROAS), and budget being allocated to interactions that never convert. Data poisoning like this makes up look like down and down look like up.

The fact of the matter is that ad platforms have skin in the game. Right now, these corporations are essentially grading their own ad fraud homework with little incentive to accurately report the true scale and scope. It’s time for marketers to stand up for themselves and start treating every click as a security event worthy of independent verification.

How we restore accountability

We need to stop taking platform-reported analytics as gospel. Instead, the status quo demands due diligence with closer monitoring of user verification, behavioral analytics, and fraud scoring.

For example, teams can and should keep a closer eye on inflated CTRs without corresponding conversions, as well as on traffic spikes from unusual countries, to better understand actual performance. This foundation is then strengthened with independent fraud detection tools that analyze traffic patterns, device fingerprints, IP behavior, and engagement signals. These complementary solutions go a long way to creating an independent source of marketing truth.

Armed with this information, teams can better push back on the sophisticated invalid traffic they miss. And, by partnering with platforms that enable real-time metric monitoring, it’s also possible to block bad traffic before it enters the funnel and corrupts bidding, targeting, and forecasting data.

Practitioners need to go the extra mile to keep the tech giants honest. This way, we can refund more questionable clicks, show the platforms we’re watching, and better protect the integrity of campaign data.

About Fraud Blocker

Fraud Blocker, is a leading click fraud prevention software.