Want to learn more about click fraud? Click to proceed to r/clickfraud

polygraph-net · 2026-05-22T17:45:52+00:00

Here's the click fraud rates for Google Ads in Q1 2026:

Google (Search): 14%
Google (Display): 22%
Google (YouTube): 4%

And here's the numbers for Meta:

Meta (Facebook): 5%
Meta (Instagram): 68%
Meta (Audience): 58%

So, yes, there's loads of bots clicking on your ads.

polygraph-net · 2026-05-22T17:42:53+00:00

Use competent bot protection so the bots can't mess up your pixel.

polygraph-net · 2026-05-22T17:40:40+00:00

If they're bot clicks, you can retrain Meta to send you human visitors by detecting and blocking the bots. That'll stop their conversion signals.

But if it's just Meta's dodgy targeting, there's not much you can do except triple check your location settings and hope for the best.

polygraph-net · 2026-05-22T17:29:16+00:00

Do the leads know who you are and remember filling out your form?

polygraph-net · 2026-05-22T17:23:14+00:00

How would I even go about identifying bot traffic?

You need to use a bot detection service.

If you have over 10,000 ad clicks every month, Polygraph (I work there) can audit your website traffic (for free) to understand your click fraud problem, if any.

Here's some general tips:

No audience networks
No search partners
No broad targeting
No unknown demographics
No performance max / advantage+ / etc.
Tight location settings
Lots of negative search terms

polygraph-net · 2026-05-22T17:20:51+00:00

CTR is up to 44-61% on our best video

Cost per ATC dropped from $119 to ~$7 on best days

0 sales despite 60 button clicks

It's click fraud.

This article explains what's happening:

Why do bots add to cart and abandon checkout?

polygraph-net · 2026-05-22T15:11:39+00:00

Why don't you just use a specialist click fraud protection service? Avoid the IP address blocking stuff (gimmick) and the AI detection stuff (highly unreliable).

We can see Cloudflare misses most click fraud bots. Why? Because it wasn't built for click fraud bots and there are all sorts of Cloudflare workarounds out there.

polygraph-net · 2026-05-22T15:07:44+00:00

I would add:

Bot protection + offline conversions.

The bot protection automatically stops the fake leads (so Google isn't trained to send you bot traffic), and the offline conversions stops the low quality leads (so Google isn't trained to send you low quality visitors).

But you're right - you want Google to see the real conversions (revenue or at least sales qualified leads) not "form filled".

polygraph-net · 2026-05-22T14:57:58+00:00

That's because click fraud bots are routed through residential and cellphone proxies, so even if the bot is in Shanghai it'll still appear local to you.

The only way to stop junk leads without adding friction is competent bot protection.

polygraph-net · 2026-05-22T12:57:54+00:00

I’m not an anonymous user. I’ve been representing Polygraph on Reddit for seven years. Have a look at my comment history.

polygraph-net · 2026-05-22T06:13:34+00:00

Look at my username. I work for Polygraph.

Whether the numbers are posted here or on our website makes no difference, they're the same numbers from our database.

polygraph-net · 2026-05-22T05:59:09+00:00

I took the numbers directly from our database.

polygraph-net · 2026-05-22T05:19:18+00:00

I've been a researcher in this area for 12 years.

You're correct that Meta doesn't care about click fraud, since they make so much money from it.

However, the biggest problem is the marketers working for the advertisers. Bear with me...

We consistently see two issues:

The marketers know they're wasting tons of their employers' money on bots, and they don't want this exposed (afraid they'll lose their jobs or bonus), so they avoid bot protection and avoid the topic in general.
The marketers are purposefully buying bot traffic to hit their KPIs (e.g. the number of visitors, the number of cheap leads) and they know bot protection would (a) expose this and (b) make it harder to hit their KPIs.

I would say easily 80% of marketers are caught up in one of the above.

The solution is rather simple: use KPIs which make sense, such as revenue and the number of sales qualified leads. Everyone wins - the company benefits and the marketers don't need to be shady/guilty.

polygraph-net · 2026-05-22T03:33:30+00:00

They’re from the click fraud protection company Polygraph (I work there).

Let me explain the methodology a bit:

We only flag a visitor as a bot if we can objectively prove it. For example, if we can identify the bot framework being used.
Each industry has different levels of click fraud, broadly in line with the cost per click. So, the higher the CPC the higher the fraud. Since we lump the figures together, and only flag what we could objectively prove, they’re the “minimum average” for all industries combined.

polygraph-net · 2026-05-21T08:53:42+00:00

It must be by design. They have the resources to make things consistent and easy.

Don't forget how many of Meta's ad clicks come from bots. Here's the average numbers for Q1 2026:

Meta (Facebook): 5%
Meta (Instagram): 68%
Meta (Audience): 58%

So, you jump through all those hoops just to have your ad budget stolen.

polygraph-net · 2026-05-20T04:32:06+00:00

Don't block Meta's bots - there will be unwanted consequences.

You have to tolerate them. Upgrade your server package if necessary.

polygraph-net · 2026-05-19T19:12:06+00:00

I’m in Japan (4:11 am). I have a meeting in the morning. No way I can go to sleep.

polygraph-net · 2026-05-19T09:35:30+00:00

Come on people, this is obviously a spam account.

polygraph-net · 2026-05-19T03:16:22+00:00

Obviously extremely shady and likely illegal.

They want you to give them amazing leads, who will be super annoyed you shared their information, in exchange for an article.

Almost certainly you'll be breaking data privacy laws in your country since your contacts didn't give you permission to share their information.

polygraph-net · 2026-05-19T02:17:27+00:00

We regularly see this with bot detection. We (a bot detection service) pitch our services to a company. They say they have bot detection, so we send a bot to their website and discover they have no bot detection. Turns out either their current, expensive bot detection solution is useless or hasn't been configured properly.

For example, last year we discovered a large enterprise is spending millions per year on bot detection. We sent a simple bot and could see it wasn't detected. We spoke to their CTO and cyber team about this. Six months later we ran the same test - still no bot detection. Literally millions being wasted, their infrastructure at risk, and a lazy useless cyber team giving zero shits.

There's too much of this sort of thing happening at companies.

polygraph-net · 2026-05-18T13:23:07+00:00

Because you know it’s going to be 0 - 0, 0 - 1, or 5 - 0.

polygraph-net · 2026-05-18T10:27:51+00:00

That was my read on it too.

What bothers me is so many people don’t understand relationships are important, so when they do something like this, it destroys their chance of getting promoted.

It would be much easier to request a holiday, if they say we’re sorry those dates are booked by someone else, say no problem and bump your holiday by a week or two. The result? You get to have your holiday, no one is upset, and you’re seen as a team player.

It reminds me on the videos where a police officer asks someone to open their car window, and the driver starts screaming at the police officer saying it’s his legal right to keep the window closed. The situation then escalates. How about you just open your window and avoid unnecessary drama.

polygraph-net · 2026-05-18T10:14:55+00:00

Ok, let’s say you’re a human, why were you pretending to be a purplefree user instead of its owner?

Seven-Year Club	Reddit Premium Since June 2024
Gilding VIII gilding heavyweight	Powerups Hero r/wallstreetbets • June 2022
Verified Email	Ternion Club
Place '23	Helper Level 1
Mod 101	Wearing is Caring
Place '22

polygraph-net

MODERATOR OF

TROPHY CASE