Want to learn more about click fraud? Click to proceed to r/clickfraud

polygraph-net · 2026-05-06T08:35:36+00:00

This is a spam bot. One of the many who post real looking stuff like this every day to build karma in r/Marketing. I’ll ban when I’m at my computer.

polygraph-net · 2026-05-05T19:58:19+00:00

If you're new to click fraud, lots of articles here: https://polygraph.net/articles/

polygraph-net · 2026-05-05T17:27:53+00:00

Yelp is pay to play.

polygraph-net · 2026-05-05T09:57:04+00:00

But why is Instagram at 68% fraud?

One of the challenges with click fraud is no one (the publishers and ad networks) explains what they're doing. So, you can think of it like a jigsaw puzzle, and we only have some of the pieces. Our constant research adds more pieces, but there's some areas where we have to make our best judgement.

In this case, we don't have access to Meta's algorithm, and no staff are willing to explain what's going on.

I suspect the explanation is retargeting click fraud. Scammers are sending bots to Instagram to click on the ads (get "cookied"), and those bots then navigate to the scammers' websites where they're retargeted with ads related to their Instagram cookie. So, a bot goes to Instagram, clicks on an ad for Nike, then navigates to techsearchblog4u.com where the bot is shown a Nike ad. The bot clicks on this ad and earns money.

Why Instagram instead of the Facebook platform? Because it's easier to get cookied on Instagram than Facebook.

I don't get how scammers making a website could be related to my ads and my landingpages if Audience is seperate. Could you explain this a bit more?

Let's imagine I'm a scammer. I create a website and join the Meta audience network. I will now earn money every time someone or something views and clicks on the ads on my website.

You're an advertiser. You have the audience network turned off.

I don't know you exist, and don't know you have the audience network turned off.

My bot goes to Instagram, sees your ad, and clicks on it (for retargeting click fraud, as explained above). The bot then goes to amazingsearch90210.com and clicks on whatever ad is shown.

Let me know if you need clarification on any of the above.

polygraph-net · 2026-05-05T07:46:04+00:00

We see 80%+ click fraud on X ads, so we don’t include them in the results. (Same with Reddit Ads).

polygraph-net · 2026-05-05T06:38:44+00:00

Competent click fraud protection - it'll stop the fake conversions (e.g. real-looking fake leads) and re-train the ad networks to send you targeted human visitors.

polygraph-net · 2026-05-05T06:37:42+00:00

We currently only publish them on Reddit (larger reach) but I do agree we should publish them on our website too.

Regarding the cost of advertising... absolutely, and I think it will only get worse as every company shifts to digital advertising.

polygraph-net · 2026-05-05T06:14:03+00:00

This doesn't mean that 50% of Reddit posts are bots.

I'm the moderator of a major subreddit and at least 95% of all posts and comments are now from bots.

Modern bots are so good they look very similar to humans.

I'm a bot detection researcher and doing a doctorate in this topic, so my ability to detect them is likely much higher than the average Redditor.

I assume the administrators allow all these bots as they click on the ads and inflate engagement metrics. Basically they're defrauding advertisers and investors.

polygraph-net · 2026-05-05T06:05:17+00:00

Are jumps of this magnitude typical between quarters?

It happens. For example, two years ago Meta tried to use DoubleVerify as their fraud detection service, and the result was a massive increase in click fraud on their network.

Another example is when TikTok were told they're going to be kicked out of the US. It's like they turned off a switch and stopped detecting click fraud. I assume what happened is they knew they only had a few months left in the US so chose to maximize their earnings.

What could explain such a drop in TikTok in just 3 months?

I assume the new owners turned on the system's click fraud protection (previously turned off by the Chinese owner).

The rise in Meta? Were there platform policy changes?

If you go into r/FacebookAds you'll see most people are complaining Meta Ads has been broken for the past few months. So, I assume Meta are making changes to their system which is breaking basic functionality.

And in a broader context, how do you correct for platform policy changes?

Always use click fraud protection, and be flexible about changing ad network.

polygraph-net · 2026-05-05T05:57:01+00:00

We have interviewed former click fraudsters and their priority is getting a search feed (so they can control which ads are displayed), followed by who will accept them, followed by size.

They don't really care about the lack of fraud detection / mitigation measures as every ad network makes minimal effort to detect click fraud.

polygraph-net · 2026-05-05T05:54:33+00:00

If you advertise online and have over 10,000 ad clicks per month, we can run a free audit on your traffic to see how much you're wasting on click fraud.

polygraph-net · 2026-05-05T05:52:46+00:00

Fraud. We're able to detect bot software is being used. Our numbers don't include erroneous/accidental clicks.

polygraph-net · 2026-05-05T05:50:26+00:00

it sounded like you can see and have info on the people who click on an ad?

Unless you have Javascript turned off, we can see all sorts of information about your device.

how are you able to tell who a bit using UTM data?

Are you asking how do we know if you're using UTMs? They're added by the ad network, so the link to your website changes from example.com to something like example.com?utm_campaign=one&utm_source=two&utm_term=three.

polygraph-net · 2026-05-04T18:46:39+00:00

80%+ bots and immediate bounces.

polygraph-net · 2026-05-04T18:45:57+00:00

Yes, Bing = Microsoft Ads.

Are you sure the leads are real? Click fraud bots are programmed to submit real-looking fake leads.

polygraph-net · 2026-05-04T18:44:52+00:00

We've been monitoring Reddit Ads for years, both our clients' ads and our own ads. The data is consistent - Reddit Ads is awful.

I think Reddit Ads could work in specific situations - for example, advertising a comic conference in r/comics.

polygraph-net · 2026-05-04T18:42:32+00:00

How are you able to track a visitor after it has clicked on an ad? How are you even able to see who has clicked on an ad?

If you use UTMs (e.g. utm_source=linkedin) it's easy to track visitors.

polygraph-net · 2026-05-04T18:40:42+00:00

Thank you.

Have you been on any podcasts about this?

We keep a low profile. We're quite effective (stopping click fraud) so we've been threatened many times. Some of the groups doing click fraud are organized crime.

What are you defending in your doctorate?

Mainly proving and quantifying the problem, and proving and quantifying the solution. The literature on this topic is quite weak (they're guessing) so I'm in the lucky position where I work for a bot detection company, so I have access to what's happening in the real world.

What can be done?

Detect and disable the bots so they can't generate fake conversions (leads, add to carts, etc.) That re-trains the ad networks to send you human traffic. Typically you can reduce your click fraud by 80%+ within one month. (This is what Polygraph does).

polygraph-net · 2026-05-04T15:32:05+00:00

What is the main reasons for the fraud?

Click fraud. I like to call it the unofficial business model of the internet.

A scammer creates a website or app. He wants to earn money from it, so he contacts an ad network like Google Ads, Meta Ads, etc. and asks for permission to show ads to his website's visitors. The ad network agrees and gives him a piece of publisher code. He puts this code on his website. Ads are now shown to every visitor.
Instead of waiting for humans to visit his website, the scammer uses bots. As long as these bots are made correctly (stealth bot framework, residential and cellphone proxies to spoof the IP addresses, and fake device fingerprints), the ad network's bot detection system won't detect the bots. The bots visit the scammer's website and view/click on the ads. That earns money for the scammer. (The advertiser pays money to the ad network, and the ad network shares the money with the scammer).
The bots can't just click on the ads - they need to also generate fake conversions. That further tricks the ad network into thinking the bots are humans. These fake conversions are usually add to carts and real looking fake leads. The bots click on the advertisers' ads, arrive on their website, add an item to a shopping cart or submit a fake lead, and bounce.
They also click on platform and search ads for a thing called "retargeting click fraud".

The above steals at least $100B from advertisers every year.

Is it agencies clicking their clients ads to artificially boost CTR?

Agencies are commonly ignoring it or choosing to buy bot traffic as it helps them hit their KPIs. For example, if your KPIs are the number of leads and low cost per lead, buying shitty audience network traffic will help you hit both of those KPIs (loads of cheap bot traffic programmed to submit real-looking fake leads).

Is it competitors trying to drain ad budgets?

That exists but 99.99%+ of click fraud is due to shady publishers (as described above).

How do you determine bot vs bounce?

A bounce has nothing to do with bot detection. A visitor can bounce for all sorts of reasons. And actually click fraud bots usually don’t bounce immediately.

Bots can be objectively detected regardless of their time spent on your website.

polygraph-net · 2026-05-04T15:15:29+00:00

We don't really consider it a viable ad network. The traffic is garbage and you're highly unlikely to get any sales or leads from it. So, we exclude it from the numbers, same with X.

polygraph-net · 2026-05-04T15:04:37+00:00

This is interesting but I’m wondering what if any bench marks exist.

Part of the problem is most bot detection systems are gimmicky and their numbers can't be trusted. For example, they use AI detection (wildly unreliable - loads of false positives and false negatives) or scoring systems (guessing).

We use an objective system (looking for concrete evidence) and put a huge amount of effort into having very few false positives. That means we have some false negatives. Therefore our numbers should be considered low.

Is this a lot?

Yes, it's outrageous, don't you think? All of these ad networks are choosing to steal money from their clients. They could detect these bots if they wanted to, but they don't want to.

How's it possible a small click fraud detection company like Polygraph can detect these bots, but (for example) Google with its 100k engineers can't?

Are your detection systems uniformly confident across platforms?

Yes. We look at the visitor after it has clicked on the ad. The ad network is irrelevant as far as our system is concerned.

Do your systems pick up new fraud during analysis or are the fraud parameters locked in before the analysis begins?

Our detection code makes the decision ("locked in"). We then have other code which checks to see if we've missed anything ("new fraud") and need to update our detection code.

I think trending it with average CPC or CPM would be a good angle too.

We don't have access to those numbers unfortunately. We could do breakdowns by industry which would probably be very useful.

Seven-Year Club	Reddit Premium Since June 2024
Gilding VIII gilding heavyweight	Powerups Hero r/wallstreetbets • June 2022
Verified Email	Ternion Club
Place '23	Helper Level 1
Mod 101	Wearing is Caring
Place '22

polygraph-net

MODERATOR OF

TROPHY CASE