competitor fraud

Is Competitor Click Fraud Real? Do Competitors Really Click Your Ads?

April 29th, 2021

Competitor click fraud is one of the most frequently discussed topics in paid search by all businesses, big and small.

Although it’s talked up in the advertising industry as a major problem, is it really as severe as some are making out? Or should your attention and efforts be focused elsewhere?

In this article, we dig deep and uncover the truth about competitors and the extent to which they’re affecting your ad campaigns.

You’ll get all the answers, plus an understanding of what else you should be looking out for on your campaigns.

Are Competitors Really Out To Get You?


Many businesses think competitors are clicking on their ads. It’s become a click fraud myth of epic proportions, with paranoia between businesses convinced of foul play.

But thinking ad fraud is coming mainly (or only) from your competitors is too easy an assumption.

The reality is quite different. Competitor ad clicks do happen, there’s no denying it. And it can be a serious problem if it gets out of control.

But only 17% of online click fraud is from competitors. It’s also one area ad networks such as Google have under the most control.

So, competitor clicks only take up a small proportion of a much bigger problem. To understand the true extent of click fraud, you need to understand bot traffic and its impact on your campaigns.

Any non-human traffic can be categorized as bot traffic. Some bots even click on your paid search, display, and video ads with disastrous results. And they can do that in a way that looks exactly like human behavior.

Bad bots include but are not limited to: web scrapers, spambots, DDoS networks, vulnerability scanners, and click fraud bots.

The worrying news is that in 2020 some 37.2% of online users were robots and generated masses of bot traffic. 24.1% of that figure came from bad bots.

These scrape and spam your site, often wasting ad budget in the process. This may be news to you, but it’s the real ad fraud threat you need to worry about.

Why Bots Should Be Your Primary Concern

bot traffic

There are four types of bad bots you need to know about. These are:

  1. Impersonators
  2. Web scrapers
  3. Spambots
  4. Hacker tools

These can affect any business, no matter the size or security levels, and can create serious problems for your website.

They skew your analytics data, slow down websites, spam you with emails, fill out contact forms, and click on your ads.

They’re not just a nuisance, they actively waste your ad budget and affect the user experience of your website.

Bots do this by mimicking human behavior, such as clicking on paid ads, downloading images, or filling out website forms. They do this on a large scale, which is why it can be such a major problem for webmasters.

To help you understand what each bot does, below we break each one down so you have more insights into their malicious behavior.

Web Scrapers

Web scrapers, as you might expect, scrape across your website. They’re on the lookout for valuable data.

They often steal assets from your site, such as content from blog posts or images. This data is then used on social accounts or websites without your permission.


Spambots gather emails from across the internet. In a very annoying fashion, they then bombard the collected email addresses with spammy content selling services.

These bots have a habit of filling out forms on your site, which sends unwanted spam messages to businesses all over the world. 

The messages usually involve promoting services but often don’t make much sense as they’re written in broken English.

Click Fraud Bots

Click fraud bots can perfectly mimic human behavior on your ads. Despite their realistic behavior, they’re non-human and are malicious clickers.

This illegal activity costs advertisers billions of dollars every year. Our Global Click Fraud Report 2021 predicts a $35 billion loss for the advertising industry this year.

Click fraud is difficult to identify manually, and although they try their best, ad networks aren’t focused on providing a solution. They’re focused on increasing their revenue from selling clicks.

This means click fraud detection software is crucial to block all malicious activity.

Past Botnet Discoveries

What many businesses may find surprising is ad fraud rings have been around for some time. They can also be extremely disruptive for the advertising industry.

At Lunio, we regularly assess the scale of the ad fraud rings issue so you can understand how to protect your business.

Some of the biggest fraud rings over the last 20 years include Clickbot.A. In 2006 it infected over 100,000 computers and was making $10,000+ in profit daily at its peak. That’s before the police shut the operation down.

Also from 2006 was DNSChanger, which infected over four million computers and was making $6,000+ in revenue each day.

Eventually, the FBI was able to shut down the operation. But only in 2012, six years after the bot began wreaking havoc online.

Unfortunately, this isn’t a problem the world has overcome. Recent ad fraud rings are more sophisticated than ever and are increasingly difficult to detect.


drainerbot malware

DrainerBot was discovered in February 2019. It’s a serious mobile ad fraud operation that’s hit millions of devices worldwide. It can drain batteries from 100% to 5% in an hour.

It infects devices through infected consumer apps downloaded on the Playstore. The bot then runs video ads continuously in the background of the device, all without the user knowing.

As they can’t see any problems with their device, the bot can run for a long time before being stopped. And the views all count as legitimate, even though they’re fake.

Here are some of DrainerBot’s most alarming stats:

  • It’s infected over 3,000 apps
  • The bot uses 5GB of data every fortnight
  • It makes $40,000+ a day
  • It’s infected over one million Android phones

The bot is still semi-active, and it’s still unclear who’s responsible for it.


methbot malware

Methbot was discovered by White Ops in 2015. The Russian fraud ring is no longer in operation, but it caused a lot of damage before it shut down.

The bot had an infrastructure of over 852,992 unique IP addresses, 6,000 domains, and 25,267 URLs. With these, Methbot could take advantage of many advertising systems, including Google.

Some 570,000 bots were in use to carry out massive ad fraud campaigns, leading to:

  • 200-300 million ad clicks each day
  • $3 million earning every day
  • $1 billion in annual losses for the ad industry

Thankfully, Methbot is no more, and numerous arrests for those responsible ended the operation.

But it’s a clear indication of how serious a threat fraud rings can become.



HyphBot was discovered in 2017 after Adform’s algorithms picked up unusual traffic on the websites they were monitoring.

With over 500,000 (in the US alone) fake IP addresses, the bot infected people’s machines by getting access to their desktops.

It could then fake web traffic and scam advertisers. This led to:

  • Advertisers wasting millions on fake impressions
  • 300 million fake video views per day
  • Ad industry losses are between $262,000 and $1.28 million each day

The reality of bots like this is advertisers aren’t paying for premium traffic. They were buying millions of bot visits. 

Click Fraud Bots Are On The Rise

click fraud breakdown

With so much money to be made from click fraud, ad fraud rings utilize sophisticated click fraud bots to seriously damage your campaigns. Our Global Click Fraud Report 2021 highlights the full extent of the problem.

We discovered the four key areas that affect your ad budget the most:

  1. Bot fraud: 38%
  2. Other fraud types: 26%
  3. Publisher/app fraud: 19%
  4. Competitors: 17%

As you can see, competitor click fraud is a minor issue compared to the scale of bot fraud.

This means you should be focusing your concerns on controlling the efforts of ad fraud rings to damage your ad campaigns.

What should worry you is ad fraud networks will continue to grow in sophistication. Ad networks and law enforcement measures are cracking down on cybercriminals, but it isn’t enough.

Ad fraud rings are increasingly cunning with their malicious activity and take advantage of new technology to overcome defense measures.

Worse still, our report reveals the average annual losses for businesses:

  • Small and medium-sized businesses: $14,900 each year
  • Digital agencies: $207,000 each year
  • SME+ (large organizations): $705,000 each year

As you spend more money on online ad budgets, the more you put yourself at risk of losing a significant amount to ad fraud.

The Truth About Competitor Click Fraud

The reality of ad fraud is, yes, other businesses will click on your paid search, display, and video ads from time to time.

And ad networks generally have this covered. It’s the most simplistic, basic type of click fraud attack you’ll see.

However, it’s an issue dwarfed by the rising scale of ad fraud rings. As they grow in sophistication, your ad budget is increasingly at risk.

Unfortunately, even Google’s efforts aren’t enough to stop bots from running riot.

Initiatives like flagging invalid traffic and suspicious clicks are great, but it’s still a game of cat and mouse. The fraudsters are always one step ahead of a slow-moving, industry behemoth like Google.

And waiting around for law enforcement to shut down cybercriminals isn’t an effective long-term solution either. Especially as click fraud isn’t, technically, defined as an illegal practice.

You need to be proactive and tackle the problem head on.

Want to know the full details? Download our free Global Click Fraud Report 2021.

Stop All Advertising Fraud in Seconds