Welcome back to our series on fraudulent clicks in Google Ads. In the first part, we discussed how ad fraud has evolved and how it affects your campaigns, revealing concerning statistics about non-human traffic and the tactics used by malicious competitors. We also analyzed the limited approach that Google currently uses to address this issue.
Now, in this second installment, we’ll focus on the real solutions available, take a detailed look at how you can implement your own strategies to protect your advertising budget, and finally introduce Fáktica’s Anti-Bot system, designed to minimize the negative effects of click fraud and maximize your ROI. Keep reading to the end to discover how to keep your campaigns safe from fraud!
The first step is to understand what tools Google Ads offers, so you can know when and where fraud might be happening.
Make sure to regularly monitor these 4 parameters at the campaign level, as well as the placements where your ads are shown in Display, PMAX, Demand Gen, and Video campaigns.
Deliberate attacks against you by competitors or haters are uncommon. They tend to be more problematic for small local businesses and in sectors with high average CPCs (above €10), and are typically focused on Search campaigns.
If your Search campaigns have invalid click rates below 10% and they remain stable over time, you can relax. That 5%-8% of fraudulent clicks reported by Google is “acceptable.” It’s probably actually a bit higher, but it’s something you can live with (among other reasons, because there’s no better alternative).
Deliberate Attack in Search Campaigns – INVALID CLICK RATE. A Real Case from One of Our Clients
But if the percentage of invalid clicks in your Search campaigns suddenly shows a sharp increase, buckle up—it’s going to be a rough ride. In a recent case with one of our clients (average CPC > €10), we closed October with record-breaking results, and then suddenly what you see in the chart happened. Not only did we reach nearly 80% invalid leads, but despite the refunds issued by Google, the campaigns have been off track ever since, and their performance has plummeted. After several complaints (pro tip: complain, complain, complain, and complain again!), Google gradually increased the percentage of invalid clicks, but despite everything, the performance of the affected campaigns is still much worse than before the attack, which suggests that there is still a significant amount of fraudulent clicks that Google is not detecting.
On the other hand, the extremely linear rise in the percentage of fraudulent clicks might indicate that the attack was meticulously planned… or that Google, in the first few weeks, had no clue, and only started detecting the bulk of the attack in January. The latter could happen if Google only detects and investigates duplicate clicks after they reach a sufficiently high number within a given time frame. The idea of a slow response from Google, with some tolerance for the first toxic clicks, remains just a hypothesis, since Google’s anti-fraud algorithm is a black box, but it would explain that straight line in the chart starting in November.
Beyond filing complaints, what you can do is try to identify on your own the keywords, search terms, devices, and locations that have shown anomalous behavior since the start of the attack, so you can exclude them, or, if you’re using manual bidding, significantly lower bids on the terms, locations, devices, and audiences under suspicion. Some signs that may indicate such activity include a sudden increase in click-through rate (CTR) accompanied by a drop in conversion rate; a drastic increase in bounce rate or a significant decrease in time spent on your website or landing pages; an increase in PPC visits from locations outside your targeting; or a significant volume of clicks coming from a single location, such as one postal code or a narrow geographic radius.
If all fraudulent activity is coming from a few IP addresses, one option is to block those IPs, but we only recommend this in extreme cases, temporarily, and as a last resort. Nowadays, the use of dynamic IPs is widespread (making the blocking of a toxic IP short-lived), along with CG-NAT, a solution used by ISPs that allows dozens—or even hundreds—of customers to share a single IP. Because of this, in trying to block a few toxic users, you could end up blocking thousands of potential customers for your business.
Example of Excluding Mercamadrid – The Option on the Right is Better, as It Causes Fewer Collateral Damages.
Massive fraud—not specifically targeting you—affects advertisers who dedicate a significant portion of their Ads investment to PMAX, Video, Demand Gen, and Display campaigns (excluding pure remarketing). These are typically carried out with the help of bots, click farms, and toxic placements, and have a clear commercial incentive (the fraudsters make money from each click), making anyone running image or video ads on websites, apps, and YouTube a potential target for these attackers.
Google does not report invalid clicks in Demand Gen, because it’s their own inventory, and supposedly, fraud can’t happen there. But oh, it sure can. If you don’t believe it, check the YouTube channels where your ads are being shown—you’ll see some pretty fishy ones.
Since the biggest problem usually lies in Display ads, the radical option would be to avoid investing in this type of campaign altogether. A slightly less extreme alternative is to avoid Display on mobile devices, which account for the highest share of fraudulent clicks. And a reasonably effective approach is to only show Display ads on whitelisted placements.
On the other hand, if you’re only running remarketing ads in Display, you have an extra layer of protection against click farms, as fraudulent clicks are usually generated by bots or users who have not visited your website, and therefore cannot see your remarketing ads.
But first of all, measure the magnitude of the problem. If you have an invalid interaction rate below 20% in Display campaigns, or below 15% in PMAX, you can consider yourself lucky. Accept it as the price to pay for average CPCs that are 10 (or 100!) times lower than in Search campaigns, and focus your efforts elsewhere.
If you find that you really do have a problem and want to keep running Display ads beyond remarketing, but don’t want to stick to whitelists, you can follow these steps to reduce click fraud:
If the issue lies in a Performance Max (PMAX) campaign, the concept is the same as with Display, and almost all the previous steps also apply, but Google makes it harder. You can’t use pre-existing exclusion lists or whitelists for placements—you can only make account-level placement exclusions, and the campaign performance data is more limited.
PMAX placement reports are only shown at the account level, so if you have multiple PMAX campaigns, you won’t know which campaign the placements came from.
Also, at this time, in PMAX placement reports, Google only provides impression data, so you can’t analyze CTR or conversion rate. On top of that, it seems that the placement list shown for PMAX is not a complete listing, but rather a sample—at least, that’s what a recent experiment by the experts at Ten Thousand Foot View (*) suggests.
You also cannot block IPs in this type of campaign, unless you do it at the account level (which we generally don’t recommend, because for each IP you block, you might also be excluding dozens or hundreds of potential customers from all your campaigns due to the widespread use of dynamic IPs and CG-NAT, as mentioned earlier).
In PMAX, you also can’t choose to show ads only on Desktop, but if you notice that most of your fraudulent leads come from Mobile and most of the PMAX spend is on that device, you can create incentives to shift PMAX traffic to Desktop like this: Using a Maximize Conversion Value bidding strategy (with or without a target ROAS), and lead scoring, create a micro-conversion called “Desktop Session 30s” that fires 30 seconds into a session only if it takes place on desktop or tablet, and assign it a small value (but at least 3 or 4 times higher than the campaign’s average CPC). This will improve the ROAS for desktop, and Google will gradually shift budget toward this device.
If you have to manually follow the eight steps above, you might lose your mind trying. Even if you’re a pivot table wizard in Excel and have a GTM expert on your team, steps like 4, 5, or 6 are impossible to carry out across thousands (or tens of thousands) of placements without automating the process.
Fortunately, there are several free scripts that can help.
Placement Analyzer by Derek Martin uses Moz data on page authority, domain authority, number of backlinks, and site age, for placements that have spent more than $20. The script is a few years old and needs some tweaks to work, but it’s an excellent starting point.
Display Excluder by Bas Baudoin automatically identifies and blocks display and YouTube placements based on keywords you include and/or domain extensions (TLDs) you decide to exclude. It allows you to add exceptions to the exclusion rules you set.
PMax Placement Exclusion Suggestions by Nils Rooijmans suggests placement exclusions for toxic placements where your PMax ads were shown. If new exclusions are suggested, they are sent to you via email. The email contains a link to a Google Docs spreadsheet documenting all the suggested placement exclusions.
Do you hate scripts? No programmer on your team? No time or hands to dive into this stuff? Don’t worry and keep reading—we have something that might interest you.
At Fáktica Analytics, we’ve developed our own anti-bot software for DISPLAY, PMAX, Video, and DemandGen, focused on placement and geographic exclusions. It’s based on the work published by Derek Martin, Bas Baudoin, Nils Rooijmans, and others, and enhanced with Machine Learning to enable the algorithm to learn automatically in identifying geographic patterns and new exclusion criteria based on various placement parameters.
Since we started using the Anti-bot software in fall 2024, within just a few weeks we managed to reduce fraudulent traffic for our clients by 87% in Display and 76% in PMAX, bringing both campaign types below 10% invalid interaction rates and sustaining those results over time.
PMAX CAMPAIGNS: Drop in Invalid Interaction Rate from 43.4% to 6.8%.
A Real Case from One of Our Clients
DISPLAY CAMPAIGNS: Drop in Invalid Interaction Rate from 56.1% to 7.0%.
A Real Case from One of Our Clients
The overall impact on campaign performance wasn’t immediate, since we’re targeting the top of the funnel, but just three months later, 3 out of the 4 clients with whom we tested the anti-bot software broke their all-time records for sales and profits.
Coincidence? We don’t believe in coincidences.
We believe in data.
Would you be interested in using Fáktica Analytics’ anti-bot software in your Google Ads campaigns? Contact us with no obligation—we’d be happy to help.
MOST RECENT ARTICLES
Protecting Your Budget (Part 2): Effective Strategies Against Fraudulent Clicks
We take a detailed look at how you can implement strategies yourself to protect your advertising budget, and we present our solution
Click Fraud in Google Ads (Part 1): Should You Be Worried? Do You Need Anti-Fraud Software?
In 2025, half of all internet traffic is non-human, and nearly 1 in every 4 euros invested in Google Ads is lost to fraudulent clicks.
Geographic Scoring: Leverage local differences in Google Ads with the help of Machine Learning
Proper segmentation of Google Ads investment based on geographic differences in conversion rates helps maximize the return on investment (ROI) of campaigns
Can We Help You?
Can We Help You?
Email: info@faktica.com
Calle Núñez de Balboa, 35A
28001 Madrid
Spain
Email: info@faktica.com
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Email: info@faktica.com
Calle Núñez de Balboa, 35A
28001 Madrid
Email: info@faktica.com
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Selected by Google in the Top 3% of Spanish PPC agencies (2025)
Subsidized by the CDTI in 2022-2024.
Project title: Lead Management Technology based on
mathematical models and predictive algorithms
Selected by Google in the Top 3% of Spanish PPC agencies (2025)
Subsidized by the CDTI in 2022-2024. Project title: Lead Management Technology based on mathematical models and predictive algorithms
Can We Help You?
FÁKTICA ANALYTICS
Calle Núñez de Balboa, 35A
28001 Madrid
Spain
DATALYTICS
4 Portland Ct
St. Louis, MO 63108
USA
Ask Us for a No-Obligation Quote
Request a Traffic, Cost, and Potential Conversions Estimate
Ask About Our Pay-for-Performance Pricing
Get a Free Opportunities Analysis
Can We Help You?
Don’t hesitate to reach out to us