Types of Ad Fraud: A 2026 Practitioner Taxonomy

Ad fraud is any technique that manipulates an advertising payment unit, a click, an impression, a conversion, or an attribution, to extract money from advertisers without delivering the real interaction they paid for. The total cost is enormous: Juniper Research projects global ad fraud losses will reach $172 billion by 2028, up from an estimated $84 billion in 2023. ^[1] But the headline number hides something more useful for practitioners. Ad fraud isn’t one phenomenon. It’s roughly 12 distinct techniques sorted into 4 functional buckets, each with its own detection signal and its own victim.

This article is the taxonomy. We sort the 12 most common types of ad fraud into the four buckets that matter: click, impression, conversion, attribution, and give each type the same treatment: definition, how it works, the detection signal, and who pays the bill.

How should you think about ad fraud? (the 4-bucket framework)

The most useful question to ask about any new fraud technique isn’t “is this a bot?”. It’s which payment unit is being faked? Every paid advertising relationship pays for one of four units, and ad fraud is just a manipulation of one of those units. Sorting techniques this way collapses a sprawling vocabulary (“ghost sites,” “geo arbitrage,” “install hijacking”) into a clean mental model.

The four buckets:

1. Click-side fraud: fakes the click. The advertiser pays per click (CPC), the fraudster manufactures clicks.
2. Impression-side fraud: fakes the impression. The advertiser pays per thousand impressions (CPM), the fraudster manufactures viewability events.
3. Conversion-side fraud: fakes the conversion. The advertiser pays per action (CPA), the fraudster manufactures the action.
4. Attribution-side fraud: fakes the attribution. The conversion may be real, but the fraudster steals credit for causing it.

Each bucket has a distinct primary detection signal because the economics differ. Click fraud is detectable through click-level behavioral and network signals. Impression fraud is detectable through viewability and rendering signals. Conversion fraud requires correlating attribution evidence with on-page behavior. Attribution fraud requires correlating events across devices, MMPs, and last-touch windows.

The mistake most ad-fraud articles make is grouping techniques by who commits them (bots, click farms, fraudulent publishers, fraudulent affiliates) rather than what they fake. The “who” matters for enforcement; the “what” matters for detection. We organize by “what” because that’s what determines whether a given tool can catch a given fraud.

The framework also maps cleanly onto the Media Rating Council’s Invalid Traffic guidelines, which distinguish GIVT (General Invalid Traffic: declared bots, data-center IPs, known crawlers) from SIVT (Sophisticated Invalid Traffic: residential proxies, click farms, AI bots, cookie stuffing, SDK spoofing). ^[2] Most modern fraud is SIVT, which is why list-based filtering catches less every year.

What are the 12 types of ad fraud at a glance?

The master reference. Each row is expanded in the sections below.

#	Name	Category	What it is	Primary detection signal
1	Click fraud (bot)	Click	Automated bots click ads to drain budget or fake engagement	Network/IP intelligence + technical fingerprinting (data-center ASNs, headless browser hashes)
2	Click farm	Click	Human workers paid to click ads on real devices	Behavioral patterns + downstream conversion signal (high CTR, near-zero conversion rate)
3	Competitor click fraud	Click	A competitor (or hired service) clicks rivals’ ads to exhaust their daily budget	Repeat-IP clusters + geo concentration around competitor locations + same-day timing patterns
4	Incentivized clicks	Click	Users paid pennies via GPT/PTC sites to click ads they don’t care about	Source-pattern detection + per-IP click cadence + ultra-low conversion rate

#	Name	Category	What it is	Primary detection signal
5	Ad stacking	Impression	Multiple ads layered in one slot, only the top one visible, all paid as viewed	Viewability + DOM inspection (z-index stacking, hidden iframes)
6	Pixel stuffing	Impression	Full ad served in a 1x1 pixel iframe, technically rendered but invisible	Viewability measurement + iframe-dimension validation
7	MFA (Made-for-Advertising)	Impression	Sites engineered to harvest programmatic revenue with no real audience	Content-quality + engagement signals + ad-density ratio + auto-refresh detection

#	Name	Category	What it is	Primary detection signal
8	Cookie stuffing	Conversion	Affiliate drops tracking cookies on users who never clicked their link	Referrer chain validation + click-to-impression ratio + sub-affiliate spread analysis
9	Conversion injection	Conversion	Fraudster fires fake conversion postbacks to claim affiliate payout	S2S postback signal validation + IP-device pairing entropy on the conversion event
10	Fake leads	Conversion	Real-looking form fills generated by humans or bots, no real intent	Email validation + phone-number reachability + behavioral form-fill physics + downstream sales-rep contact rate
11	SDK spoofing	Attribution	Fake install postbacks sent to MMPs as if real installs happened	Cryptographic signature validation in SDK + install-to-open ratio + device-graph anomalies
12	Click injection	Attribution	Malicious app fires fake “last click” right before a real install completes, stealing credit	Click-to-install time distributions + Android install-broadcast monitoring

The four-bucket framing collapses cleanly into the MRC’s IVT/SIVT model: types 1, 5, and 11 are usually fully automated (bot + technical fraud, leans GIVT), while types 2, 3, 4, 7, 8, 9, 10, and 12 involve humans, residential traffic, or signal sophistication that requires inference (leans SIVT). Types 6 (pixel stuffing) and viewability-related stacking sit in the middle.

What are the 4 types of click-side ad fraud?

Citation capsule. Click-side fraud targets the cost-per-click payment unit. Four distinct techniques dominate in 2026: automated bot clicks, click farms run by paid humans, competitor clicking to exhaust budgets, and incentivized clicks via GPT/PTC sites. Juniper Research projects global ad fraud losses reaching $172 billion by 2028 ^[1], with click fraud the largest single contributor on paid search.

This is the bucket most advertisers know about and the one most “ad fraud blockers” address. It accounts for the majority of paid-search and paid-social fraud losses, though it’s a smaller share of programmatic display than impression-side fraud. For the deep dive on detection, see our click fraud detection guide.

1. Click fraud (bot-driven)

Definition. Automated software that clicks ads on behalf of no one. The clicker may be a script running on a virtual machine, a headless browser farm, or a distributed bot network running on hijacked consumer devices.

How it works. A botnet operator points scripts at competitor ads, fraudulent affiliates’ own offers, or anything else where they extract value from the click. Modern bots use residential proxies, rotate user agents, randomize cursor paths, and pass CAPTCHAs. Recent industry reports suggest standard rule-based methods catch under 40% of sophisticated AI-driven bots. ^[3] For historical context on the largest networks behind this fraud, see our guide to ad-fraud botnets like Methbot, 3ve, and Vastflux. For the layperson framing of this same problem, many advertisers search for spam clicking, which is the vocabulary variant of click fraud.

Detection signal. Network intelligence (ASN classification, residential-proxy detection) combined with technical fingerprinting (headless-browser hashes, TLS/JA3 fingerprints, missing browser APIs). A single signal misses; multi-signal scoring catches.

Typical victim. Any advertiser running CPC campaigns. Most acute on Google Ads, Microsoft Ads, and Meta Ads where bidding algorithms amplify the damage by optimizing toward fraudulent “conversions.”

2. Click farm

Definition. A physical operation, usually in lower-cost-of-labor regions, where humans are paid to click ads on real devices over real residential connections.

How it works. Rooms of phones (or workers with multiple devices) run through queues of ads or offers. Each click looks technically perfect: real device, real fingerprint, real residential IP. Some operations also handle conversion fraud (form fills, app installs) for higher payouts per task. Click farms are the hardest single fraud type to detect because every individual signal looks legitimate. The tell is always in the aggregate: 1,200 sessions with time-on-page clustering within a 1.3-second band, or a high-CTR source producing exactly zero downstream conversions.

Detection signal. Behavioral pattern analysis (time-on-page distributions, mouse-entropy clustering, repeat interaction sequences) plus downstream conversion-rate collapse. No single click looks wrong; the population does.

Typical victim. CPA-paying affiliate networks and any campaign measured on click-through engagement (brand surveys, view-through-attribution display).

3. Competitor click fraud

Definition. A competitor, or a third-party service hired by one, deliberately clicks a rival’s paid-search ads to exhaust their daily budget, knock them out of the auction, and capture the resulting impressions cheaper.

How it works. Often manual at small scale (employees clicking from a few IPs) or automated at larger scale (scripts triggered when the competitor’s ad appears). The economics work when the competitor’s daily budget is small and recoverable in a short window: exhaust the budget by 11am, dominate the auction the rest of the day.

Detection signal. Repeat-IP clusters concentrated in a competitor’s geographic location, same-day timing patterns (clicks bunched at the start of the daily budget reset), and IP/ASN reputation matching to corporate ranges associated with rivals.

Typical victim. Small and mid-market local-service advertisers, where daily budgets are small enough to deplete and competition is geographically concentrated. Lawyers, plumbers, locksmiths, dentists, and similar verticals see this constantly.

4. Incentivized clicks

Definition. Users on Get-Paid-To (GPT) or Pay-to-Click (PTC) platforms paid a few cents to click an ad, watch a video, or complete a task. Sometimes called affiliate fraud’s gateway technique because it bridges into affiliate fraud more broadly.

How it works. A GPT site lists tasks (“click this ad and stay on the page for 30 seconds, earn $0.02”). The publisher of the ad slot gets a real human click. The advertiser pays full CPC. The human has zero intent toward the product. Some GPT operators sell traffic packages directly to affiliates who route the traffic to CPA offers, blurring the line between incentivized clicks and click farms.

Detection signal. Source-pattern detection (specific GPT-platform domains and IP ranges), per-IP click cadence (one IP producing one click on each of 40 ads in a session), and conversion rate collapse versus organic traffic from the same campaign.

Typical victim. Performance advertisers running broad-targeting campaigns on networks that resell traffic from incentivized sources, often through several intermediaries.

What are the 3 types of impression-side ad fraud?

Citation capsule. Impression-side fraud targets the CPM unit, faking viewability events through technical rendering tricks or low-quality inventory. The ANA’s Q2 2025 Programmatic Transparency Benchmark put annual programmatic supply-chain losses at $26.8 billion ^[4], with MFA sites and viewability fraud responsible for a meaningful share. The Media Rating Council’s IVT framework specifies how viewability and rendering signals separate fraud from legitimate inventory.

The bucket most advertisers underweight, in our field experience. Click fraud gets the headlines because it directly drains paid-search budgets; impression fraud is quieter and more widespread because it hides inside the programmatic supply chain. ads.txt addresses one slice (domain spoofing) but does nothing about the techniques below. See ads.txt explained for what ads.txt actually catches.

5. Ad stacking

Definition. Multiple ads are layered in the same display slot, with only the topmost visible to the user. Every ad in the stack fires its viewability beacon and counts as a paid impression, but only one is ever seen.

How it works. A fraudulent publisher places several ad iframes at the same position with z-index ordering or relative positioning that hides everything except the top one. The page renders fine to the user. Each ad’s tracking pixel fires when the slot scrolls into view. Five ads stacked equals 5x revenue for one viewable impression. For the full breakdown, see our ad stacking fraud guide.

Detection signal. DOM inspection by viewability vendors (DoubleVerify, IAS, Moat): z-index ordering, multiple iframes occupying overlapping positions, and viewability beacons firing from off-screen elements.

Typical victim. Programmatic display buyers and DSPs that rely solely on platform-reported impression metrics without third-party viewability measurement.

6. Pixel stuffing

Definition. A full-size ad served inside a 1x1 pixel iframe. Technically rendered, technically loaded, invisible.

How it works. A fraudulent publisher embeds a 1x1 iframe (or several) on a high-traffic page. Each iframe loads a full programmatic ad. The viewability beacon fires because the iframe is in the rendered DOM. The user never sees anything. At scale this multiplies a single page view into dozens of “impressions” sold to advertisers.

Detection signal. Viewability measurement that validates iframe dimensions against the rendered ad creative dimensions. Any iframe smaller than the ad served in it is automatically fraudulent.

Typical victim. CPM-paying buyers without third-party viewability layer (DoubleVerify, IAS), though even with measurement, pixel stuffing still slips through when viewability vendors are deceived by sandbox tricks.

7. MFA (Made-for-Advertising) sites

Definition. Websites engineered to harvest programmatic ad revenue rather than to serve a real audience. They typically have low-quality (often AI-generated) content, dense ad placements, slideshow pagination to multiply ad slots per visit, and aggressive auto-refresh of ad units.

How it works. An operator stands up a site with a generic name, fills it with scraped or AI-generated content, registers a fully compliant ads.txt, and buys cheap traffic (often through arbitrage from social-media clickbait). The traffic lands on the site, which is engineered to keep users moving through paginated content while ads auto-refresh every few seconds. The ANA’s research estimates 15% of programmatic spend lands on MFA inventory. ^[4]

Detection signal. Content-quality and engagement signals (low time-on-page, high paginate-out rate, low scroll depth) combined with ad-density ratio (ratio of ad pixels to content pixels) and auto-refresh detection (impressions firing every N seconds without user interaction).

Typical victim. Open-exchange programmatic buyers who don’t apply inclusion-list curation or content-quality filters. MFA is the single biggest leak in modern programmatic budgets.

Conversion-side fraud: 3 types

Citation capsule. Conversion-side fraud targets CPA payouts: faking the conversion event itself rather than the click or impression. This is the dominant fraud bucket in affiliate marketing, where every dollar paid is conditional on a “conversion” that’s exactly what fraudsters manufacture. Juniper Research’s $172B 2028 forecast ^[1] includes conversion fraud as one of its fastest-growing components, particularly in CPA-paying mobile and affiliate channels.

Across the affiliate and CPA traffic we monitor, conversion-side fraud rates run 3-5x higher than click-side rates on the same campaigns. The reason is simple economics: when the fraudster is paid per conversion, they fake conversions, not clicks. Clicks are free to manufacture but worthless without payout. Conversions are where the money lives. For broader affiliate fraud patterns see affiliate fraud guide.

8. Cookie stuffing

Definition. An affiliate drops tracking cookies on users who never clicked their affiliate link. When any of those users later purchases through the merchant directly, the affiliate gets paid the commission for an attribution they didn’t earn.

How it works. A malicious affiliate embeds invisible iframes, 1x1 pixels, or javascript redirects on high-traffic sites (often their own MFA-style content sites). Visitors get an affiliate cookie set in their browser without ever seeing or clicking the link. When the user later visits the merchant organically and converts, last-click attribution credits the cookie-dropping affiliate.

Detection signal. Referrer-chain validation (was there an actual click before the cookie was set?), click-to-impression ratio (a real affiliate generates a roughly consistent ratio of clicks to conversions; cookie stuffers show wildly inflated conversion-to-click ratios because they have many cookies set without clicks), and sub-affiliate spread analysis.

Typical victim. Merchants running open affiliate programs without robust attribution validation. Especially common in high-margin categories: SaaS, financial services, e-commerce with cookie windows of 30+ days.

9. Conversion injection

Definition. A fraudster fires fake conversion postbacks directly to an affiliate or CPA network, claiming credit for conversions that didn’t happen on the merchant’s actual properties.

How it works. Many CPA networks track conversions via server-to-server (S2S) postbacks fired from the merchant’s thank-you page. A sophisticated affiliate fraudster reverse-engineers the postback URL pattern, captures or generates valid click IDs, and fires postbacks from their own server as if real conversions occurred. The merchant sees inflated reported conversions in the affiliate dashboard but no matching orders in their own backend. By the time the discrepancy is caught, payouts are out.

Detection signal. Postback origin validation (which IP fired the postback, should match either the merchant’s server or the user’s browser, not a third-party server), IP-device pairing entropy on the click that supposedly generated the conversion, and reconciliation between affiliate-reported and merchant-reported conversion totals.

Typical victim. CPA networks with weak postback authentication. Especially mobile-app installs, lead-gen, and content-locker offers, verticals where the conversion event is loosely defined and easy to fabricate.

10. Fake leads

Definition. Lead-form submissions generated by humans or bots with no real intent to engage the product or service, just to trigger the affiliate payout for a “lead” event.

How it works. For lead-gen verticals (insurance, mortgage, education, home services), advertisers pay $5-$200 per qualified lead. Fraudsters generate fake leads by filling forms with real-looking data (often scraped or partially valid) from rented or compromised email accounts, prepaid phone numbers, or click-farm workers. The lead passes basic format validation. The sales rep tries to contact: no answer, fake email bounces, phone disconnected. By then the payout is processed.

Detection signal. Email reachability validation (deliverability + age + domain reputation), phone-number reachability (carrier validation + recent activity), behavioral form-fill physics (humans pause and self-correct; bots tab through in declared order; click-farm workers fill at suspiciously consistent speeds), and downstream sales-rep contact-rate as the gold-standard post-hoc signal.

Typical victim. Lead-gen advertisers in insurance, mortgage, home services, and education, verticals where payouts per lead are high enough to make fake-lead generation profitable.

Attribution-side fraud: 2 types

Citation capsule. Attribution-side fraud is mobile-native. It exists because mobile install attribution flows through Measurement Partners (MMPs) like AppsFlyer, Adjust, and Singular rather than browser cookies. Mobile-app advertisers lost approximately $35 billion in 2023 to fraud, the single largest channel-level loss ^[1]. SDK spoofing and click injection are the two dominant techniques and require MMP-side cryptographic protections to defeat.

Attribution fraud sits apart from the other three buckets because the conversion may be real. It’s the attribution that’s fake. The user did install the app or did complete the purchase, but the fraudster stole credit from the actual source. For the deep dive on detection, see SDK spoofing detection guide.

11. SDK spoofing

Definition. A fraudster fabricates install postbacks sent to mobile MMPs as if real app installs happened. The MMP credits the install to the fraudulent source, and the advertiser pays for an install that never occurred.

How it works. Mobile MMPs receive install events via SDK-generated postbacks from the installed app. If an attacker can reverse-engineer the postback URL pattern and the SDK’s signing logic, they can mint valid-looking install events from their own server. Modern MMPs ship cryptographic signing (AppsFlyer’s protect360, Adjust’s SDK signature, Singular’s fraud SDK) that makes naive spoofing impossible, but partial spoofing (capturing real signatures from real installs and replaying them across fabricated user_ids) still occurs in lower-defense apps.

Detection signal. Cryptographic signature validation in the SDK postback, install-to-first-open ratio (real users open the app within minutes; spoofed installs typically don’t open at all), and device-graph anomalies (10,000 installs from “unique” device IDs that all share the same IDFV pattern or carrier signature).

Typical victim. Mobile-app advertisers running user-acquisition campaigns. Heaviest exposure in gaming, fintech apps, and crypto apps where CPI is high enough to make fabrication profitable.

12. Click injection

Definition. A malicious app on a user’s Android device detects when a legitimate install is about to start and fires a fabricated “last click” postback in the last seconds before the install completes, stealing attribution credit for an install the user actually triggered through a different channel.

How it works. Android exposes install events via the Install Broadcast API. A malicious app (often disguised as a utility or game) listens for INSTALL_REFERRER broadcasts. When the user starts downloading App X from the Play Store, the malicious app fires a click event to App X’s MMP claiming attribution. The MMP’s last-click logic credits the attribution to the malicious app’s source. The user installs as planned. The fraudster collects the CPI.

Detection signal. Click-to-install time distributions (real clicks distribute over minutes to hours; injected clicks cluster in the final 1-3 seconds before install completes), Install Broadcast monitoring (Google has progressively restricted access to this API specifically to defeat injection), and source-device co-presence analysis on the MMP side.

Typical victim. Android user-acquisition advertisers. iOS is structurally protected against click injection because the OS doesn’t expose equivalent install broadcasts to third-party apps.

How is each type of ad fraud detected? (signal map)

Detection signals are not interchangeable. Each fraud type has a distinct primary signal, and most need 2-3 secondary signals to score reliably. The table below is the cheatsheet our scoring engine uses internally for reference.

Fraud type	Primary signal	Secondary signals
Click fraud (bot)	ASN/IP classification + headless-browser fingerprint	TLS/JA3 hash, mouse entropy, time-on-page
Click farm	Behavioral clustering (time-on-page, mouse entropy)	Downstream conversion rate, source-pattern, device-rotation patterns
Competitor click fraud	Repeat-IP clusters from competitor geo	Same-day timing patterns, corporate-ASN matching
Incentivized clicks	Source-pattern (known GPT/PTC domains)	Per-IP click cadence, conversion rate collapse
Ad stacking	DOM inspection (z-index, iframe overlap)	Viewability beacons from off-screen elements
Pixel stuffing	Iframe-dimension validation	Ad-creative-size mismatch vs container
MFA sites	Content-quality + engagement signals	Ad-density ratio, auto-refresh patterns
Cookie stuffing	Referrer-chain validation	Click-to-conversion ratio anomaly, sub-affiliate spread
Conversion injection	Postback origin validation	IP-device entropy on conversion click, dashboard reconciliation
Fake leads	Email/phone reachability + form-fill physics	Sales-rep contact rate, behavioral validation
SDK spoofing	Cryptographic SDK signature	Install-to-open ratio, device-graph anomalies
Click injection	Click-to-install time distribution	Install-broadcast monitoring, MMP co-presence

A practitioner takeaway: tools advertising “ad fraud protection” usually mean one or two buckets, not all four. Pre-bid filters from DSPs address impression fraud (and partially click fraud on display). MMP fraud SDKs address attribution fraud. Click fraud protection tools address click fraud. Affiliate-tracker fraud modules address conversion fraud. No single tool covers all four buckets, coverage gaps are where the money leaks.

Where Adsafee fits

Adsafee provides real-time, multi-signal detection across click-side and conversion-side fraud, with attribution-fraud coverage via MMP integration. We score every click and conversion against technical, behavioral, and network signals, return a verdict in under 100ms via JavaScript tag, S2S postback, or REST API, and ship evidence-grade reports designed for the Google Ads, Meta, and affiliate-network refund-dispute processes. Integration with Keitaro, Binom, Voluum, BeMob, RedTrack, and the major MMPs is built in.

The full pillar reference is click fraud protection: the complete 2026 guide. Start there if you want to evaluate whether your current stack is closing all four buckets. If you want to see what’s actually leaking right now, start a free trial, the first audit takes about 10 minutes to set up.

---

Sources

1. Juniper Research, “Future Digital Advertising: AI, Ad Fraud & Ad Spend 2023–2028”: $84B in 2023 → $172B projected by 2028. Visit: juniperresearch.com. ↩

2. Media Rating Council, “Invalid Traffic Detection and Filtration Guidelines Addendum”: definitions of General Invalid Traffic (GIVT) vs Sophisticated Invalid Traffic (SIVT). Visit: mediaratingcouncil.org. ↩

3. Multiple 2025-2026 industry reports (HUMAN Security, Integral Ad Science): sophisticated bots evade rule-based filtering at < 40% catch rate as AI-driven bots can pass CAPTCHAs and mimic millisecond-level behavior. ↩

4. Association of National Advertisers, “Q2 2025 Programmatic Transparency Benchmark”: $26.8B annual programmatic supply-chain loss; ~15% of programmatic spend reaching MFA inventory. Visit: ana.net. ↩

5. IAB Tech Lab, “ads.txt Specification” and Programmatic Transparency framework: context on domain-spoofing controls and the supply-chain ecosystem. Visit: iabtechlab.com/ads-txt/. ↩