google hackers cover

What Is PPC Impression Fraud? How Fraudsters Fool the Masses

Andrew Swindlehurst

Andrew Swindlehurst

July 9th, 2019

After getting a degree in Physics, Andy has become a data wizard which means he splits his time between researching for us and min-maxing World of Warcraft.

google invalid clicks report

Ever since the launch of the PPC advertising model back in the early ’90s, fraudsters have been thinking up ingenious ways to put businesses out of money.

Although click fraud is the most popular type of PPC fraud by a considerable margin, there are in fact a range of other fraudulent strategies that advertisers need to know about.

From people pretending to be your business and piggybacking off your brand name, to others trying to steal your sensitive information. The world of pay per click advertising can be a bit like the wild wild west.

To keep you up to date with the most important PPC scams out there, we’re taking a closer look at what they are and how they work.

Here are some of the top ways fraudsters cost the advertising industry and individuals millions in fraud every year.

PPC Ad Impersonation

Ad Fraud Impersonation

This first type of impression fraud involves an advertiser who promotes another businesses products and services unethically.

Most businesses love affiliates as it helps them grow their business and sell more products. However, some affiliates often use dirty tactics which can end up costing the company a lot of money.

As part of many affiliate agreements, the affiliate, or person promoting a product/service is usually not allowed to bid on the companies primary keywords or brand name. Not only does this stop affiliates from competing with the business directly and increasing the cost of their keywords, but it also helps them protect their brand name.

Nonetheless, this doesn’t stop some affiliates from trying to bid on their brand name anyway.

The first step of the fraud involves stealing or copying the official ads from the company and setting up campaigns on the same keywords as them. For the advertiser and compliance team, this makes it pretty hard to distinguish which ads are theirs and which are affiliates. Not only is it time-consuming to go through hundreds or even thousands of identical ads and check they are real, but with new ones constantly popping up its a non-stop battle.

The idea behind this type of scam is that the advertisers or affiliate, in this case, is piggybacking off the brand name of the business they are promoting. Let’s face it; users are much more likely to click an ad from a well-established business than another ad from say By using a business’s brand name, they can basically hijack their authority which is likely to lead to more clicks from users.

Once an unsuspecting user clicks one of these impersonated ads, the user will be directed to the official website as nothing happened. However, unknown to them, they’ll now have an affiliate cookie on their computer waiting for them to make a purchase.

If the user does end up buying a product or service from the business, then that tracking cookie will record their purchase and reward the affiliate with a commission.

So, what just happened? And why is it bad?

In the example above an affiliate has hijacked a companies brand name in order to get clicks on his own ads. By doing this, he’s:

  • Increased the cost and competition of the keywords he’s bid on
  • Piggybacked off the authority of another companies brand name
  • Most likely broken the affiliate terms of service agreement
  • Cost the business money in higher keyword costs and affiliate commissions (if he gets paid)

You might think this type of impression fraud is only applicable to businesses that use affiliate programs but you’d be wrong. According to Search Engine Land, in May 2014 over 300 different advertisers where impersonated form the likes of Joss & Main to JC Whitney.

The scam itself doesn’t require the user to be an affiliate. Advertisers could just redirect users to their own website instead, although the effect wouldn’t be as great.

If a user clicked an ad supposedly from Apple and they got redirected to a different site, then most likely they’d leave. To make the most of the scam an affiliate scheme with direct linking to the businesses website is required.

Here’s a summary of the PPC ad impersonation scam.

  • A user registers to become an affiliate with a company or network
  • They find a business already running ads on their own brand name or target keyword
  • They copy the ad the business is running and put it in their own campaign
  • Using their affiliate link, they redirect users back to the official businesses site
  • They get paid a commission every time a user clicks their ad and buys something
  • To the user, they have the impression they are clicking on an official ad
  • The business has to pay substantial affiliate fees while having increased PPC competition

PPC Phishing Scams

PPC Phishing Scams

If you thought the last PPC scam was unethical, then wait till you read about this one.

Taking the same idea as the PPC impersonation scam, some fraudsters have taken it to the next level and genuinely have no ethics.

Just like businesses brand names being hijacked and used to attract unsuspecting users to their website, the same technique can be used to commit serious fraud. If you’ve ever heard of the term phishing, then imagine the same technique just on steroids.

Many years ago, the phishing scam was incredibly popular in the email marketing space with unsuspecting visitors being sent fake emails from banks and insurance providers. This new phishing scam is incredibly similar but utilises the power of PPC networks instead.

In this scam, the fraudster sets up a fake version of a bank or other institutes website and hosts it on a very similar domain to the original. For example, if they wanted to target the bank Barclays, they would use a domain such as Barclaays or even Barrclays which many users won’t notice.

When it comes to setting up the ad in the PPC network, the fraudster will use the official website name making the users think its an official ad to the site. Since the landing page will be identical to the official website as well, the only difference would be the slightly misspelled domain name.

The unsuspecting user would then try to login to their account and end up revealing their login details without knowing.

This scam works well for 2 reasons:

  • Users assume the ads to be official because they see the brand name
  • The website looks exactly the same as the official one

To the average user, it’s extremely tough to notice a difference between the official website and the fake one, unless you take a closer look at the domain name.

Not only does this scam impersonate and hijack a companies brand name, but it also scams innocent users who have no idea what is happening. No matter if you’re a business or user, looking out for this scam is crucial.

Ad Stacking / Hiding

hiding viking

The final type of PPC fraud we’ll be taking a look at goes by the name of ad stacking or ad hiding.

This type of fraud is usually found on less regulated networks which involves 3rd parties displaying the ads on their sites. Every ad network will have its own rules and regulations on how ads should be displayed on a website, but some users really like to break those rules.

With this scam, the webmaster who owns the website will purposely try and trick users into clicking the ads to make them more money. Since they receive ad revenue every time a user clicks the ads, getting as many clicks as possible is their primary goal.

Many different tricks can be done when it comes to ad stacking and hiding. One of the most common is hiding an invisible ad over a button on part of a website. This means that when the user tries to click a link or button on the page, they actually end up clicking the invisible ad.

This is entirely against every PPC networks terms of service because the user has no idea what they are clicking on. But depending on how well the ad network can track their ads, sometimes its hard to tell if a webmaster is misplacing their ads on not.

Another trick that some webmasters like to use is to stack multiple ads on top of each other. This doesn’t necessarily work for PPC ads but more for cost per impression ads where the webmaster makes money for every impression they receive.

The point of ad stacking is to get as many views on as many ads as possible without looking like obvious spam. Many networks have a limit on how many ads you can place on a single page.

Yet to get as many impressions as possible, webmasters need to place lots of ads on their site. By putting 5 ads on top of each other it only looks like 1 ad to the user, but in fact, the other 4 ads beneath will be loaded and all counted as impressions.

The result is the webmaster receives ad revenue for all 5 of the ads although the user only see’s the top ad. For advertisers, this is a colossal waste of money. On paper, real and legitimate users are loading the ad in their browser, but they aren’t actually seeing them. Catching webmasters who do this requires constant compliance reviews of their websites to ensure they’re following the terms of service and guidelines.

No matter if you run PPC ads for your business or not, keeping an eye out for these type of scams is crucial. Someone might be trying to hijack your brand name without you even knowing, or worse, trying to phish customers’ login details from under your nose. To make sure you or your customers don’t fall victim to this fraud, be sure to regularly search your brand’s top keywords and validate any of the ads running.

Get A Free Traffic Audit

Do you know how much of your budget is being spent on invalid clicks? Your campaign performance could be being reduced by as much as 30%. You won’t know until we’ve run our free traffic audit.

Start Your Free Audit

How many invalid clicks do you get on your account?

How much spend is wasted on fraudulent clicks?

Are your competitors wasting your budget?