Home / Glossary
Ad fraud glossary
The vocabulary of click fraud, conversion fraud, and invalid traffic, defined plainly. Each term links to where ClickLens puts it to work.
Fraud types
- Ad fraud
- The deliberate generation of fake ad interactions — clicks, impressions, or conversions — to drain an advertiser’s budget or earn a fraudulent payout. Click fraud and conversion fraud are the two forms that affect paid-search and paid-social advertisers most directly. Click fraud drains the budget at the click; conversion fraud does more damage, because a fake conversion also feeds the bidding model and steers it to buy more of the same traffic. ClickLens scores both, with a humanness verdict on every session and a provenance grade on every conversion.
- Click fraud
- Bots, click farms, or competitors clicking paid ads with no genuine interest in the product. Juniper Research estimated ad fraud cost advertisers around $84 billion in 2023, about 22% of all online ad spend, and projected $172 billion by 2028. Each fraudulent click spends one click’s worth of budget and returns nothing. How ClickLens detects it · Google Ads protection
- Conversion fraud
- Bots completing the actions an advertiser optimises for — form fills, sign-ups, add-to-carts, or purchases. With bots now the majority of web traffic (Imperva measured 51% in 2024), a share of completed conversions are automated rather than human. It is more damaging than click fraud because each fake conversion also trains automated bidding to buy more of the traffic that produced it. Conversion protection
- Invalid traffic (IVT)
- The industry umbrella term (from the IAB and MRC) for ad traffic that should not be billed. It splits into general invalid traffic (GIVT) and sophisticated invalid traffic (SIVT), a division by how detectable the traffic is. GIVT announces itself through published lists and signatures; SIVT imitates human behaviour and has to be caught on behavioural and consistency signals. Advertisers who rely only on filter lists under-count fraud, because the SIVT half never shows up on one.
- General invalid traffic (GIVT)
- Invalid traffic identifiable from published lists and known signatures: declared bots, data-centre traffic, search-engine crawlers, and other non-human sources that announce themselves. GIVT is the cheapest invalid traffic to remove: a request is matched against published bot lists, data-centre IP ranges, and known crawler user-agents, with no behavioural analysis needed. ClickLens filters GIVT at the network and automation layers before a session reaches behavioural scoring, so the harder sophisticated invalid traffic gets the scoring effort.
- Sophisticated invalid traffic (SIVT)
- Invalid traffic that imitates human behaviour and cannot be caught by a list: hijacked devices, residential-proxy bots, and automation tuned to look human. SIVT requires behavioural and consistency analysis, which is where most of ClickLens’s scoring effort goes. A residential-proxy bot passes every network-reputation check because its IP belongs to a real home connection, so it has to be caught on how it moves, how it fills forms, and whether its fingerprint agrees with itself. Platform-native filters are most conservative about this traffic, because flagging it wrongly means dropping real customers. Detection methodology
Bot and evasion techniques
- Bot
- Automated software that simulates a user. ClickLens scores a session as a bot when its humanness score falls below 40, driven by automation markers, behavioural anomalies, or a fingerprint that contradicts itself. Bots range from crude scripts that never run JavaScript to headless browsers and residential-proxy traffic tuned to pass naive checks, which is why the score weighs automation, behaviour, fingerprint, and network signals together rather than trusting any one test.
- Headless browser
- A browser running without a visible interface, usually driven by Puppeteer, Playwright, or Selenium. Headless browsers leave automation artifacts — webdriver flags, framework markers, a navigator surface that disagrees with itself — that the automation-detection category scores. Stealth plugins patch the obvious flags, so detection leans on consistency instead: whether the claimed browser, GPU, fonts, and event timing behave the way that build does on real hardware.
- Click farm
- An operation that pays people, or scripts banks of real devices, to click ads and complete conversions at scale. Click farms use genuine hardware, so they defeat naive device checks and have to be caught on behaviour and network signals. Because real people sometimes do the clicking, a click farm sits between a bot and a legitimate visitor, and its tell is usually the pattern across many sessions — repeated device and network characteristics, mechanical timing, journeys that never browse — not any single session looking obviously fake.
- Residential proxy
- A service that routes bot traffic through real consumer IP addresses to evade data-centre IP blocks. A residential proxy can present a clean IP and a clean browser user-agent, but it still has to make the wire layers (TLS class, headers, client hints) agree, and they rarely do. Network reputation alone misses these, because the IP looks like an ordinary home connection; the catch comes from cross-layer consistency and behaviour rather than a blocklist. Cross-layer consistency checks
- Device fingerprinting
- Deriving a stable identifier from browser and device properties — canvas, WebGL, fonts, audio. ClickLens uses fingerprinting to check internal consistency (does the device agree with the browser it claims to be?), not to track visitors across sites. Fingerprint surfaces are dropped for visitors who opt out. What the tag collects
- Canvas fingerprint
- A hash of how a specific device renders a hidden HTML canvas. Rendering varies by GPU, driver, and OS, so the hash is stable per device. A canvas hash that contradicts the claimed browser or platform is a strong automation tell.
Detection and measurement
- Humanness score
- ClickLens’s 0–100 per-session score, the weighted sum of five categories: automation detection (25%), behavioural signals (25%), fingerprint consistency (20%), network reputation (15%), and contextual signals (15%). Above 70 is human, 40–70 is suspect, below 40 is a bot. Because the five categories are weighted, no single signal decides the verdict: a failed check in one category costs only that category’s share, so a real visitor on an unusual network is not condemned by one weak category. Every deduction is named, so a low score reads back as the specific signals that produced it rather than an opaque number.
- Deduction model
- A scoring approach where each category starts at full marks and loses points only when a named check fires, rather than an opaque classifier returning a probability. The verdict is exactly recomputable from the stored signals, so every deduction has a reason you can read on the dashboard. A classifier that returns a bare probability cannot tell an advertiser why a session scored low, which makes it hard to dispute or trust; the deduction model trades some modelling flexibility for an audit trail on every verdict. Why no black-box ML
- Conversion provenance
- The evidence about how a conversion was produced: whether the submit event was browser-trusted, whether a pointer path preceded it, time from page load to conversion, paste-without-focus events, and the entropy of the field-fill order. Provenance is measured from meta-signals only, never the values a visitor types. A browser-trusted submit preceded by a real pointer path and human fill timing reads as genuine; four fields set at once, a submit no pointer preceded, and a sub-second completion read as a script. The grade feeds the conversion verdict, so a low-provenance conversion can be downweighted or retracted instead of trusted as ground truth. The seven provenance signals
- Funnel coherence
- Whether the journey to a conversion makes sense. A session that lands directly on a thank-you page, with no browsing in between, is incoherent. Funnel coherence is scored alongside provenance to grade each conversion.
- Honeypot
- A hidden form field or link that a human never sees and never interacts with. Any interaction with a honeypot is strong evidence of automation, so it feeds ground truth rather than the live score. A human never sees the field, so a human never fills it; a form-filling bot that touches every input trips it. Keeping it out of the live score means the rare browser extension that auto-fills hidden fields does not get a real visitor flagged, while the event is still recorded as a labelled example for tuning.
- Ground truth
- Verified labels that accuracy is measured against: CRM-confirmed outcomes, disputes you file, honeypot catches, and manually reviewed sessions. Ground truth has precedence — a converting session can never overturn a stronger label, so a bot that converts cannot whitewash itself. Keeping these labels separate from the live score is what makes accuracy measurable: the score is graded against ground truth, so a drift in detection shows up as a falling match rate instead of hiding inside the score’s own output. Disputes and efficacy
- Precision, recall, and F1
- The three accuracy measures ClickLens computes daily against ground truth. Precision is the share of flagged sessions that were truly fraudulent. Recall is the share of all true fraud that was caught. F1 is the harmonic mean of the two, so a detector cannot score well by sacrificing one for the other.
Ad-platform terms
- Automated bidding (Smart Bidding)
- Bidding strategies — Target CPA, Target ROAS, Maximise Conversions, Advantage+ — that buy more traffic resembling whatever converted before. They have no model of whether a conversion was a person, so fake conversions steer them to buy more fraudulent traffic. The cleaner the fake conversions look, the harder the strategy pulls budget toward the source that produced them, so a single seeded conversion can compound into a larger misallocation over a campaign.
- Click identifiers (gclid, msclkid)
- The unique identifiers Google Ads (gclid) and Microsoft Ads (msclkid) attach to each ad click. ClickLens uses the click identifier as the key to restate or retract a fraudulent conversion through each platform’s adjustment API. The gclid or msclkid ties a conversion back to the exact ad click that produced it, which is what lets a retraction reach the right record on Google or Microsoft Ads. Without it there is no way to correct a single conversion after the fact, only blunt campaign-level exclusions.
- Conversion adjustment (write-back)
- Using a platform’s documented API to restate the value of, or retract, a conversion that was already reported, keyed by click identifier. ClickLens applies adjustments under a measured rollout: each gate runs in shadow mode and changes platform data only after its false-positive rate is measured against a 10% holdout. An adjustment can restate a conversion’s value downward or retract it entirely, and on Google and Microsoft Ads the change is written back keyed by the click identifier so it lands on the exact conversion record. How write-back is rolled out
- IP and placement exclusions
- Advertiser-side lists that tell an ad platform to stop serving to a specific IP address or placement. ClickLens generates exclusions from detected bot traffic and syncs them to Google Ads today; Microsoft and Meta placement sync is rolling out. TikTok has no advertiser exclusion API, so flagged placements are reported instead. Exclusion support by platform
See these signals on your own traffic
Install the tag and every session arrives with a verdict you can open and read back. Start free with 1,000 sessions a month, no credit card required.
Sources
- Juniper Research (reported by Search Engine Land), “$84 billion of ad spend lost due to ad fraud in 2023” , September 2023. Accessed 26 June 2026. searchengineland.com
- Imperva (Thales), “2025 Imperva Bad Bot Report” , 2025. Accessed 26 June 2026. imperva.com