Fraudsters Leverage Bots To Exploit Digital Marketing Campaigns
Artificial Intelligence (AI) has significantly impacted industries across the board, and marketing is no different, undergoing a wave of new developments. Advancements in audience targeting, behaviour prediction and personalisation have all been made possible by AI.
While marketers can now engage with users more effectively, the same technology is being weaponised by fraudsters who train bots to mimic user behaviour with alarming precision.
Bad actors are utilising AI to power fraudulent bots. These bots have been programmed to target marketing campaigns and drain their budgets. The pay-per-click (PPC) campaigns utilised by marketers are prime targets as they offer online promotions like discounts and sign-up bonuses. These campaigns are particularly vulnerable because AI-trained bots can dynamically reset identifiers like IP addresses and device IDs, allowing them to bypass traditional fraud filters.
AI Bots create floods of fake accounts to take advantage of these promotions. The clicks generated by these bots inflate advertising costs without offering any genuine engagement or conversions, leaving marketers with increased costs and fewer results.
The problem is growing, with AI bot networks responsible for nearly 40% of click fraud according to FraudLogix. Research from industry leaders suggests the majority of this traffic is now designed to evade detection by mimicking human browsing patterns, from mouse movement to time-on-site. Marketers need to combat AI fraud now or face depleted budgets and a decline in revenue.
The Fraudulent Traffic Threat
AI technology is growing in popularity. Additions like chatbots are the new norm on websites across industries. This has led to the development of AI-powered web crawlers and bots meant to gather data on behalf of humans.
While these may have their benefits, it has drastically increased invalid web traffic. Invalid web traffic provides no real value for marketers and poses a risk to their campaigns. There are two main types:
• General Invalid Traffic (GIVT): GIVT comprises non-human traffic such as web crawlers that typically aren’t used for any malicious purposes. DoubleVerify found in late 2024 that GIVT had risen by 86% year-over-year. This traffic is still harmful if left unchecked as it skews campaign metrics. GIVT inflates impression counts and undermines trust in the digital advertising ecosystem. With inaccurate data, marketers will mistakenly believe a campaign is a success despite the traffic really comprising of GIVT. They will then divert funds to underperforming areas, damaging future campaigns.
• Sophisticated Invalid Traffic (SIVT): SIVT is created with fraud in mind, typically involving bots designed to evade detection. Fraudsters use SIVT to exploit advertising budgets. With AI scripting and automation, bad actors can claim the promotions offered by PPC campaigns at scale, constantly repeating the process to eat away budgets and line their own pockets.
SIVT has developed to a point that allows bots to accurately mimic human behaviour. This allows them to blend in with regular human traffic. Bad actors route their connection through a different server to conceal their location. On top of this, they can program bots to cover their tracks by deleting cookies on websites.
Some advanced SIVT attacks are even capable of responding to CAPTCHAs, imitating scroll behaviour, or deploying headless browsers programmed to behave like real users — further complicating detection.
Bots will then click on paid ads in high frequency. This drives up customer acquisition costs (CACs) and impacts ad revenue. Marketers are left at a loss as CACs increase but conversions decrease, as bots don’t make legitimate purchases.
Combatting the AI Problem
It’s crucial that marketers develop a proactive strategy to identify fraudulent engagement. Without one, organisations risk significant profit loss and distorted campaign metrics.
Fraudulent traffic blends in with genuine users, but with thorough monitoring, marketers can expose it. Bots typically leave a website immediately after loading, resulting in high bounce rates but low engagement and conversion rates. They may also visit sites at irregular hours or from suspicious locations and IP addresses. By keeping a close eye on traffic, marketers will be able to identify these early warning signs of fraudulent activity and report it.
Another step marketers can take against fraud is to deploy robust identity verification. Bad actors leverage bots to create numerous fake accounts, but by setting up stronger identification at sign-up they’re blocked before they can exploit promotions with different accounts.
An extra measure marketers can take is to implement advanced fraud detection tools. These tools can identify whether or not a click is human after its first interaction with a campaign. Then before it has a chance to impact the ad budget, the system will flag it and it can be removed.
Ensuring PPC Protection
AI has a number of benefits and applications worldwide, particularly within the marketing industry. These benefits are not without costs, however, as fraudsters have co-opted AI tech for their own gains.
Invalid traffic, whether it be general or sophisticated, is presenting a very real threat to ad budgets, and marketers need to prepare for it. Monitoring traffic and deploying stronger identity verification is key.
But more importantly, marketers must treat AI fraud as a dynamic adversary, investing in ongoing threat intelligence, adaptive defences, and campaign-level granularity in detection to stay ahead. This way, marketers can protect their campaigns before the damage is done.
Chad Kinlay is CMOat TrafficGuard
Image: stuartmiles99
You Might Also Read:
ChatGPT's Image Generation Could Be Driving Retail Fraud:
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible