Fraudsters Leverage Bots To Exploit Digital Marketing Campaigns

Uploaded on 2025-07-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

Artificial Intelligence (AI) has significantly impacted industries across the board, and marketing is no different, undergoing a wave of new developments. Advancements in audience targeting, behaviour prediction and personalisation have all been made possible by AI.

While marketers can now engage with users more effectively,  the same technology is being weaponised by fraudsters who train bots to mimic user behaviour with alarming precision.

Bad actors are utilising AI to power fraudulent bots. These bots have been programmed to target marketing campaigns and drain their budgets. The pay-per-click (PPC) campaigns utilised by marketers are prime targets as they offer online promotions like discounts and sign-up bonuses. These campaigns are particularly vulnerable because AI-trained bots can dynamically reset identifiers like IP addresses and device IDs, allowing them to bypass traditional fraud filters.

AI Bots create floods of fake accounts to take advantage of these promotions. The clicks generated by these bots inflate advertising costs without offering any genuine engagement or conversions, leaving marketers with increased costs and fewer results.

The problem is growing, with AI bot networks responsible for nearly 40% of click fraud according to FraudLogix. Research from industry leaders suggests the majority of this traffic is now designed to evade detection by mimicking human browsing patterns, from mouse movement to time-on-site. Marketers need to combat AI fraud now or face depleted budgets and a decline in revenue.

The Fraudulent Traffic Threat

AI technology is growing in popularity. Additions like chatbots are the new norm on websites across industries. This has led to the development of AI-powered web crawlers and bots meant to gather data on behalf of humans.

While these may have their benefits, it has drastically increased invalid web traffic. Invalid web traffic provides no real value for marketers and poses a risk to their campaigns. There are two main types:

•    General Invalid Traffic (GIVT): GIVT comprises non-human traffic such as web crawlers that typically aren’t used for any malicious purposes. DoubleVerify found in late 2024 that GIVT had risen by 86% year-over-year. This traffic is still harmful if left unchecked as it skews campaign metrics. GIVT inflates impression counts and undermines trust in the digital advertising ecosystem. With inaccurate data, marketers will mistakenly believe a campaign is a success despite the traffic really comprising of GIVT. They will then divert funds to underperforming areas, damaging future campaigns.

•    Sophisticated Invalid Traffic (SIVT): SIVT is created with fraud in mind, typically involving bots designed to evade detection. Fraudsters use SIVT to exploit advertising budgets. With AI scripting and automation, bad actors can claim the promotions offered by PPC campaigns at scale, constantly repeating the process to eat away budgets and line their own pockets.

SIVT has developed to a point that allows bots to accurately mimic human behaviour. This allows them to blend in with regular human traffic. Bad actors route their connection through a different server to conceal their location. On top of this, they can program bots to cover their tracks by deleting cookies on websites.

Some advanced SIVT attacks are even capable of responding to CAPTCHAs, imitating scroll behaviour, or deploying headless browsers programmed to behave like real users — further complicating detection.

Bots will then click on paid ads in high frequency. This drives up customer acquisition costs (CACs) and impacts ad revenue. Marketers are left at a loss as CACs increase but conversions decrease, as bots don’t make legitimate purchases. 

Combatting the AI Problem

It’s crucial that marketers develop a proactive strategy to identify fraudulent engagement. Without one, organisations risk significant profit loss and distorted campaign metrics.

Fraudulent traffic blends in with genuine users, but with thorough monitoring, marketers can expose it. Bots typically leave a website immediately after loading, resulting in high bounce rates but low engagement and conversion rates. They may also visit sites at irregular hours or from suspicious locations and IP addresses. By keeping a close eye on traffic, marketers will be able to identify these early warning signs of fraudulent activity and report it.

Another step marketers can take against fraud is to deploy robust identity verification. Bad actors leverage bots to create numerous fake accounts, but by setting up stronger identification at sign-up they’re blocked before they can exploit promotions with different accounts.

An extra measure marketers can take is to implement advanced fraud detection tools. These tools can identify whether or not a click is human after its first interaction with a campaign. Then before it has a chance to impact the ad budget, the system will flag it and it can be removed.

Ensuring PPC Protection

AI has a number of benefits and applications worldwide, particularly within the marketing industry. These benefits are not without costs, however, as fraudsters have co-opted AI tech for their own gains.

Invalid traffic, whether it be general or sophisticated, is presenting a very real threat to ad budgets, and marketers need to prepare for it. Monitoring traffic and deploying stronger identity verification is key.

But more importantly, marketers must treat AI fraud as a dynamic adversary, investing in ongoing threat intelligence, adaptive defences, and campaign-level granularity in detection to stay ahead. This way, marketers can protect their campaigns before the damage is done.

Chad Kinlay is CMOat TrafficGuard

Image: stuartmiles99

You Might Also Read: 

ChatGPT's Image Generation Could Be Driving Retail Fraud:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Resilience Must Start With Visibility
An Organisation’s Responsibility Following A Data Leak »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.

Cyber Castellum

Cyber Castellum

Cyber Castellum is a cybersecurity consulting firm that specializes in the identification of security vulnerabilities in an organization’s technology landscape.