Skip to content
Click Guardian
August 23rd, 2018 / Click fraud

VPN Click Fraud

Click Fraud and VPNs – or Virtual Private Networks have an interesting and intertwined relationship. In much the same way click fraud and bots are used to commit wide-reaching paid ad fraudulent activity, VPN click fraud offers a tempting option for click fraudsters and one which can be technical to combat.

What are VPNs?

Before looking at how VPN click fraud relate to each other, it would be wise to actually define what a VPN actually is. To an extent, the clue is in the name – virtual private network - VPNs work at the application layer (see the 7 layers of the OSI model) – providing a high level of privacy – giving the user using the VPN a key advantage. This advantage is that every time the VPN is active, a new IP address is created and the user can essentially mask or simulate being if a different region. Now, you may be wondering why this is important, but within the context of click fraud, it’s a significant feature.

IP Addresses and Privacy

Having a new IP address created each time offers the user an exclusive option to remain private. As a new IP address is created, the ability to track and identify fraudulent activity becomes more technical. In certain respects, this is ideal for those who wish to remain private.

In our interconnected and digital world, privacy can be difficult to attain. The recent Facebook and Cambridge Analytica scandal from earlier this year demonstrated that privacy was not always considered by platform hosting websites. That said, it does not mean that Facebook or any other platform hosting website does not respect privacy, especially since the roll out of GDPR in May. What is definite is the increased use of VPNs across the world, particularly in Asia and the Middle East, but across the West in general. Users are seeing VPNs as an opportunity to protect themselves and their privacy. However, in an almost contradictory way, it also means that privacy can be ensured to commit fraudulent and generally damaging activity.

Fighting VPN Click Fraud

On the surface, VPNs used in the wrong way seem quite alarming. After all, VPNs provide the perfect recipe for fraudsters to commit VPN click fraud but there are options to offset this threat. Whilst VPNs offer elaborate methods of privacy protection, it also provides a distinct ‘footprint’ which can be identified.

Blocking: Despite VPNs creating new IP addresses for users each time they are used, there are ways for these addresses to be tracked and categorised. It is possible to rank and score IP addresses on a scale which identifies fraudulent activity. If an address is assessed and assumed to be from a disreputable source it can be blocked accordingly.

Email Verification: VPNs are reliant on email addresses and more often than not fraudulent networks will have easily identifiable addresses which can be blocked or identified. In essence, this is a way of finding VPNs which are designed to commit click fraud at their source.

Fraud Score: In much the same way IP addresses individually can be ranked and filtered for fraudulent activity, creating a method to score VPNs and IP addresses using a combination of factors, provides an added layer of protection. Identifying email and IP addresses, location and device tracking, time of day categorisation allows businesses to track and block VPNs which are committing VPN click fraud.


Make no mistake, VPNs pose a big threat in the fight against click fraud. Like bots, VPNs are increasing every year and look set to be a feature for many years to come. With the drive for increased privacy on the internet, fraudsters have practically been given a free ride to commit VPN click fraud. VPNs essentially offer the platform to commit fraudulent activity on a deliberate and targeted scale. However, due to the technical nature of VPNs, countermeasures to stop VPNs from causing click fraud can be implemented. In short, whilst VPNs may appear troublesome they are also easily identified once you have established how they operate. For example, identifying IP addresses and subsequently linking them to devices from VPNs is possible once pattern is identified.

While VPNs can be identified, they are also increasing in number and it is here where businesses need to be aware. By sheer weight of numbers, VPNs can be used to commit VPN click fraud on a significant level and that should never be underestimated.

In much the same way bots are interpreted by platform providers, VPNs are given a mixed reception when analysing their usefulness vs threat and how to tackle them. Once again, the level to which VPNs can be targeted is ambiguous and third party systems are often needed to provide the most comprehensive protection. It is reasonable to assume that in the coming years, VPN click fraud will increase but with this increase will come a better understanding and methodology to stop fraudulent VPNs from affecting businesses marketing activity.

Click Guardian offers Google Ads advertisers the opportunity to protect their budgets from the damaging effects of VPN Click Fraud. With a free 7 day trial and an easy-to-setup process, Click Guardian can make a real difference.  Sign up today for a free 7 day trial of Click Guardian Pro.