Does Google catch most of it on Search?

Google's automated filter catches the obvious end. The IAS 2025 Media Quality Report still measured a 10.9 percent residual fraud rate on campaigns without dedicated anti-fraud technology, fifteen times the rate on protected campaigns. The gap is sophisticated bots, rotating residential proxies, and per-account competitor patterns that platform-wide filtering is not built to spot.

What about Performance Max specifically?

PMax is harder than Search because Google takes more of the placement decision and reports less of it back. Native invalid-click filtering still applies, but campaign-level visibility is limited. Dedicated tools score visits the same way they score Search and add offenders to the campaign exclusion list, which PMax respects.

Do I need brand-safety protection too?

Possibly, depending on where you run. Brand safety matters most on Display, programmatic, and YouTube inventory. If you are running Search and Performance Max only, the brand-safety risk is low. DoubleVerify and IAS are the standard options if you do need it.

How do I know what my actual ad fraud rate is?

The IVT and invalid-click reporting in your platform dashboards is the floor, not the ceiling. The honest answer is that you do not know until you measure with a tool that runs its own signal collection. Most accounts spending more than £1,000 a month find the residual fraud rate is meaningfully higher than the platform reports.

Pillar Guide

Ad Fraud Protection

A 2026 channel-by-channel guide to ad fraud, who it targets, and what realistic protection looks like.

Ad fraud is the umbrella term for any traffic that costs you money but cannot become a customer. It covers fake clicks, fake impressions, fake leads, and fake conversions across Google Search, Performance Max, Microsoft Ads, Meta, and the programmatic Display Network. Statista and Juniper Research put global digital ad spend lost to fraud above $100 billion in 2025, on track for $172 billion by 2028. This guide walks through the categories of ad fraud, the channels each one targets, and what realistic ad fraud protection looks like for SMB advertisers in 2026.

Start free 7-day trial See how it works

Click fraud is one type of ad fraud

Most advertisers use "click fraud" and "ad fraud" interchangeably. They are not the same thing. Click fraud is one of six categories that sit under ad fraud, and each category needs its own defensive tooling. Knowing which category hits which channel is what scopes a sensible protection budget.

Type

What it is

Where it hits

ClickGuardian

Click fraud

Bots, scripts, or competitors clicking PPC ads with no buying intent.

Search, Display

Covered
Impression fraud

Bots loading ads in hidden iframes or invisible placements to bill the advertiser per impression.

Display, programmatic, video

Partial
Attribution fraud

Networks taking credit for conversions they did not generate (cookie stuffing, click injection).

Affiliate, mobile UA

Out of scope
Install fraud

Fake mobile app installs paid for as conversions.

Mobile UA networks

Out of scope
Lead fraud

Bot-generated form submissions or fake call leads on lead-gen campaigns.

All paid channels

Covered
Brand-safety fraud

Ads placed alongside harmful, inappropriate, or counterfeit content.

Display, programmatic, video

Out of scope

ClickGuardian focuses on click and lead fraud across paid Search, Performance Max, and Microsoft Advertising. Categories outside that scope are best handled by specialists: DoubleVerify and IAS for brand safety and viewability, Adjust and AppsFlyer for install fraud.

Why ad fraud is getting worse in 2026

Three structural shifts pushed measured ad fraud past the $100 billion mark in 2025, and all three are still picking up speed in 2026.

The first is volume. The Imperva/Thales 2025 Bad Bot Report measured automated traffic at 51 percent of all web activity in 2024, the first year on record where humans were the minority. Of that, 37 percent was bad bot traffic, the sixth consecutive year of growth.

The second is infrastructure. Residential proxy networks, originally built for privacy and price comparison, are now the default plumbing for fraud-as-a-service operations. They make IP-based blocking trivially circumventable. DoubleVerify reported a 106 percent year-over-year jump in US bot fraud in 2024 once these networks went mainstream.

The third is generative AI. Mouse trajectories that look human, dwell times that look human, scroll behaviour that looks human, all generated cheaply at scale. The IAS 2025 Media Quality Report measured fraud rates of 10.9 percent on campaigns running without anti-fraud technology, fifteen times higher than protected campaigns and a four-year high.

Fraud is more profitable, more scalable, and easier to produce than at any point in the history of digital advertising. The defensive picture has not kept pace. Closing that gap is what 2026 ad fraud protection has to do.

Channels

Channel-by-channel breakdown

Every channel has a different fraud profile. Native protection helps, but knows its own limits. Read this section as a coverage map.

Google Search

Google Search is the most-defended paid channel and still leaks. The platform's invalid-click filter catches the obvious end (known bot signatures, data-centre traffic, accidental double-clicks) and credits some of what it misses retroactively. The gap is sophisticated competitor clicking from rotating residential IPs, AI-driven behaviour mimicry, and slow-drip patterns designed to stay below velocity thresholds. The IAS-measured 10.9 percent residual fraud rate on unprotected campaigns is the rough size of that gap.

Native protection

Google's invalid-click filter and the signal cleaning Smart Bidding does at the auction layer.

What it misses

Per-account behavioural patterns, repeat-offender competitor IPs disguised as residential traffic, and anything organised enough to rotate through enough fingerprints to look like distinct users.

Performance Max

Performance Max trades transparency for automation. Google takes more of the placement decision, which means you see less of where ads actually run and less of who is clicking them. Fraud surfaces show up as inflated CTRs on placements you cannot identify in the standard report, conversions from outside your service area, and lead-form spam from sources the dashboard does not surface.

Native protection

The same Google-wide invalid-click filter applies, plus the Smart Bidding signal layer.

What it misses

Per-campaign placement quality on Display and YouTube inventory inside PMax, and bot-driven lead-form submissions that look human enough to clear the platform’s own anti-spam logic.

Microsoft Ads

Microsoft Advertising mirrors most of Google's protection structure (the invalid-click filter, the API for IP exclusions, the audience network) at smaller scale. The fraud profile is similar but typically lower volume because the network is smaller and less industrially targeted by fraud-as-a-service operations.

Native protection

Microsoft's invalid-click filter plus Audience Network protections.

What it misses

The same long tail Google misses on Search, plus a higher share of low-quality Audience Network display fraud, which sits closer to programmatic Display in risk profile than to plain Search.

Display and programmatic

Display and programmatic sit at the loose end of the spectrum. The ANA Programmatic Transparency Benchmark put wasted programmatic spend at $26.8 billion globally in 2025, with only 43.9 percent of budget reaching consumers as viewable impressions. Pixalate's Q4 2025 numbers put global web IVT at 23 percent of programmatic traffic, mobile app at 36 percent.

Native protection

TAG-certified channels, plus the third-party verification layer (DoubleVerify, IAS, Pixalate) that publishers and DSPs can opt into.

What it misses

Long-tail publisher inventory that does not carry TAG certification, click fraud on incentivised placements, and impression-stacking on low-quality MFA (made-for-advertising) sites.

What ad fraud protection looks like in practice

Effective ad fraud protection is a four-stage workflow, regardless of whether the tool runs on the advertiser side, the publisher side, or both.

Signal collection comes first. Every ad impression and click is captured with everything observable about the source: IP, network type, device fingerprint, behavioural signals (mouse trajectory, dwell, scroll), referrer, geographic data, and the publisher placement.

Scoring comes next. Signals are run against a model that produces a single fraud score, usually 0 to 100, with thresholds set per campaign. The model improves as it sees more confirmed fraud across the network of accounts the tool protects.

Blocking is the action layer. For click fraud, that means adding the offending IP to the campaign's exclusion list via the platform API. For impression fraud, it means adding the placement to the exclusion list. For lead fraud, it means flagging or rejecting the form submission before it reaches your CRM. The faster the blocking, the smaller the budget impact.

Reporting closes the loop. The advertiser sees what was blocked, why, what it would have cost, and the residual fraud rate after protection. Without reporting there is no way to tell whether the tool is doing anything useful. See how it works for the ClickGuardian implementation of each stage.

ClickGuardian's coverage

Be specific about scoping. ClickGuardian protects against click fraud and lead fraud across Google Ads, Microsoft Advertising, and the parts of Performance Max where signals are available. We do not cover brand-safety placement quality, attribution fraud, or mobile install fraud. Specialist tools handle those problems better and we will say so honestly when asked.

Within scope, the integration runs through the Google Ads and Microsoft Advertising APIs. Setup takes about five minutes. Suspicious clicks and lead submissions are scored in real time and blocked before they affect the daily budget. IP exclusion lists rotate so you never run into Google's 500-address limit. Performance Max is covered through campaign-level exclusions where the platform allows.

For the per-feature breakdown, see click fraud protection, Google Ads protection, and Microsoft Ads protection. For the deeper read on prevention techniques, see the click fraud prevention guide. For the underlying numbers, the 2026 click fraud statistics page collects every figure cited above with primary sources.

FAQ

Frequently asked questions

Click fraud is one of six categories that sit under ad fraud. The others are impression fraud, attribution fraud, install fraud, lead fraud, and brand-safety fraud. Each has its own attack patterns and its own specialist tools. ClickGuardian covers click and lead fraud across paid Search, Performance Max, and Microsoft Advertising.

Ad Fraud Protection

Click fraud is one type of ad fraud

Why ad fraud is getting worse in 2026

Channel-by-channel breakdown

Google Search

Performance Max

Microsoft Ads

Meta

Display and programmatic

What ad fraud protection looks like in practice

ClickGuardian's coverage

Frequently asked questions

Cover the channels that pay you