One of the less obvious impacts of COVID-19 on business is the worsening of the click fraud threat.

Click fraud is when someone illegally clicks on pay-per-click (PPC) ads to increase site revenue or to exhaust a company’s advertising budget. 

Many companies are now finding that automated programs – bots – are being used to steal their clicks and divert traffic.

According to a recent industry report, 11% of all search clicks are now fraudulent, rising to 17% for connected TV campaigns and 36% for display advertising campaigns. 

COVID crisis alarm

“The level of click fraud is alarming and has worsened considerably as the world has battled the coronavirus pandemic,” Stewart Boutcher, CTO and data lead at Beacon, says.

“The COVID-19 crisis has forced many businesses to shift their advertising budgets to have a greater online focus, which has provided cybercriminals with a golden opportunity to carry out their illicit activity on a far greater scale.”

Beacon helps companies to protect their ad spend and reach more real people on Facebook, Instagram, Google and Bing.

“Conducting bot-led click fraud is a low-risk crime, this gives scammers the confidence they need to invest heavily in increasingly sophisticated technology and expand their operations alongside growing web traffic,” explains Boutcher.

Worst-hit sectors

Some sectors have been far worse hit than others by click fraud in the wake of the pandemic.

For example, homeschooling became commonplace for many students during lockdown, and the consequential increase in ad spending resulted in the highest rate of click fraud taking place within the education sector, with nearly one-third of clicks disabled.

The health and medical sector also experienced a 53% rise over 2019 levels of click fraud, according to the Search Engine Journal. 

This is most likely due to the increase in businesses running campaigns for vitamins, face masks, antibody tests and other COVID-related items, which has presented fraudsters with a lucrative opportunity to capitalise on.

Google Ads

The average small business using Google Ads spends between $9,000 and $10,000 per month on paid search campaigns, which is money they can ill afford to waste in light of the crisis. 

So what can businesses do to mitigate the risks? 

“Properly setting up rules on their website’s robots.txt file – a file that lives on a web server and specifies the rules for any bots accessing the website – is the first step they should take,” advises Boutcher.

“Although this will not necessarily prevent malicious click bots from accessing the website, it could hamper the efforts of overly aggressive crawlers – programmes that systematically browse the web to create an index of data – to take the site down. 


“Another method of reducing the risk is using Google’s reCAPTCHA security service, which requires human input or other validation, such as email verification or texted one-time codes. 

“Additionally, web-based solutions, like firewalls, can stop many threats from ever reaching a website, while identifying unusual traffic sources in a business’ analytics or spikes in login attempts can both often be tell-tale signs of bot activity.”