Ad clicks or organic clicks can be suspicious or fraudulent in nature. This is determined during click processing after a click is logged and retroactively, when another click that is related to the original click is considered suspicious or fraudulent.

What is the difference between suspicious and fraudulent clicks?

The key difference between these two kinds of clicks is that a suspicious click cannot be considered fraudulent without additional information or actions.

The idea is for the user to be able to explore the data behind a click (IP address, device forensics, etc) to gain additional insight into the nature of the click and potentially perform additional actions when a suspicious click is in fact fraudulent.

As clicks keep coming in ClickGUARD will revisit previously made suspicious clicks and - when relevant information is found - potentially pronounce them fraudulent and apply protective actions.

How does ClickGUARD determine suspicious clicks?

A click is tagged as suspicious when:

ClickGUARD determines that there are reasons to doubt the legitimacy of a the click but doesn’t automatically consider it fraudulent (e.g. when the system is not able to fingerprint the visitor - the click might be legitimate but a website error might have prevented the fingerprinting process);
A user-defined protection rule is triggered but there are no protective actions configured - making it a “notify-only” protection rule - where ClickGUARD marks the click but doesn’t take any protective measures.

Suspicious clicks are shown as “SUSPICIOUS” in all click reports with a distinctive color (orange).

How does ClickGUARD determine fraudulent clicks?

A click is tagged as fraudulent when:

ClickGUARD determines that the click is made by a fraudulent entity (IP address, device) through forensic analysis or when there are other circumstances that deny the legitimacy of the click;
A user-defined protection rule is triggered when there’s at least 1 protective action configured - where ClickGUARD concludes the user considers the click fraudulent;
The user manually blocks an IP address / device from within click forensics, or retroactively during manual IP address / device blocking.

Fraudulent clicks are shown as “FRAUDULENT” in all click reports with a distinctive color (red).

Where can I see why a click is considered suspicious or fraudulent?

In order to see the reason why a click is considered suspicious or fraudulent - hover over the given click kind tag (e.g. “SUSPICIOUS”). An informative tooltip will elaborate on all the reasons why the click is not considered normal by the system.