Ad clicks can be tagged as SUSPICIOUS or FRAUDULENT. This is determined during click processing after a click is logged and also retroactively, based on your protection configuration.

What is the difference between suspicious and fraudulent clicks?

The key difference between these two kinds of clicks is that a suspicious click cannot be considered fraudulent without additional confirmation.

The idea is for you to be able to understand the data about a click (IP address, device forensics, etc) to gain additional insight into the nature of the click and potentially perform additional actions when a suspicious click is in fact fraudulent.

As clicks keep coming in ClickGUARD will revisit previously made suspicious clicks and - when relevant information is found - sometimes deem them fraudulent and apply protective actions.

How does ClickGUARD determine suspicious clicks?

A click is tagged as suspicious when:

ClickGUARD determines that there are reasons to doubt the legitimacy of a the click but doesn’t automatically consider it fraudulent (e.g. when the system is not able to fingerprint the visitor - the click might be legitimate but a website error might have prevented the fingerprinting process);
A protection rule is triggered but there are no protective actions configured - making it a “notify-only” protection rule - where ClickGUARD tags the click but doesn’t apply protection.

Suspicious clicks are shown as SUSPICIOUS in all click reports with a distinctive color (orange):

How does ClickGUARD determine fraudulent clicks?

A click is tagged as fraudulent when:

ClickGUARD determines that the click is made by a fraudulent entity (IP address, device, IP address range) or on a fraudulent ad placement through forensic analysis or when there are other circumstances that deny the legitimacy of the click;
A protection rule is triggered when there’s at least 1 protective action configured - where ClickGUARD concludes the user considers the click fraudulent;
An IP address, device or IP range is manually blocked from within click forensics, or retroactively during manual blocking.

Fraudulent clicks are shown as FRAUDULENT in all click reports with a distinctive color (red):

Where can I see why a click is considered suspicious or fraudulent?

In order to see the reason why a click is considered suspicious or fraudulent - mouse over the given click kind tag (e.g. SUSPICIOUS). A resulting tooltip will elaborate on the nature of the click.