In this article

This is also a heading
This is a heading
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Bot traffic

Why CPL (cost-per-lead) is not immune to click fraud

CPL is not the panacea that people think it is, especially with bots becoming more sophisticated and able to fill in fake leads. We show you why you should care, and how to identify and solve CPL click fraud.
John Jackson
by 
John Jackson
on 
November 7, 2024
Reviewed on
November 7, 2024
Why CPL (cost-per-lead) is not immune to click fraud

What is cost-per-lead?

Cost-per-lead (or CPL) advertising, is a where advertising is paid for based on the leads that are generated from it. It’s different to CPM (cost-per-thousand impressions) or CPC (cost-per-click).

For example, if a campaign was agreed at $20 CPL, and generated 10 leads, the payment for the media would be calculated at $20 x 10 = $200.

Google Ads does offer CPL terms to some eligible customers for Google campaigns.

Surely bots can’t create fake leads?

On the surface, you’d think that only paying for genuine clicks would be a sure-fire way to beat click fraud.

Unfortunately, the fraudsters are one step ahead.

They already know that advertisers often have conversion tracking set up to monitor the success of their campaigns. And they know that bot clicks would be pretty easy to spot if their conversion rate (CR) was consistently 0.0%.

So bots look for your lead forms, and they fill those in.

Even if you have a CAPTCHA on the form, they can use captcha solving services to evade it.

Astonishingly, when you Google “captcha solving services”, you’ll see that these firms actually pay for ads on Google!

Don't click this, it's just an image

In fact, anyone who’s ever run ads on Google Display Network (GDN) will understand this problem well. It’s very clear that one form fill is not always equal to another. Sometimes it’s VERY difficult to sort the good from the bad.

How do fraudsters make fake leads look real?

Although some bots will still just fill in garbage, many sites have anti-spam measures in place to filter out meaningless form completions.

This has meant that bots have had to adapt over time too.

There’s already literally millions of hacked personal records available to buy on the dark web, and all the bots need is a simple list of name, phone number, email, and address. Most hacks include all this info at a minimum.

So the bots are fed with a database of real personal details, that are indistinguishable from genuine high-intent leads. Problem solved.

Real people, useless leads

Photo by RDNE Stock project

That’s one type of CPL fraud, where fake leads are 100% automated.

But another type of fraud is where forms are filled in by real people, but under false pretenses.

If a high volume of traffic can be driven to a site promising “fill in this form to win $100k” and the link goes straight to your lead form page, it’s still easier to drive a CPL conversion like this than to find someone genuinely interested in a more niche offer.

Always keep an eye on your referring domains to check where the ads driving your CPL campaigns are placed.

It won’t show you the actual ad, but it may offer you an early indication if there is fraud at play.

It’s not all about the money

But despite all of this, if you’re only paying for a lead, what’s the problem?

Well, assuming you can sort the worthwhile leads from the junk (and that isn’t always easy), there’s something else at stake here. And this could cost you A LOT of money into the future.

We're talking about your conversion data (the signal to ad networks that a lead has converted successfully).

In a world where targeting is getting more and more difficult, first-party data such as this is more and more important. Good, clean conversion data is now key to running successful online marketing campaigns.

If your conversion data is being diluted with fake or invalid leads, how can the ad networks learn to optimize towards genuine leads?

The answer is to identify the bots and stop them from polluting your data.

How to identify bot leads

One way to sift out the good clicks from the bad clicks, is Hitprobe, our click fraud defense suite that gives you many click fraud superpowers such as:

  • Getting deep insight into every click
  • Integration with Google Tag Manager and a JavaScript API to help you to take actions on your site when suspicious visits are identified
  • Audience exclusion support for Google Ads and Meta Ads
  • IP and referrer domain blocking support

How to stop CPL fraud

Now you're identifying suspect visits to your forms, you need to identify suspicious clicks before they reach your lead form, and then take action:

  • Add the visit to an audience exclusion list so that ad networks know to exclude the data from their optimizations
  • Block the IP from sending further traffic — an imperfect measure but still worthwhile
  • Stop the form being submitted, or at least mark it as suspect so your team can deprioritize it

Fraud in lead generation relationships

Even if you’re not buying CPL media through major ad networks, it’s still good practice to protect the traffic you receive with click fraud protection.

Tools such as Hitprobe can profile and monitor traffic from any source.

It makes it easy to spot anomalies however you drive your lead generation:

  • Affiliates
  • Franchise networks
  • Lead generation providers
  • Small/niche PPC networks
  • Multi-level marketing
  • Outsourced sales teams

About your author

John Jackson
John Jackson
CEO & founder
John is a serial tech entrepreneur, having started his first internet business in 1996, and since then building, growing and selling several SaaS products.
More from this author...

Continue reading

Browser fingerprinting

How often do IPs change? A detailed real-life study

We look at a surprising real-world study into IP addresses, to see how long an average user keeps the same address. The same study also found that changes in IP address may actually make a user MORE traceable.
Browser fingerprinting

Browser fingerprinting: Everything you ever wanted to know, start to finish

The complete guide to browser fingerprints. What they are, how they work, what data goes into them, the history, privacy, and much more.
Ad fraud

Click fraud uncovered: Ultimate guide to protecting ad spend

This guide will explain everything you’ll ever need to know about click fraud, the different categories of unwanted clicks, how it can be detected, and how it can be stopped.
Next generation click-fraud protection platform
Get started
Features
Click fraud detectionClick fraud blockingMarketing channelsAnalytics & reportingFor agenciesPricingDocumentation
Compare
Click Guardian
ClickPatrol
Lunio
ClickCease
Company
Contact usBlogTerms of usePrivacy policyCookie declaration
© Chalkboard Software Limited. Registered in England & Wales number 09192721.