VPNs and geolocation

VPNs & Proxies: Friend, foe, or false alarm for click fraud?

Not every masked user is a fraudster, but a lot of fraudsters are masked users. From fake clicks to sneaky budget drainers, this article breaks down how VPNs and proxies blur the line between privacy and ad fraud, and what marketers can do to fight back.
VPNs & Proxies: Friend, foe, or false alarm for click fraud?

Not every VPN user is a fraudster.

Some are just browsing in peace, whilst others may have slightly more nefarious intentions?

They're out to drain your ad budget, scrape your site, or mess with your conversion tracking.

And that’s exactly where the dilemma is.

VPN and proxy traffic is a grey area - some of it’s legit, a lot of it isn’t.

So the big question for marketers is this:

"Should you block it all and risk cutting off real customers?"

Or do you let it through and open the door to potential bots, fake clicks, and wasted spend?

Welcome to the murky world of masked traffic.

What is the difference between VPNs and proxies?

Let’s break it down, keeping it simple to digest:

  • VPNs (or Virtual Private Networks) allow people to hide their real location and IP address, and they’re often used by privacy conscious individuals, remote workers, or those accessing content that’s only available in specific regions.
  • Proxies do something similar, but they route traffic through another server so it looks like it’s coming from somewhere else.

There are also different types of proxies commonly used:

  • Datacenter proxies: Fast, cheap, and built for volume - that’s datacenter proxies in a nutshell. Coming straight out of big data centers, they’re lightning quick but stand out like a sore thumb since their IPs don’t match typical home connections ⚡

    That’s why they’re the favorite weapon for bot attacks and other high-speed, high-volume shenanigans where being sneaky isn’t the priority...just pure speed and scale.
  • Residential proxies: These proxies use real IPs from everyday devices (think your laptop, phone, or even smart TV at home), so they often fly under the radar like pros. Because they look just like genuine users hanging out online, it’s tough for security systems to spot them 🏘️

    That stealth factor makes residential proxies the go-to for anyone wanting to blend in and avoid detection.
  • Rotating proxies: These sneaky hustlers keep switching up their IP addresses nonstop, making it a real headache to pin them down. They’re like digital chameleons, always changing to dodge detection 🔄

    Unless you’ve got advanced tools like device fingerprinting in your corner, stopping them is next to impossible.

To you, all this means is someone’s masking their identity, and you’re left guessing whether it’s a genuine visitor or a bot in disguise.

How VPNs and proxies actually work

VPNs and proxies both hide a user’s real IP address, but how they do it (and how dangerous they are to your ad traffic) varies.

What does a proxy do?

Think of a proxy server as a middleman.

It routes a user’s internet traffic through another server, so your site thinks the visit is coming from the proxy, not the real device.

But most proxies:

  • Don’t encrypt anything
  • Only work on specific apps (like a web browser)
  • Still leak some identifying info

They’re ideal for simple location spoofing, and unfortunately, perfect for click fraud operators, who only need one app (like Chrome or an emulator) to fake ad interactions.

Click fraud is one of the most common forms of digital ad abuse, especially when proxies and VPNs are involved.

Fraudsters use:

  • Data center proxies for cheap, high-volume bot traffic
  • Residential proxies to look more human
  • Rotating proxies to spoof new visitors on every click

What does a VPN do?

VPNs take it further.

They route all of your device’s internet traffic through a secure, encrypted tunnel, shielding your IP, location, and online activity.

This makes them a lot harder to detect and even harder to block.

VPNs are:

  • Fully encrypted
  • Applied at the individual device level
  • Designed for privacy and security

They're great for remote workers or privacy-first users, but also used in high-level ad fraud to fake geography, mask identity, and bypass filters.

Ad fraud costs advertisers billions each year and is increasingly powered by anonymizing tools like VPNs and rotating proxies, and with over a reported 13% of all ad traffic coming through VPNs, its easy to see the risk⚠️

Why fraudsters love VPNs

Here’s the deal…

When you block an IP address in platforms like Google or Bing Ads, your ads simply stop showing to that IP.

That means fraudsters can no longer click your ads from that blocked address.

But, fraudsters are clever.

By using VPNs or proxies, they can constantly switch to new IP addresses, slipping past your blocks and clicking your ads repeatedly from different “locations.”

This technique is what we call VPN click fraud.

Organized fraud groups rely on these tools to hide their identity and run many devices at once, and by changing IPs quickly and often, it lets them carry out large-scale, high-volume fraud without being stopped.

Even smaller fraud bots rent VPNs and proxies to mask their origin, making their fake traffic harder to detect and ultimately, shut down.

Bottom line? VPNs and proxies help fraudsters stay hidden and keep draining your ad budget 💸

How VPNs and proxies fuel click fraud schemes

VPNs and proxies aren’t just used to hide IPs though, they’re central to how fraudsters carry out click fraud and ad fraud at scale.

Here's how they weaponize these tools:

  • IP Spoofing: By switching IPs constantly, fraudsters avoid detection and make every click look like it’s coming from a different user.
  • Geographic manipulation: VPNs let attackers pose as users from high-value regions - inflating CPCs and tricking geo-targeted ads into displaying.
  • Automated scripts & bots: Behind proxies, bots simulate human behavior - clicking, scrolling, even filling forms - while avoiding blocks tied to known IPs.
  • Device & browser spoofing: Many fraudsters combine VPNs with fake device IDs and browser fingerprints to bypass basic bot detection tools.
  • Session hijacking: Advanced fraud operations can piggyback on real sessions while hiding behind masked IPs - making it harder to distinguish fake from real.
  • Proxy chains & rotation: By chaining proxies or using services that rotate IPs automatically, fraudsters ensure they’re constantly appearing “new” to your site.
  • Pixel stuffing & ad stacking: VPNs allow shady publishers to run hidden ads or fake conversions behind the scenes - you pay, but no real user ever sees it.

These tactics are designed to mimic real user behavior, defeat IP blocks, and drain budgets without setting off alarms.

Unless you’ve got the right detection in place, VPNs and proxies are left in play to contribute towards ongoing ad fraud.

Ad fraud by the numbers [and why you cant ignore it]

Ad fraud isn’t a niche problem - it’s a global epidemic that drains billions of dollars worldwide from advertisers, and it happens every year.

Here’s some eye-opening stats to put things into perspective:

  • $68 billion: Estimated global losses from ad fraud in 2023, according to a report by Juniper Research.
  • 15-20%: Percentage of all online ad traffic considered fraudulent, per industry watchdogs like the IAB and White Ops.
  • 13.6%: Proportion of fraudulent ad traffic linked specifically to VPN and proxy use, from data reported by the Internet Society.
  • Fraudulent clicks can inflate your cost per acquisition (CPA) by up to 50%, silently bleeding your ad budget.

These numbers aren’t just abstract either - they translate directly to wasted spend, lost customers, and skewed analytics that end up damaging your decision making.

Ignoring VPN and proxy fraud means throwing money into the annual black hole, so the stakes have never been higher to defend better.

But here’s the catch: not all VPN traffic is bad

Plenty of real users rely on VPNs - tech workers, remote teams, crypto users, international customers…you name it.

Blocking all VPN traffic could mean:

  • Losing high-intent visitors
  • Wrecking your geotargeting
  • Misreading your analytics

This is where most fraud filters get it wrong - they block everything masked, which can hurt your conversions more than help.

So… should you block VPNs?

Here’s the real-world answer: sometimes, yes.

But not always.

Our suggestion is to block VPNs or proxies when:

  1. You see high bounce rates and zero conversions from masked IPs
  2. Traffic comes from known datacenters or switches IPs constantly
  3. The same device fingerprint keeps clicking from different IPs
  4. You’re running time-sensitive or high-budget campaigns where precision matters

Don’t block VPNs blindly if:

  1. You’ve got global traffic or a privacy-aware audience
  2. Your data shows conversion from VPN users
  3. You’re not scoring sessions intelligently

The key is context, and that’s where smarter analytics comes in.

DIY VPN, proxy & click fraud detection: What you can do without software

Not every business has the budget or bandwidth for dedicated click fraud software, but can you still take steps to reduce associated risks with VPNs, proxies and in general, click fraud:

  • Manual IP blocking: Identify suspicious IP addresses (including known VPN and proxy IP ranges) and block them in your ad platforms like Google and Meta. This helps cut off obvious fraud sources, though it’s only a partial solution without device fingerprinting to block the device behind the IP ⛔
  • Set geo-targeting limits: Restrict your ads to the countries and regions you actually operate within. VPNs and proxies often spoof locations outside your target areas, so this can limit exposure to fraudulent traffic 🌎
  • Analyze traffic patterns: Keep a look out for sudden spikes in clicks without any corresponding conversions, especially from masked IPs or unexpected geographies. Then use Google Analytics and ad platform reports to continue to monitor 📈
  • Limit ad frequency: Lower maximum impressions per user to reduce repeat clicks coming from rotating VPNs or proxies, this keeps the risk lower and your budget in check ⏸️
  • Exclude data centers & known proxy ranges: Some ad platforms let you filter out traffic from known datacenter IPs, which are common sources of proxy and VPN abuse. It’s worth noting that platforms like Google and Meta have their fairly restrictive limits on how many IPs you can block at any time, so blocking an IP now means it might be allowed again next week when new IPs are added to the list ✋
  • Device & browser checks: Use tag managers or scripts to flag suspicious user agents or browser/device combos often seen with proxy-driven bots 🔍

While these strategies can help, they don’t catch sophisticated VPN and proxy fraud that constantly rotates IPs and mimics real users.

For the best protection, advanced detection tools are necessary - those that include device fingerprinting and domain inspection, plus blocking that goes beyond Google Ads “Only 500 IPs at any given time” limit.

How Hitprobe handles VPN traffic the smart way

Hitprobe doesn’t just see a VPN and automatically panic-block it.

Instead, we analyze every visit across multiple layers:

  • IP reputation & proxy detection ✅
  • Device fingerprinting
  • Engagement and behavior (clicks, scroll depth, bounce rate, repeat visits)
  • All conversion data, across all associated sessions.

If someone behaves like a real user, we let them through, even if they’re behind a VPN - the choice is yours.

But if we see a masked user clicking repeatedly, bouncing instantly, or rotating IPs?

They’re flagged, scored, blocked, and you get notified.

It’s the smarter way to handle VPN traffic so you can reduce the risk, stop the fraud, and keep the conversions flowing.

How to tell if VPNs and proxies are affecting your traffic

Maybe you’re seeing traffic from countries you don’t target, or clicks coming from odd locations that never actually convert?

That’s not just noise, and it could well be click fraud powered by VPNs and proxies. But without the right tools in place, the noise remains noise, the door remains open to risk and your detection and prevention tools? They’re still lacking.

Fraudsters use location-masking tools to make their clicks look legit, even when they’re anything but.This might look like:

  • Spikes from regions your ads aren’t aimed at
  • Repeat visits with rotating IPs
  • High CTR (click through rate) but no conversions
  • Devices bouncing in and out of different geographic locations

That’s the tell-tale pattern of VPN-based click fraud, and it’s likely costing you money without you even realizing it.

With Hitprobe, you can:

  • Run a 14-day free traffic audit
  • Pinpoint VPNs, proxies, and bot-driven clicks
  • Detect suspicious geo patterns, session spoofing, and fake engagement
  • Finally see which ad clicks are real, and which are simply draining your budget

Our hot take? Take control, stop wasting ad budget and crush click fraud

Masked traffic isn’t just annoying - it’s a sneaky budget killer.

Every single fake click, every VPN-driven bot, every proxy masked visitor slowly chips away at your ROI.

But here’s the bottom line…you don’t have to accept it.

With the right tools, like Hitprobe, you can see through the noise, block fraudsters at the gate, and focus your budget on real customers who actually convert.

No more guesswork, no more wasted spend - just clear, actionable insights and smarter advertising.

Don’t let fraudsters use VPNs and proxies to steal your success.

Take back control of your campaigns today.

Start your free 14-day Hitprobe trial now and watch your ad budget work as hard as you do.

About your author

Greg Rowley
Greg Rowley
Hitprobe Team
Greg is part of the Hitprobe team. As well as helping customers make the most of Hitprobe, Greg writes on the subject of click fraud.
More from this author...

Continue reading