In an ironic twist, a leading software provider released a report showing how criminals are weeding out bots so only real users see their ads.
Apparently, fraudsters, too, are worried about computers posing as humans.
The report, released Tuesday by Malwarebytes, said users are clicking on camouflaged adverts while thinking they are clicking the "play" button of an adult video. Underneath the overlay image, however, is content ripped from websites like Pinterest about wedding planning or cooking.
Bad actors then generate revenue from what looks like clean and trusted traffic. Brands, meanwhile, end up paying for ads that are never seen, but were clicked on by real users.
"Fraudsters behind this operation are making money for each view and click," the report said. "Given that they only have to pay for cheap incoming traffic versus the more expensive Google Ads, this is a profitable business model."
By tracking mouse movement and clicks, fraudsters can determine if a person or a bot clicked an ad. If a bot is detected, the page will automatically redirect to Google's home page to prevent any "tainted" clicks on the ad, Malwarebytes said.
Bots often make rigid movements or click on ads without moving the mouse, for example. These red flags are often thwarted, as security mechanisms are put in place to prevent such scams.
The findings come on the heels of White Ops' Methbot report, which outlined the largest ad fraud scam in history, where $3 million to $5 million was lost each day since October to ad fraud.
According to White Ops, ad fraud will siphon $7.2 billion from marketers in 2017, up nearly $1 billion from the previous year.