Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Affiliate marketing is a powerful tool for increasing traffic to a website or app and increasing leads. But it can be abused by unscrupulous affiliates to deceive advertisers.
Affiliate marketing scams, or affiliate fraud, can take many forms. In this article, we will cover one form known as cookie injection.
Contents
1. What are cookies?
2. What is cookie stuffing?
3. 7 Ways to Embed Cookies
3.1. 1. Through images
3.2. 2. Through pixels
3.3. 3. Through banner advertising
3.4. 4. Through pop-up windows
3.5. 5. Via iframe
3.6. 6. Via redirects using JavaScript or other programming languages
3.7. 7. Through browser hacking tools
4. Real examples of cookie implementation that have become known
4.1. 1. AdBlock VS Scam Extension
4.2. 2. $35 million in fraudulent fees on eBay
4.3. 3. FBI arrests seller of cookie injection code
5. How to detect fraudulent cookie injection
5.1. 1. Affiliate Program Costs Jump Without ROI
5.2. 2. Jump in complaints and write-offs
6. How to Stop Cookie Fraud
6.1. 1. Promo codes on the checkout page
6.2. 2. Checking partners before adding them to your program
6.3. 3. Advertising fraud protection services
Merchants who use affiliate marketing programs to promote their products often rely on cookies to help them associate the actions of a referred customer with a specific affiliate so they can pay them the appropriate reward.
In this case, both parties suffer: the honest webmaster and the advertiser. Partners who attracted traffic to the advertised site lose their reward - the advertiser ends up paying someone who did nothing to promote the product or resource.
Cookie stuffing damages affiliate marketing and the efforts of the company the advertiser cooperates with, since it does not receive payment for its work in full. And this, in turn, raises the question of cooperation with the advertiser in principle.
And sometimes the owner of the resource from which the cookie files are being embedded may not even suspect that they are participating in a fraudulent operation. For example, their site may use an extension to enable a specific function, such as a pop-up window or online chat, which is secretly designed to embed third-party cookies into the visitor's browser.
What's worse, most often the cookie file gets into the visitor's browser without their knowledge or consent, because they may not even click on the advertiser's ad on the partner's site. That is, even the chain "webmaster - ad - user - advertiser" does not work.
This may be a violation of not only affiliate marketing compliance guidelines, but also basic data security and privacy rules like the European Union's (EU) General Data Protection Regulation (GDPR), which specifically prohibits the collection of user data without their consent and requires sites to tell people when data is being collected.
Moreover, malicious cookies are capable of working ahead of time even with sites that are not yet being promoted and the advertiser does not work with its owner on affiliate marketing. That is, the implementation occurs even before possible cooperation, but the fraudster already guarantees himself an illegal reward for future lead generation.
This can result in wasted advertising budgets rewarding those fraudulent partners who had no role in attracting traffic and new customers.
Fraudulent partners using image injection techniques can upload a lot of malicious cookies to a website page. There will be just empty space between text paragraphs on the page, even without the presence of a "broken" image bar.
Although this technology is not fully related to cookie fraud, but rather to manipulation of the number of views of an advertisement, we still could not help but mention it.
Fraudulent banner ads can be placed on high-traffic sites, such as online forums, and quickly inject large numbers of malicious cookies into the browsers of unsuspecting users.
When the user subsequently naturally, for example, visits the advertiser's website and performs the target action, the fraudster will be credited with a reward for the action in which he took exclusively fraudulent part.
When a website visitor lands on a page with a malicious pop-up, it forces cookies with affiliate links to be downloaded to the user's browser, even if the pop-up has nothing to do with the affiliate companies.
Sometimes "third-party" code injected through an iframe can contain malicious cookies - those that are automatically injected into any browser that loads code from an iframe "stuffed" with a variety of partner files.
Along with redirection, the scammer may also use other third-party cookie injection strategies. With a well-planned malware distribution method, the scammer could potentially infect millions of devices and begin to force download files to all of them. This increases the likelihood that someone who takes an action on the advertised site will have a fraudulent cookie that assigns the lead to the “partner.”
What made these examples notable was how the scammers hid their activity. The article reported that “The malicious cookie injection behavior did not begin until 55 hours after the extension was installed and stopped if the user opened Chrome’s developer tools.” This made it difficult to detect the malicious code.
As the article notes, “The operation also involved Brian Dunning, eBay’s second-largest affiliate marketer. Over the years, the company paid Hogan and Dunning a combined $35 million in commissions… Both men pleaded guilty to fraud.” By using techniques to forcefully implant countless cookies into the browsers of unsuspecting internet users, the pair managed to illegally make a significant fortune.
A man identified as Christopher Kennedy was arrested on charges of "conspiracy to commit wire fraud" for allowing "dishonest website owners to purchase malicious code to inject cookies and defraud eBay of affiliate payments."
It took authorities several years to find the seller of the code, which Wired reported was designed specifically for eBay. The news scandal caused by the affiliate fraud case has shown how important it is for companies to take their own measures to combat ad fraud.
Users who naturally visit the advertiser's site and perform targeted actions on their own, without an offer from the partner, first end up on a site with a fraudulent cookie injection technology in their browser. Thus, the company spends more on affiliate marketing without seeing a real return on investment.
This can cause extreme frustration on the part of affiliates who rely on affiliate marketing programs as a reliable secondary (or even primary) source of income, leading to complaints or even abandonment of the advertiser. From the perspective of honest affiliates, there is no reason to continue to invest time and effort into an advertiser who is not paying them for the results they are delivering. So, instead, they will choose to partner with other companies that may prove more profitable.
For example, an affiliate can advertise a special promotional code that a potential customer can use on the advertiser's website (e.g., #AffliateName1010). Such a code can provide a discount on the purchase of a product or a free period of a subscription. With this method, the presence or absence of fraudulent affiliate links in the user's browser does not matter, and affiliates receive the corresponding reward.
Unfortunately, this method is not perfect. It depends on the affiliate's audience, requires a manual action, and not all users will remember that they can use the code. In addition, having to enter something manually creates additional obstacles when making a purchase (sometimes even the most insignificant actions can lead to the user simply abandoning the cart at the checkout stage).
It is worth checking the partner's social media accounts, which includes looking at the channel's analytics. This will tell you how long the channel has been around, how often they post, how engaged they are with their posts, and other information. This will help the advertiser determine how valuable the partner is.
There are several signs that show whether an account is artificially promoted or not:
Affiliate marketing scams, or affiliate fraud, can take many forms. In this article, we will cover one form known as cookie injection.
Contents
1. What are cookies?
2. What is cookie stuffing?
3. 7 Ways to Embed Cookies
3.1. 1. Through images
3.2. 2. Through pixels
3.3. 3. Through banner advertising
3.4. 4. Through pop-up windows
3.5. 5. Via iframe
3.6. 6. Via redirects using JavaScript or other programming languages
3.7. 7. Through browser hacking tools
4. Real examples of cookie implementation that have become known
4.1. 1. AdBlock VS Scam Extension
4.2. 2. $35 million in fraudulent fees on eBay
4.3. 3. FBI arrests seller of cookie injection code
5. How to detect fraudulent cookie injection
5.1. 1. Affiliate Program Costs Jump Without ROI
5.2. 2. Jump in complaints and write-offs
6. How to Stop Cookie Fraud
6.1. 1. Promo codes on the checkout page
6.2. 2. Checking partners before adding them to your program
6.3. 3. Advertising fraud protection services
What are cookies?
First, let's remember what cookies are. Cookies are a text file in the user's browser that records information about the sites visited. With the help of cookies, resources can track the user's browser history, save login credentials, and store various other data that can be used by advertisers.Merchants who use affiliate marketing programs to promote their products often rely on cookies to help them associate the actions of a referred customer with a specific affiliate so they can pay them the appropriate reward.
What is cookie stuffing?
Cookie stuffing (also known as cookie dropping) is a form of digital advertising fraud where a fraudulent website injects one or more third-party cookies into a user’s browser. These cookies are used by affiliate marketers to falsely attribute any traffic to the fraudster. This means that when it comes to being paid, it is the fraudster who gets paid, not the person who actually generated the leads.In this case, both parties suffer: the honest webmaster and the advertiser. Partners who attracted traffic to the advertised site lose their reward - the advertiser ends up paying someone who did nothing to promote the product or resource.
Cookie stuffing damages affiliate marketing and the efforts of the company the advertiser cooperates with, since it does not receive payment for its work in full. And this, in turn, raises the question of cooperation with the advertiser in principle.
And sometimes the owner of the resource from which the cookie files are being embedded may not even suspect that they are participating in a fraudulent operation. For example, their site may use an extension to enable a specific function, such as a pop-up window or online chat, which is secretly designed to embed third-party cookies into the visitor's browser.
What's worse, most often the cookie file gets into the visitor's browser without their knowledge or consent, because they may not even click on the advertiser's ad on the partner's site. That is, even the chain "webmaster - ad - user - advertiser" does not work.
This may be a violation of not only affiliate marketing compliance guidelines, but also basic data security and privacy rules like the European Union's (EU) General Data Protection Regulation (GDPR), which specifically prohibits the collection of user data without their consent and requires sites to tell people when data is being collected.
Moreover, malicious cookies are capable of working ahead of time even with sites that are not yet being promoted and the advertiser does not work with its owner on affiliate marketing. That is, the implementation occurs even before possible cooperation, but the fraudster already guarantees himself an illegal reward for future lead generation.
This can result in wasted advertising budgets rewarding those fraudulent partners who had no role in attracting traffic and new customers.
7 Ways to Embed Cookies
So how do scammers inject cookies? There are different strategies and scripts to inject cookies into a user's browser and steal affiliates' rewards.1. Through images
Image stuffing - this method is based on the fact that the fraudster specifies an affiliate link as the source of the image. Although the site visitor's browser will not be able to display the image (since the original link does not lead to an image in the database of this resource), the browser will still try to follow the link even without the user's request, i.e. it will interact with the cookie file to which the link leads.Fraudulent partners using image injection techniques can upload a lot of malicious cookies to a website page. There will be just empty space between text paragraphs on the page, even without the presence of a "broken" image bar.
2. Through pixels
Pixel stuffing is an advertising fraud technique in which the display area of an advertisement is critically reduced to a size of 1×1 pixel. Since the ad is technically present on the page, it will be viewed by an unsuspecting website visitor, and a corresponding entry will then be made in their browser via a cookie.Although this technology is not fully related to cookie fraud, but rather to manipulation of the number of views of an advertisement, we still could not help but mention it.
3. Through banner advertising
Banner Advertising Cookie Stuffing is when scammers can add automatic cookie downloads to banner ads and use them on third-party sites. That is, the files are forcibly inserted without the user's knowledge. Visitors to the resource with malicious advertising do not even need to click on anything - the cookie file is automatically downloaded to their browser when they place a page on which such a "stuffed" banner is located.Fraudulent banner ads can be placed on high-traffic sites, such as online forums, and quickly inject large numbers of malicious cookies into the browsers of unsuspecting users.
When the user subsequently naturally, for example, visits the advertiser's website and performs the target action, the fraudster will be credited with a reward for the action in which he took exclusively fraudulent part.
4. Through pop-up windows
Pop-up windows on websites are a common tool used as an effective way to attract the visitor's attention and try to push him to perform some target action. However, a number of scammers who abuse cookies develop special malicious browser extensions to add pop-up windows. The owner of the site will not even suspect that he is voluntarily using malware on his resource, filled with codes for the introduction of third-party cookies.When a website visitor lands on a page with a malicious pop-up, it forces cookies with affiliate links to be downloaded to the user's browser, even if the pop-up has nothing to do with the affiliate companies.
5. Via iframe
Iframes are special snippets of code on a website that allow HTML codes or documents to be loaded onto a page. They can be used to display ads, videos, documents, or interactive elements from other sources (a common example is an embedded YouTube video).Sometimes "third-party" code injected through an iframe can contain malicious cookies - those that are automatically injected into any browser that loads code from an iframe "stuffed" with a variety of partner files.
6. Through redirects using JavaScript or other programming languages
The scammer can bypass the standard process of promoting a specific site or product by placing ads on their resource. Instead, they simply add code to their pages using JavaScript or other programming languages and forcefully redirect site visitors to other pages where they inject affiliate cookies into their browsers.7. Through browser hacking tools
Another way that scammers can insert cookies into a visitor's browser is by using malware to completely take over browsers. Once installed, the hacker can change the settings and automatically redirect users to sites and pages they did not intend to visit.Along with redirection, the scammer may also use other third-party cookie injection strategies. With a well-planned malware distribution method, the scammer could potentially infect millions of devices and begin to force download files to all of them. This increases the likelihood that someone who takes an action on the advertised site will have a fraudulent cookie that assigns the lead to the “partner.”
Real-life examples of cookie injection that have come to light
Looking at real-life examples of browser cookie injection is one effective way to recognize this type of advertising fraud. How such cases were detected will help identify and systematize strategies that will help in the fight against fraudsters.1. AdBlock VS Scam Extension
A 2019 ZDNet article reported that two ad-blocking extensions that were available in the Chrome Web Store were found to contain malicious code. Both of these tools, called “AdBlock” and “uBlock,” committed two types of scams.- First, both of these tools used the names of popular ad blocking extensions, which allowed them to trick their way into a large audience.
- Second, both of these blockers secretly implanted cookies into the browsers of users who installed them to perpetrate affiliate marketing scams. As noted in a ZDNet article, “The extensions modified cookies when users visited certain sites and added a parameter that ensured that the extension’s authors would receive a commission on any payments users made on the site.”
What made these examples notable was how the scammers hid their activity. The article reported that “The malicious cookie injection behavior did not begin until 55 hours after the extension was installed and stopped if the user opened Chrome’s developer tools.” This made it difficult to detect the malicious code.
2. $35 million in fraudulent fees on eBay
One of the largest cookie fraud schemes ever conceived was perpetrated by two of eBay's largest affiliates. According to an article in Slate, eBay was suspicious of the success of some of its biggest marketing affiliates, like Sean Hogan (eBay's #1 affiliate at the time), so management "secretly collaborated with the FBI" on an operation to stop affiliate fraud.As the article notes, “The operation also involved Brian Dunning, eBay’s second-largest affiliate marketer. Over the years, the company paid Hogan and Dunning a combined $35 million in commissions… Both men pleaded guilty to fraud.” By using techniques to forcefully implant countless cookies into the browsers of unsuspecting internet users, the pair managed to illegally make a significant fortune.
3. FBI arrests cookie injection code vendor
Just a couple of years after eBay began its legal battle with Sean Hogan and Brian Dunning, Wired magazine reported that "Federal authorities have charged a Las Vegas man with a cookie-injected affiliate marketing scam that helped him illegally profit from defrauding eBay."A man identified as Christopher Kennedy was arrested on charges of "conspiracy to commit wire fraud" for allowing "dishonest website owners to purchase malicious code to inject cookies and defraud eBay of affiliate payments."
It took authorities several years to find the seller of the code, which Wired reported was designed specifically for eBay. The news scandal caused by the affiliate fraud case has shown how important it is for companies to take their own measures to combat ad fraud.
How to detect fraudulent cookie injection
One of the first steps in combating any kind of fraud is being able to identify it from all the incoming traffic and lead statistics. Preferably before it costs the company a pretty penny on a fraudulent affiliate network. But how do you do that?1. Affiliate program costs skyrocket with no ROI
When it comes to cookie injection, one of the most basic red flags to look out for is a sudden increase in affiliate program costs without a subsequent increase in sales.Users who naturally visit the advertiser's site and perform targeted actions on their own, without an offer from the partner, first end up on a site with a fraudulent cookie injection technology in their browser. Thus, the company spends more on affiliate marketing without seeing a real return on investment.
2. A jump in complaints and write-offs
Another potential sign of illegal cookie injection is a sudden surge in complaints or refusal to cooperate from referral partners. In this case, the fraudster steals referral credit from honest official partners. So, despite the fact that this actually increases the advertiser's income and brings them new customers, the partners who cooperate in good faith are left with nothing.This can cause extreme frustration on the part of affiliates who rely on affiliate marketing programs as a reliable secondary (or even primary) source of income, leading to complaints or even abandonment of the advertiser. From the perspective of honest affiliates, there is no reason to continue to invest time and effort into an advertiser who is not paying them for the results they are delivering. So, instead, they will choose to partner with other companies that may prove more profitable.
How to Stop Cookie Fraud
How can you protect yourself from affiliate marketing scams involving cookie abuse? Let's take a look.1. Promo codes on the checkout page
One possible method that some companies are already using is to use promotional codes assigned to each partner instead of cookies.For example, an affiliate can advertise a special promotional code that a potential customer can use on the advertiser's website (e.g., #AffliateName1010). Such a code can provide a discount on the purchase of a product or a free period of a subscription. With this method, the presence or absence of fraudulent affiliate links in the user's browser does not matter, and affiliates receive the corresponding reward.
Unfortunately, this method is not perfect. It depends on the affiliate's audience, requires a manual action, and not all users will remember that they can use the code. In addition, having to enter something manually creates additional obstacles when making a purchase (sometimes even the most insignificant actions can lead to the user simply abandoning the cart at the checkout stage).
2. Check partners before adding them to your program
Another measure an advertiser can take to prevent fraud is to thoroughly check their affiliates for potential fraudulent activity. This will help to weed out the most obvious fraudulent networks early on and prevent them from deceiving you.It is worth checking the partner's social media accounts, which includes looking at the channel's analytics. This will tell you how long the channel has been around, how often they post, how engaged they are with their posts, and other information. This will help the advertiser determine how valuable the partner is.
There are several signs that show whether an account is artificially promoted or not:
- Too many followers for a newly created account or an account with little content.
- Posts with low audience engagement (no comments or abstract comments).
- A sudden increase in followers on an old account without any viral content to contribute to the jump.
- Fake followers that were created recently, have little detail in their accounts, and/or only follow that specific influencer.
- High percentage of spam activity in comments below the content.
