Ad Fraud

Cookie Stuffing: A Nightmare for Affiliate Publishers

Affiliate marketing is a method for publishers to make money with decent traffic on their websites. Just like adtech, the affiliate market deals fraud. And things have been tough for publishers due to the increase in ad fraud.

For affiliate marketing publishers, cookie stuffing is the biggest threat to their earnings. This practice takes away the credit publishers deserve from their website traffic and users.

To understand cookie stuffing let’s start by knowing cookies and affiliate marketing. Cookies are a piece of code that store (remember) information on the web. For example, a cookie remembers the last time you visited a website and item you placed on your cart to purchase on eCommerce site. Basically, cookies help sites create a user mapping and remember their actions on a specific site.

Next, affiliate marketing. Some websites (especially eCommerce) share a part of their earnings with publishers who agree to divert a few visitors to their sites. This is done by adding a link to the publisher site that takes the user to eCommerce site. If a user makes a purchase using this link then the publisher gets a percentage of the sale. Here, the identity of the users and their internet activity are stored using cookies.

how affiliate marketing works
Source: BigCommerce

Unfortunately, cookies and affiliate marketing are often used together in case of a fraud—cookie stuffing.

What is Cookie Stuffing

When a user clicks on an affiliate link on a publisher’s site, the credit (money) for that click goes to a fraudster rather than the publisher. This fraud is carried out by stuffing or dropping cookies.

Cookie stuffing got industry-wide attention when Shawn Hogan scammed eBay a sum of $28 million in 2008. Shawn was a marketer, who dropped several malicious cookies to the user’s browser. After which, every time these users clicked on the affiliate eBay links, Shawn made money (sales were attributed to him).

Cookie stuffing is a common sharp practice on online coupon sites. Here fraudsters place a handful of cookies to the user browsers to claim credit for online purchases made by users.

How Are Cookies Dropped

Here are the methods used by fraudsters to drop cookies on the user’s browser:

Pop-ups: A pop-up on its own is a harmless dialog box used to notify users about offers. However, malicious pop-ups are capable of sending malware to browsers as soon as the user interacts with it. For that, users need to be careful with the use of third-party popup apps or extensions on web browsers.

JavaScript: JavaScript is used to make webpages more attractive and interactive. It is also used to redirect users to a different webpage. For fraudsters, it gets easy to push a malicious code between the redirects. If you, as a publisher, have noticed any such link on your site then remove and report it.

iFrame: It is used to add HTML code inside another HTML code. Generally, this technology is used to place ads on websites. Where advertisers are given a section on the website to place their creative codes. Adding a third-party code to site can be risky at times. Hence, publishers are recommended to use Safe Frames on the website, which disallow malicious code and manipulation of content.

How does this Affect Publishers?

The publisher who takes the help of affiliate marketing experiences the most loss. Due to cookie stuffing, they don’t get to bag the credit they have for certain clicks and conversions on eCommerce site, while fraudster steals money from them.

What about the non-affiliate publishers?

Non-affiliate publishers have a list of ad frauds to deal with. Most publishers go for both ads and affiliate links to better monetize everything. However, if we specifically talk about only display ads, ad revenue is also harmed by dropping cookies to the user’s site. Just like affiliate links, cookie dropping snatches the credit from clicks/impressions on ad.

However, due to the complex supply chain involved to sell an impression, cookie stuffing hasn’t affected this area as much as the affiliate market.

How to Eliminate This Problem?

Be it fake publishers dropping malicious scripts or users installing fraudulent extensions, cookie stuffing is bad for business. And eliminating it entirely is easier said than done.

Large-scale cookie stuffing fraud like the one pulled off by Shawn Hogan is easily identifiable now. Because eCommerce businesses are now tracking unusual affiliate activities by tracking conversion rates and site redirects. But this technique requires constant tracking and data. Meaning, unless the scam is of Amazon or eBay level, it will not be identified as easily.

The malicious cookies are dropped on the user’s browser. Meaning, publishers can do the least from their sides to make this right. Since the malware that steals the affiliate from publishers is also capable of stealing user’s data and even passwords. Publishers can work on alerting users about the scam. While users need to be careful with the clicks they are making.

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.