Get the Latest Updates from Anura
Subscribe to Email Updates
While affiliate marketing can be a powerful tool for driving traffic and leads to your company’s website, it can also be ripe for abuse by unscrupulous affiliates. Affiliate marketing fraud, or affiliate fraud, can come in many forms. In this article, we’ll discuss one form of affiliate fraud known as cookie stuffing.
Before explaining cookie stuffing, it’s important to establish what a cookie is. A cookie is a text file in a user’s web browser that websites can read from and write data to. With cookies, websites can track a person’s browser history, save login credentials, and store various other data that advertisers and their websites can use.
Merchants running affiliate marketing programs often rely on cookies to attribute customer or lead activities with a particular affiliate so they can provide the right compensation to the right affiliate partners.
Cookie stuffing is a form of affiliate fraud where a website drops one or more third-party cookies onto a visitor’s web browser. These malicious cookies cause merchants with affiliate programs to misattribute any traffic with those cookies to the fraudster. So, when the time comes to pay affiliates for their efforts, the fraudster gets credit for traffic that they didn't really help generate.
This can take money away from affiliates who brought the traffic to the business or cause the business to spend money on affiliate reimbursement when the fraudster did nothing to promote their business.
Cookie stuffing harms a company’s affiliate marketing efforts since the affiliates who produce results start to see less profit from the program—which makes them less likely to keep participating.
In some cases, the owner of the website installing the cookies might not know that they’re engaging in cookie stuffing. For example, their website might use an extension to enable some specific feature, such as a pop-up window or live chat feature, that is secretly designed to drop third-party cookies onto a visitor’s web browser.
Worse yet, in many cases, the cookie is dropped onto the customer’s web browser without their knowledge or consent because they didn’t click on a related ad meant to promote the company running the affiliate program.
This can be a violation of not just affiliate marketing compliance guidelines but of major data security regulations such as the European Union’s (EU’s) General Data Protection Regulation (GDPR), which specifically forbids collecting data without permission and requires websites to let people know when data is being collected.
The malicious cookies provide credit to the fraudster if a customer just so happens to visit the company’s website and take an action that would trigger compensation later—regardless of whether the merchant’s site was ever promoted!
This can contribute to wasted ad dollars compensating fraudulent affiliates who never helped to drive traffic or business.
So, how do fraudsters perform cookie stuffing? There are a few different strategies for using cookie stuffing scripts, getting them on someone’s web browser, and getting money from companies with affiliate programs:
This is when a fraudster sets the source for an image link to be an affiliate link. Although a website visitor’s web browser won’t be able to display the image (since the source link doesn’t go to an image in the website’s database), the browser will still try to follow the link without the user’s input—loading and then acting on the cookie the link goes to.
Fraudulent affiliates using image stuffing techniques can load a lot of malicious cookies on a webpage and set them to display as nothing more than blank space—avoiding the warning sign of a bunch of broken images appearing on the screen.
Pixel stuffing is a fraud technique where the display area for an ad is shrunken down to a single pixel. Since the ad technically exists on the page, it will trigger an impression and can be used to stuff a cookie into the visitor's web browser without their knowledge.
While not strictly a cookie stuffing technique—pixel stuffing is more common for impression fraud—it bears mentioning in this list.
Malicious affiliates can add auto-loading cookies into banner ads and use those on other sites. In this form of forced stuffing, visitors to a website with a malicious ad don’t even need to click on anything—the cookie is automatically loaded into their browser just by visiting the page the cookie-stuffed banner is on.
These fraudulent banner ads can easily be placed in high-traffic websites and online forums—quickly attaching a large number of malicious cookies onto unsuspecting visitors’ web browsers. When those visitors’ natural web use just happens to bring them to a merchant site with an affiliate program, the cookies ensure that the fraudster gets the credit for bringing in the lead, even though the banner ad may not have promoted that company in the least.
Website pop-up ads are a common tool employed by websites to act as a convenient way to grab a visitor’s attention and try to get them to sign up for something. However, some cookie stuffers publish pop-up extension tools for unsuspecting website owners that are filled with code for cookie stuffing.
When a website visitor hits a page with this malicious pop-up extension running, the extension forcibly stuffs affiliate link cookies into their web browser, even if the pop-up has nothing to do with the companies running those affiliate programs.
Iframes are special bits of code on a website that allow HTML codes or documents to be loaded onto the page. This can be used to display ads, videos, documents, or interactive elements from other sources (a common example is an embedded YouTube video).
Sometimes, the “third-party” code used in the iframe can include malicious cookie stuffers—ones that automatically hit any browser trying to load the code in the iframe with a bunch of affiliate cookies.
Another way that fraudulent affiliates can stuff cookies into an unsuspecting visitor's web browser is by using malware to hijack their web browser entirely. Once installed, a browser hijacker can modify a visitor's web browser settings and event redirect them to websites and web pages they didn't intend to visit.
By redirecting visitors to pages they otherwise wouldn't have visited, a fraudster can force fraudulent cookies using a variety of other cookie stuffing strategies. With a well-planned malware distribution method, the fraudster could potentially infect millions of devices and start forcing cookies onto all of them—increasing the likelihood that someone who completes an action on your website will have a fraudulent cookie crediting the crooked "affiliate" for the action.
One important step in learning to recognize when a fraudulent affiliate is engaging in cookie stuffing is to take a look at real-life examples of cookie stuffing and analyze how the fraudsters did it. Additionally, by studying how they were caught, you can identify some strategies to help your own cookie stuffing detection efforts.
Here are some examples of cases where cookie stuffers got caught in the act:
In a ZDNet article from 2019, it was revealed that two ad blocking extensions available on the Chrome Web Store were, in fact, fraudulent. The two ad blocker tools, named “AdBlock” and “uBlock,” respectively, committed two kinds of fraud.
First, both of these tools used the names of popular ad blocking extensions. By leveraging the names of trusted ad blocking tools, these fraudulent extensions could trick a larger audience into downloading them.
Second, both of these ad blockers were secretly engaging in cookie stuffing to boost their creators’ revenue. As noted in the ZDNet article, “The two extensions were modifying cookies files when users visited certain websites and adding a parameter that would ensure the extension authors would earn a commission from any payments users made on the site.”
What made this example of affiliate cookie stuffing particularly notable was how the ad blockers hid their cookie stuffing. The article stated that “This malicious behavior would only start 55 hours after installations, and would cease if users opened Chrome’s Developer Tools.” This made it harder for users to spot the malicious code in their ad-blocking extensions. Also, the ad blockers themselves did function like their more legitimate counterparts, blocking ads so those who downloaded them wouldn’t notice anything odd.
Given enough time, these cookie stuffers could have stolen an enormous amount of money from companies with affiliate programs—all while cheating legitimate affiliates out of their revenue.
One of the biggest cookie stuffing fraud schemes ever conceived was committed by two of eBay’s biggest affiliate partners. According to an article by Slate, eBay was suspicious of the success of some of its biggest affiliates, such as Shawn Hogan (eBay’s #1 affiliate at the time), and “secretly cooperated with the FBI” in a sting operation to root out affiliate fraud.
As noted in the article, “The sting also netted Brian Dunning, eBay’s second biggest affiliate marketer. The company had paid Hogan and Dunning a combined $35 million in commissions over the years… Both men pleaded guilty to wire fraud.” By using forced stuffing techniques to pass countless cookies onto an untold number of unsuspecting internet users, the pair had managed to illicitly amass a sizable fortune.
Although law enforcement agencies often struggle to keep up with the ridiculous amount of criminal schemes that occur in the U.S. and around the world, their efforts do occasionally pay off. Just a couple of years after Shawn Hogan and Brian Dunning began their legal battle with eBay, a news story featured on Wired reported that "Federal authorities are charging a Las Vegas man with marketing a so-called 'cookie-stuffing' operation, enriching himself and others while defrauding eBay along the way."
The man, identified as Christopher Kennedy in the Wired article, was arrested on charges of "conspiracy to commit wire fraud" for letting "nefarious website owners purchase his cookie-stuffing code to unwittingly dup eBay to pay those site owners thousands of dollars in advertising referral fees."
That it took a couple of years for authorities to find this cookie-stuffing code seller after the massive news scandal that was the eBay affiliate fraud case—despite the code seemingly targeting eBay in particular based on the content of the Wired article—highlights how important it is for companies to have their own anti-fraud measures in place.
One of the first steps in fighting any kind of fraud is being able to identify it in the first place—preferably before it costs the company millions of dollars in fraudulent affiliate ad spend! But, how can companies spot affiliate fraud before it gets too far out of hand?
Keeping an eye out for affiliate fraud warning signs can help. Two major warning signs of cookie stuffing include:
For cookie stuffing, one of the biggest warning signs to watch out for is a sudden increase in affiliate program spending without a commensurate increase in sales.
This happens because people who would normally visit the company’s website or close deals even without a suggestion from an affiliate are hitting the website with a fraudulent affiliate cookie in their browser. So, the company spends more on affiliate marketing while not seeing a real ROI for it.
Another potential warning sign of cookie stuffing is a sudden spike in complaints or resignations from affiliates. With cookie stuffing, the fraudster can end up stealing the credit for referrals from their honest counterparts. So, despite actually helping drive revenue for the merchant, affiliates may not get paid for their time and effort because of the misattribution of leads to cookie stuffers.
This can cause extreme dissatisfaction among affiliates who rely on affiliate marketing programs to be a solid secondary (or even primary) revenue stream—leading to complaints or even the abandonment of the program by affiliates. From the honest affiliates’ perspective, there’s no reason to continue spending time, effort, or online “real estate” on a merchant who isn’t paying them for the results they’re producing. So, they instead partner with other companies that may prove more lucrative.
How can companies defend against malicious affiliates who use cookie stuffing techniques to violate their affiliate marketing compliance guidelines and defraud them of revenue?
One potential method some companies employ is to use affiliate-specific promotional codes instead of tracking cookies to assign credit for a customer/prospect action to an affiliate.
For example, an affiliate could advertise a special promotional code to use on the merchant’s site (such as #AffliateName1010), which gives the affiliate’s audience a small discount on a purchase at the merchant’s store or a free month of some subscription service. Using this method, the presence or absence of fraudulent affiliate links in a browser don’t matter, and affiliates get proper credit when someone uses the code.
Unfortunately, this method isn’t perfect. It relies on the affiliate’s audience to take a specific manual action to complete, and not everyone will remember to use the code. Also, the need to manually enter something creates an extra hurdle to getting a customer to make a purchase (sometimes, the smallest things can lead to an abandoned cart).
Another measure that a company can take to prevent fraud is to carefully vet affiliates before adding them to an affiliate program. Taking measures to positively identify who an affiliate is and to verify that they can produce results can help to proactively weed out some of the more obvious fakes and stop them from defrauding your affiliate program.
One thing that many companies might check is the affiliate's social media accounts. This may involve looking at their channel analytics to see how long their channel has existed, how frequently they post, how much engagement there is with their posts, and other information. Using this information, the company tries to identify a high-value affiliate.
Unfortunately, this method isn't perfect because there are fraudsters out there who use bots and click farms to artificially inflate their social media profiles. If you don't know how to spot an account that uses fake followers, you might end up adding a fraudster who will use cookie stuffing or other ad fraud techniques against you.
Some of the warning signs of an influencer using fake followers to pad their account include:
Discover more warning signs of fraud and how to fight it with our Affiliate Marketing Fraud 101 eBook.
To truly stop affiliate fraud, companies need to be proactive about their anti-fraud efforts. Instead of waiting for months or years to collect enough data to definitively identify fraud trends, they need to be able to spot and identify malicious affiliate link code in their partners’ ads and websites. Here’s where an ad fraud solution can help.
Anura’s ad fraud solution makes it easy to identify affiliate fraud-related activity so companies can nip the problem in the bud. The fraud solution’s analytics tools provide a way to identify concerning trends in affiliate programs that indicate fraud and apply a massive backlog of data to confirm fraudulent activity to prevent any false positives.
To help you master your new ad fraud detection toolkit, the Anura team provides dedicated support, including live support over the phone from 8:00 AM to 5:00 PM EST every Monday through Friday.
Learn fraud schemes you need to watch out for in our eBook: Affiliate Marketing Fraud 101 eBook!
Subscribe to Email Updates