Why Do Fraudsters Use Bot Programs on Affiliate Campaigns?
It’s a story the Anura team has heard time and time again: A company launches a massive affiliate marketing campaign and, at first, everything’s working well. They generate a few leads from the campaign, it looks like the return on investment is good, and they start investing more.
Then, a few months down the line, the company realizes that, despite tripling their marketing spend, they aren’t getting more leads than they did at the start. After digging into their analytics, they discover they have a problem—some fraudsters joined their affiliate marketing campaigns and started draining money by using bot programs.
To fight these fraudsters and put a stop to affiliate marketing scams, it’s important to know how and why they use bots to scam companies in the first place. Knowing their motives and methodologies is an important first step in understanding how to stop them from harming your company’s marketing campaigns.
Why Fraudsters Use Bots to Scam Companies
The simplest answer for why fraudsters use bots is one word: Money. Using click, form-filling, and other bot programs is simply an easy way for fraudsters to collect money from unsuspecting marketers—both in companies and in marketing agencies.
They also use bots because, frankly, it’s shockingly cheap and easy to acquire a pre-built botnet designed for use in an ad fraud campaign. According to data from Kaspersky Lab, the cost of leasing a botnet comes to “an average price amounting to $.50 per bot.” So, for $700, an amateur hacker/fraudster could get access to a botnet of 1,400 infected machines for a month.
This is not a high barrier to entry compared to the potential money made. If a botnet of 100 machines can fill out 1,000 forms a minute, the botnet mentioned above could fill out 14,000 forms every minute. That’s 840,000 form fills an hour, or 20,160,000 form fills per day. They could do this non-stop for a month—which would likely be more than enough to drain the ad revenue budgets of several companies.
In other words, for an investment of $700, a fraudster could easily make millions of dollars. Other sources place the cost of botnets even lower than Kaspersky’s estimate. For example, according to Threat Post, there are botnet sellers that offer:
“bottom-end packages of ‘world mix’ IP addresses at a rate of $25 for 1,000 hosts, $110 for 5,000 hosts, and $200 for 10,000 hosts. In the next tier, confirmed EU-located machines sell at $50, $225, and $400 for 1,000, 5,000, and 10,000 hosts respectively. Above that are botnets with machines from Canada, Great Britain, and Germany Costing $80 per 1,000, $350 per 5,000, and $600 per 10,000 machines. The going rate among top-of-the-line American machines is 1,000 zombies for $120, 5,000 machines for $550, and 10,000 zombies for a cool $1,000.”
And, this doesn’t take any significant skill as a hacker or programmer. Botnets for lease are often ready-made for whatever task the person renting them needs—whether that’s carrying out DDoS attacks or committing affiliate marketing fraud.
So, with a relatively cheap entry cost, a complete lack of need for any specialized skill set, and massive profits to be made, it’s little surprise that fraudsters use bots to target affiliate marketing campaigns.
How Fraudsters Using Bot Programs Can Impact Your Marketing Efforts
Why do fraudsters using bots need to be stopped? The major reason is the impact that they can have on your affiliate marketing campaigns (or any other online advertising campaigns you may be running).
Consider this: in the example above, where a $700 botnet can fill over 20 million forms per day, how quickly would this drain your entire affiliate ad budget? If you were paying $10 per form fill, that botnet could drain a $10 million marketing budget in less than an hour and a half. Note that this is a lowball estimate—the average cost of a lead is typically much higher than $10!
Learn More about Lead Gen Fraud: Download the Whitepaper!
Naturally, few bot fraud schemes are so blatant—such a large increase in affiliate marketing spend would be a red flag to any advertiser. Smarter fraudsters often spread their attacks to multiple affiliate marketing networks at once to make their attacks less noticeable. This way, they can still make off with massive amounts of money while keeping their victims in the dark.
Why Stopping Bot-Based Fraud Is So Hard
The problem is, there is rarely just one fraudster targeting your marketing campaigns for bot-based ad fraud. Consider how prolific botnets are. ZDNet noted that “there were thousands of malware strains that have been active in the 2010s,” though “a few malware botnets have risen above the rest.”
The actual number of botnets on the internet is impossible to count, as there are too many different botnets and zombie-bot making programs being created all the time. As soon as a new botnet threat has been identified, some hacker has already created a new and improved version that makes it even more effective—and harder to recognize.
Other Impacts of Fraud on Your Affiliate Marketing Campaigns
Lost revenue is far from the only negative impact that affiliate fraud using bots can have on your marketing efforts. Some other potential impacts include:
- TCPA Violations and Fines. Bots frequently use the actual information of real people—collected and used without their knowledge or permission—to create fake leads. This lead information looks legitimate because it’s based on a real person’s data. However, since permission to use that info was never given, it can lead to fines of $500 to $1,500 for each time someone is contacted because it violates the rules of the Telephone Consumer Protection Act of 1991 (TCPA).
- Skewed Marketing Data. Marketing campaigns are often subject to continuous modification to improve their results. Marketers take a look at marketing data to identify what does or doesn’t work and shifts campaign content and initiatives to get more done with the marketing budget. However, affiliate fraud skews marketing data to show things being much more effective than they actually are—so marketers end up making changes that waste money and won’t produce results.
- Bad PR. Reaching out to people whose data was stolen and used illicitly doesn’t just cost money for TCPA fines—it can be bad for a company’s reputation. People receiving unsolicited calls may end up making public complaints on social media, local and national news outlets, and to the Better Business Bureau (BBB). This bad press can affect the company’s future marketing efforts and make it more difficult to acquire new customers.
These are just some of the major impacts that affiliate fraud caused by the use of bots can have on your marketing campaigns. The important question is: How can you stop fraudsters from infiltrating your affiliate campaigns with bots?
How to Keep Fraudsters Out of Your Marketing Campaigns
There’s an old saying about an ounce of prevention being worth a pound of cure. Keeping fraudsters out of your affiliate campaigns—or at least identifying and removing them before they get paid for the bot traffic they “generated” for you—is important for minimizing the impact they have on your marketing.
Being able to stop bot users from making money in the first place is much easier than trying to reclaim the money they steal. So, to help you protect your company’s ad campaigns from fraudsters who use bots, here are a few things you can do:
- Use “Honeypot” Form Fields. A honeypot form field is a form field that only exists in a web page’s code and isn’t visible to human users. Bots that crawl the page will “see” the honeypot field and try to fill it out. So, any form fills that use the honeypot field can be immediately flagged as fake.
- Track the IP Addresses of Website Visitors. In some cases, taking a look at the IP addresses of the visitors filling out forms on your website can be useful for finding fraudsters. Less sophisticated bot users might use a single data center for all of their bots so they all have the same IP address. So, if a lot of leads share a single IP address, they could be fake—or at least worth investigating more closely.
- Set Up a Policy for Dealing with Fraudsters. What do you do when you suspect or have positively identified fraud? How do you confront the affiliate responsible? Creating a policy for dealing with fraudsters, once identified, is important for swiftly ending the impact they have on your marketing campaigns (by cutting them off before they can do more damage). There should also be policies defining which authorities, advertising agencies or partners the fraudster will be reported to in order to protect others.
- Use Marketing Data to Trace Fraud Back to Its Origin Point. To really put a stop to fraud, it’s important to find the source of the fraud. Using marketing data to track which affiliates brought in fake leads is crucial for cutting them off. With evidence linking malicious affiliates to their scams, it’s much easier to justify cutting them off while maintaining the trust of legitimate partners.
One tool that can make collecting evidence to confront fraudsters and cut them off before they can get paid is an ad fraud solution. With the right ad fraud solution, you can analyze website traffic in real time to spot bot traffic and register it as fake immediately. This way, you don’t have to waste time and money trying to reclaim lost revenue from a criminal—which is a notoriously difficult task.
Don’t let fraudsters claim your ad revenue—protect your company and improve your marketing ROI by requesting a free demo of the Anura software now!