Affiliate Fraud is a cybercrime committed by spurious traffic generating entities, such as a publisher website/app or man-in-the-middle entities who hijack regular traffic and make it look like affiliate traffic. The most commonly affected are eCommerce portals and genuine affiliates.
There are various types of Affiliate Frauds, as mentioned below.
Cookie stuffing is a fraud technique used to insert affiliate cookies in unsuspecting internet users' browsers. The easy catches are users using vulnerable browsers, users who visit suspect websites, and don’t have effective anti-viruses installed.
Types of Cookie Stuffing
The technique of cookie stuffing converts an organic visitor to a paid affiliate visitor.
- Image based
In this type of cookie stuffing, a website would have image links pointing to the eCommerce website and attempt to load images from the same. An invocation of the eCommerce affiliate links would lead to the deposition of a cookie in the user's browser and show an error mark on the website, which may not be visible. The spurious publisher can also mask any erroneous images on the website, thereby making it a foolproof attempt.
Botman says there could be multiple categories of these fraudsters:
- Folks who display a legit banner and also hold an affiliate account with the eCommerce entity – Pseudo-Cookie Fraudsters
- Folks who display a legit banner and don’t have an affiliate account –PurePlay Fraudsters
- Folks who don’t display any banner and don’t have an affiliate account –BlackHat Fraudsters
In this type of cookie stuffing, a user visiting/browsing a website suddenly gets redirected to another page, OR a full page redirect happens in another tab or window. This essentially opens up an affiliate link of the eCommerce website and drops in a cookie to the user’s browser. You didn’t want it, but now you got it :).
In this type of cookie stuffing, a user visiting/browsing a website suddenly gets pops in the form of popovers, pop-unders, full-page pops, etc. The purpose of these pops is to inject a cookie into the browser and die away. There could be multiple categories of these pop techniques:
- Visible Pops (either over or under) – The user needs to click on the cross button to close it
- Invisible Pops – They come with 1×1 pixel size or similar and are not visible to the common eye
- Below the Fold
In this type of cookie stuffing, a user visiting a page has below the fold images which are rendered on a page load. Like the image cookie stuffing technique, these images try to load non-existent images from eCommerce websites.
In this type of fraud, the fraudster registers multiple domain names very similar to the original ones; for example, one letter is missing from a famous eCommerce portal and lure unsuspecting users to this faux website to make a purchase. The entity cheated here is the merchant.
In this type of fraud, the fraudsters spam the users with incessant emails. As a result, a certain percentage of users click on those spurious links and get impacted by either cookie stuffing or making false purchases, giving their credit card and other financial/personal details.
The fraudsters clone an existing publisher website as a complete copy in this type of fraud, right to the content, fonts, and colors. This, when enabled with domain squatting, lures unsuspecting users into this website full of spammy links to enable cookie stuffing, click fraud, etc.
In this type of fraud, the fraudsters clone a merchant as close as possible, and with the help of domain squatting, are ready for unsuspecting users to come in and make purchases. With the purchases, they are also able to secure the personal information of users.
Mystery Shoppers / OTP Shoppers
In this type of fraud, the fraudsters have offline arrangements with people who respond to phone calls, stay on the call for “believable” durations, and respond to OTP. These folks are hired through various mechanisms and completely fraud performance marketing campaigns.
Stolen Credit Cards
In this type of fraud, the fraudsters have a pool of credit card numbers that are stolen and used for making purchases.