What is Affiliate Fraud

Definition

​Affiliate Fraud is a cybercrime committed by spurious traffic generating entities, such as a publisher website / app or man-in-the-middle entities who hijack regular traffic and make it look like affiliate traffic. The most commonly affected are ecommerce portals and genuine affiliates.

Types

There are various types of Affiliate Frauds as mentioned below

Cookie Stuffing

Cookie stuffing is a fraud technique using which, affiliate cookies are inserted in the browsers of unsuspecting internet users. The easy catches are users using vulnerable browsers, users who visit suspect websites, and don’t have effective anti-viruses installed.

Types of Cookie Stuffing

The technique of cookie stuffing converts an organic visitor to a paid affiliate visitor.

Image based

In this type of cookie stuffing, a website would have image links pointing to the ecommerce website and attempting to load images from the same. An invocation of the ecommerce affiliate links would lead to deposition of a cookie in the browser of the user, and show an error mark on the website, which may not be visible. The spurious publisher can also mask any erroneous images on the website thereby making it a fool proof attempt.

Botman says there could be multiple categories of these fraudsters

  1. Folks who display a legit banner and also hold an affiliate account with the ecommerce entity – Pseudo-Cookie Fraudsters
  2. Folks who display a legit banner and don’t have any affiliate account – PurePlay Fraudsters
  3. Folks who don’t display any banner and don’t have any affiliate account – BlackHat Fraudsters

Redirect

In this type of cookie stuffing, a user on visiting / browsing a website suddenly gets redirected to another page OR a full page redirect happens in another tab or window. This essentially opens up an affiliate link of the ecommerce website and drops in a cookie to the user’s browser. You didn’t want it, but you got it :).

Pops

In this type of cookie stuffing, a user on visiting / browsing a website suddenly gets pops in the form of popovers, pop-unders, full page pops etc. The purpose of these pops is to inject a cookie in the browser and die away. There could be multiple categories of these pop techniques.

  1. Visible Pops (either over or under) – User needs to click on the cross button to close it
  2. Invisible Pops – They come with 1×1 pixel size or similar and are not visible to the common eye

Below the Fold

In this type of cookie stuffing, a user visiting a page has below the fold images which are rendered on a page load. These images similar to the image cookie stuffing technique, try to load non-existent images from ecommerce web-sites.

Domain Squatting

In this type of fraud, the fraudster registers multiple domain names very similar to the original ones, for example one letter is missing from a famous ecommerce portal and lure unsuspecting users to this faux website to make a purchase. The entity cheated here is the merchant.

Spamming

In this type of fraud, the fraudsters spam the users with incessant emails and as a result of that, a certain percentage of users click on those spurious links and get impacted by either cookie stuffing or making false purchases and end up giving their credit card and other financial / personal details.

Publisher Cloning

In this type of fraud, the fraudsters clone an existing publisher website as a complete copy , right till the content, fonts and colors. This when enabled with domain squatting, lures unsuspecting users into this website which is full of spammy links to enable cookie stuffing , click fraud etc.

Merchant Cloning

In this type of fraud, the fraudsters clone a merchant as close as possible, and with the help of domain squatting, are ready for unsuspecting users to come in and make purchases. With the purchases, they are also able to secure personal information of the users.

Mystery Shoppers / OTP Shoppers

In this type of fraud, the fraudsters have offline arrangements with people who can respond back to phone calls, stay on the call for “believable” durations and respond back to OTP. These folks are hired through various mechanisms and completely fraud performance marketing campaigns.

Stolen Credit Cards

In this type of fraud, the fraudsters have a pool of credit card numbers which are stolen and used for making purchases.

Don't miss these stories