Types of Ad Fraud - Cookie Stuffing

Cookie stuffing first became known as a powerful ad fraud technique in 2008 through the well-known Shawn Hogan-eBay scam.

What is a cookie?

Cookies are used to carry user-specific data for a specific website. These can be accessed by the webserver and the user’s computer. There are two types of cookies: first-party and third-party.

First-party cookies are generated by the website. It is used to identify users logging in and provide customised options based on their previous activity on that website. It saves login data, cart details (in case of an eCommerce site), etc.

Third-party vendors generate third-party cookies. These cookies help in advertising by using user information to display targeted ads.

Cookies contain specific parameters like name, value, expiration date, path, domain, etc., that determine the cookies' use and life span.

What is cookie stuffing?

Cookie stuffing is a fraudulent technique that involves dropping multiple third-party cookies onto a user’s browser. These cookies are used to falsely stimulate a cut of the ad spending to be sent to the fraud publisher. It is prevalent in affiliate marketing.

How does it work?

Credit: Medium

A publisher promotes brands by displaying brand-specific advertisements on websites. If a user purchases a product from the brand by clicking on these ads, the publisher gets paid a commission. However, third-party frauds can stuff the user’s browser with cookies without the user ever knowing, allowing them to get a cut of the commission to be paid to the publishers.

How are cookies being dropped?

Cookies can be “dropped” or “stuffed” into a browser through various instruments like pop-ups, iframes, JavaScript, CSS stylesheets.

Impact of cookie stuffing

The principal victims of cookie stuffing are the publishers who do not get paid the total amount of their referral commission. In this way, advertisers are also being conned out of their money as their ad spend is not going into the right channel. Third-party vendors end up getting paid without providing any aid to the transaction.

How can you be protected?

Some of the small things you can do to remain protected are:

- Keep a check on the affiliate sites.

- Remain in frequent contact with your affiliates.

- Use a published blacklist to stay away from websites and affiliates that are known to be infected.

- Check your transaction data and user statistics periodically to catch any irregular traffic or abnormal credit exchange among your affiliates.


Cookie stuffing has become one of the most dangerous forms of ad fraud as it is difficult to detect and its wide range of versatile sources. However, it has now been deemed illegal and can lead to dire consequences when caught in the act.

Don't miss these stories