BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

How Has Affiliate Fraud Evolved To Rip Performance Marketers Off?

This article is more than 3 years old.

Affiliate marketing has long been considered one of the most efficient forms of digital marketing. This is because the marketer doesn’t pay until they get the sale — i.e. they only “pay upon success.” This has been the method of choice for companies like Amazon and eBay to pay others that helped them drive sales. For example, when a user clicks a link from a recipe website, and then buys something from Amazon over the course of the following 30 days, Amazon pays a small revenue share to the recipe site for helping to drive the sale. The technology behind affiliate marketing is also simple; it works by tracking the clicks on specially crafted links which contain unique identifiers - affiliate IDs. When such a link is clicked, an affiliate cookie is set; this tells Amazon who to pay the revenue share to, after a sale is completed. 


Historic Affiliate Fraud

Over the years, fraudsters have found ways to make money by cheating affiliate programs. For example, two of eBay’s super-affiliates, the ones that drove enormous numbers of sales for eBay, were caught and convicted of fraud in 2013. These fraudsters stuffed their affiliate cookies into many users’ browsers to take credit for driving sales that they did not actually drive. Normally affiliate cookies are set when users click on affiliate links; but these cheaters used technology to auto-click the links and load hidden pages, without the users’ knowledge - i.e. “stuffed” their cookies fraudulently. By doing this tens of millions of times, they got paid revenue shares by eBay on sales they didn’t help create. Millions of dollars were paid out to them until eBay got wise to the fraud scheme and stopped them, after years. Hundreds more examples of affiliate fraud have been documented over the last decade by Ben Edelman, a researcher and professor at Harvard Business School, and now an economist at Microsoft. 

Business InsiderHow eBay Worked With The FBI To Put Its Top Affiliate Marketers In PrisonThe VergeTwo men who made millions by scamming eBay's affiliate program now face jail time


Browser Toolbars and Extensions

Fast forward to web 2.0 when browser toolbars and extensions became popular. These toolbars were downloaded and installed voluntarily by users because they promised shopping discounts and “secret coupon codes.” But what they actually did was affiliate fraud, stuffing cookies in the background without the users’ knowledge. Of course users would click on some links to get coupon codes, but many other pages from hundreds of other merchants were also loaded in hidden windows so the toolbar maker could fraudulently earn revenue shares. These fraud schemes continue today, and are often even better hidden than before.

LifehackerInvisible Hand Chrome Extension Leaks Your Google History to Online StoresEngadgetAmazon calls PayPal's $4 billion Honey browser add-on a 'security risk'

The graph below shows an example of a single page loading nearly a hundred other pages, like hilton.com, acehardware.com, anntaylor.com, bestbuy.com, etc. Each of these pages have the affiliateID included. This is a technique for doing affiliate fraud, where the affiliate cookie is stuffed into the human users’ browser without their knowledge (since these pages were loaded in hidden iframes and popunders).


Modern Day Affiliate Fraud - Ripping Off Performance Marketers Now

While “affiliate” programs and related fraud are not in the news much any more, new forms of fraud still plague “pay upon success” i.e. performance marketing campaigns. Even though performance marketers like ecommerce merchants and app marketers feel they are immune to fraud, they are not. Here’s how the fraud works. 

Uber, for example, ran mobile marketing campaigns to drive more installs of their app. They only paid upon success - the app install. Uber paid bounties of several dollars per successful install. So what do fraudsters do? They fake the exact thing the marketer is paying for - app installs. Uber became suspicious and Kevin Frisch, their head of analytics looked into the data more carefully. Now Uber is suing 100 mobile exchanges for various forms of fraud, namely falsifying placement reports or fabricating them entirely. The cheaters altered reports to make it appear that ads ran on legitimate sites, when they didn’t. Other cheaters just created excel spreadsheets to show ad impressions, clicks, and installs, when none of those even occurred.

LinkedinStone, Meet Glass House - The Significance of Uber's Second Ad Fraud LawsuitSftcOnline Services | Superior Court of California - County of San Francisco

The techniques fraudsters use to commit affiliate fraud or mobile app install fraud is similar to “cookie stuffing.” Click injection is where browsers and mobile apps click on affiliate links automatically to claim credit for the sale or install. Click flooding is where they do this a lot — it increases the probability that the affiliateID in the last click before the success event gets credit for it. This kind of fraud also steals credit from “organic installs” - the ones that would have happened naturally. The user installed the Uber app because they wanted to, not because they saw an ad and clicked on it.

In a direct parallel, marketers may also be incurring significant unnecessary costs in their performance campaigns because they are paying out revenue shares to fraudsters on sales that would have happened anyway — organic sales. Finally, fraudsters are able to fake the sales too. No, they didn’t actually pay for anything; they just tricked the attribution platforms into reporting that a sale occurred - again by auto-clicking a carefully constructed url that had specific parameters in it. By the time the ecommerce merchant or mobile marketer settles up at the end of the month and notices the sales didn’t actually occur, the fraudsters would have already gotten away with it. Also see the article below on how fraudsters can claim credit for sales that have already happened, by tricking the reporting.

CMOs and marketers who do “performance marketing” should consider themselves at risk of fraud too. But by knowing how fraudsters rip you off, marketers can focus their attention on looking for tell-tale signs so they can stop the fraud while the campaigns are still running. After the money’s gone, it’s never coming back. 

MORE FROM FORBESFraudsters Cheat By Tricking The Reporting To Look Awesome
Follow me on Twitter or LinkedInCheck out my website or some of my other work here