The digital advertising industry is ever-evolving. Unfortunately, new opportunities go hand in hand with additional fraud risks. Affiliate cookie stuffing is one of the more popular blackhat marketing techniques used by online swindlers.
In this article, we’re going to explain what that is and how exactly it works.
Let’s start at the beginning.
What’s a cookie?
A cookie is a tiny, identifiable piece of code websites leave in your browser when you visit them. Cookies help a site remember you by tracking browsing activity and storing login credentials and other advertising data. That’s what makes them so valuable when it comes to affiliate marketing.
What’s affiliate marketing and how does it come into this?
Simply put, affiliate marketing means businesses pay a commission to a party that brings them clicks, site visits, or sales. So, for example, if your website sends some visitors to the Apple store, you’d get a small share of anything they buy there. Such arrangements are brokered by an affiliate network, acting as a middleman.
Naturally, in order for an affiliate program to work, user visits need to be properly tracked. And that’s a prime example of the usefulness of cookies.
Let’s break it down, continuing the Apple example:
- User clicks on your affiliate link
- A cookie gets dropped in the user’s browser as they are redirected to the Apple Store
- They make a purchase
- During checkout, the store website checks for affiliate cookies
- If any are found, the transaction is logged, and you get your affiliate commission
Okay, so what is cookie stuffing?
Cookie stuffing, also known as cookie dropping, is a form of affiliate fraud. The issue got a lot of attention back in 2008. It was revealed that Shawn Hogan, eBay’s #1 affiliate partner at the time, had scammed the company out of 28 million dollars.
Basically, malicious publishers stuff visitors’ browsers full of third-party cookies for retailers that they don’t actually advertise or even mention on their site. If the user then happens to visit one of those retailers, their visit would be misattributed to the bad actor.
That’s harmful to everyone involved in several ways.
It takes money away from legitimate affiliate partners
This is the most direct and obvious consequence of cookie stuffing. When a fraudster gets credit for a user’s visit, that often means the actual affiliate responsible gets passed up.
It hinders the company’s marketing efforts
As effective publishers get passed up due to fraud, they see diminishing returns from the affiliate program. That makes it less likely for them to continue participating. As a result, the business is wasting ad dollars on bad actors while losing high-quality partnerships.
It violates users’ privacy
Many times, the user doesn’t get a chance to accept the cookie, because they didn’t click on anything remotely related to the company in question. That’s a breach of EU’s GDPR, as well as marketing compliance guidelines.
How does cookie stuffing work?
There are several methods blackhat marketers use to sneak cookies onto people’s browsers. We’ve compiled a list of 3 popular cookie stuffing techniques below:
Banner Ad Cookie Stuffing
This is an especially tricky one since it doesn’t even require the user to click anything. Fraudsters can add an auto-loading cookie to a banner ad. That cookie is loaded into a visitor’s browser just by visiting the web page the banner is on.
Image Cookie Stuffing
A marketer can use an affiliate URL as the source address for an image. Since the link doesn’t lead to an image, nothing will actually load on the user’s end. But the browser will still try to follow it, thus loading the cookie behind it.
Additionally, the code can be displayed as a blank space. That makes it possible to cram a lot of malicious cookies into an inconspicuous page.
Pop-Up Cookie Stuffing
Pop-up ads might have questionable conversion rates, but they’re a generally harmless way for websites to grab attention.
Cookie stuffers, however, can program a pop-up to forcibly inject cookies into a user’s browser. Some take it a step further by creating pop-up browser extensions that contain malicious cookie code. Then they just need to offer them up to unsuspecting website owners.
Wrap up
Cookie stuffing remains one of the most widespread types of affiliate marketing fraud. And yet, retailers have come a long way in detecting and stopping it. By tracking conversion rates, clicks, and user behavior, companies today are much better at preventing high-profile wire fraud like the Shawn Hogan case.
As a publisher, there’s unfortunately little you can do to tackle the issue on a wider scale. But you can make sure there aren’t any fraudulent affiliates associated with your site. Carefully vet any monetization partners you work with and be mindful of downloading unverified website extensions.
Cookie stuffing might be alive and kicking, but you can make it harder for fraudsters to do their thing. And, in the process, protect yourself from unknowingly participating.