Affiliate marketing campaigns are rapidly gaining currency as one of the primary revenue sources for many digital media businesses. Up to 15% of their revenue comes from affiliate marketing programs, and during the pandemic, the numbers even increased, with 42% of affiliate publishers reporting a surge in site traffic.
The problem arises when malicious actors step in and start abusing gaps in tracking and attribution processes to earn undeserved commissions, thus harming merchants and their businesses. It’s been estimated that in 2020 affiliate fraud was worth $1.4 billion, and the chances are that sums of wasted money will continue to grow as the affiliate industry keeps expanding.
In this blog post, we’ll discuss affiliate fraud and the most common methods fraudsters use. We’ll also explain how to identify fraud and tips for not falling victim to malicious actors.
To understand affiliate fraud and its ways, let’s first figure out what affiliate marketing is and its main types.
Affiliate marketing is an advertising type in which an affiliate (a third-party publisher) earns a commission for promoting another company’s products and services, as well as for traffic and lead generation. The sales are monitored via affiliate links from one webpage to another.
The affiliate marketing industry is traditionally classified into three categories: unattached affiliate marketing, related affiliate marketing, and involved affiliate marketing.
In this advertising model, the affiliate isn’t in any way related to the product or service they are promoting. It implies they don’t have any expertise or skills in the product and thus don’t constitute an authority. In this case, potential customers appear to be less likely to take the affiliate’s advice or recommendation seriously.
As the title suggests, a related affiliate program involves an affiliate somewhat connected to the offering being promoted. Typically, both the affiliate and the product reside in the same niche. In this case, the affiliate has enough expertise and influence to generate traffic, and their authority level makes them a reliable source. However, the affiliate doesn’t make any claims regarding the use of the product or service.
In this marketing type, a deeper interconnection between the affiliate and the product or service in question is established. The affiliate used or is currently using it and openly shares with potential customers about its positive impact. The affiliate serves as a trusted source of information. At the same time, publishers involved in such an affiliate program are in a more vulnerable position in case of the reputational crisis of the promoted product.
Affiliate marketing relies on various pricing models that offer different payment terms to affiliates. However, each pricing scheme has its vulnerabilities that fraudsters can turn to their advantage.
Affiliate fraud is a type of ad fraud that covers any malicious or fraudulent activity performed for the purpose of cheatingly generating commissions from an affiliate marketing program.
There are many affiliate fraud schemes associated with different pricing models.
Cost per action (CPA). In this model, an affiliate gets payment once a specified action is fulfilled, such as a sale, registration, or click. Affiliate fraudsters can use stolen credit card numbers and fake IDs to complete the conversion.
Cost per lead (CPL). The affiliate earns a commission upon a sign-up from a potential customer. It can include the submission of a registration form or subscription to a newsletter. Fraudulent affiliates can falsify customer data, use bots to fill forms, and even deliver opt-out lists instead of opt-ins.
Pay per click (PPC), or cost per click (CPC). Affiliate publishers get paid for the number of ad clicks. In this scheme, scammers trick unaware users into hitting clickable links or employ automated methods to cheat clicks, leading to click fraud.
Cost per impression (CPI) and cost per thousand impressions (CPM). These pricing models refer to each potential customer who views the ad and every thousand potential customers who view the ad, respectively. In this case, fraudsters build fake websites and use bots to boost the number of ad views.
Influencer scheme. Companies give their goods for free to an online personality with a sufficient audience, such as bloggers or fashion influencers. Here fraudulent actors have an excellent leeway for the scam, including creating fake accounts and increasing the numbers via bot comments and views.
Fraudsters exploit vulnerabilities in the affiliate marketing pricing models
Affiliate marketing processes are mostly automated, which results in a lack of direct human supervision. This gives fraudsters numerous opportunities to play with the operations and twist them to their advantage. There’s a variety of affiliate fraud methods they can use.
Browser cookies are put on all visitors’ computers to enable a more personalized user experience as well as tracking. Affiliate cookie stuffing is a process when a website drops third-party malicious cookies onto a visitor’s browser.
These cookies cause traders with affiliate programs to wrongly attribute website traffic to the scammer. In turn, affiliates who actually brought the traffic to the company’s website lose their money. As fraudsters continue stealing their commissions, the affiliates see no further point in participating in the affiliate program.
In many cases, the owner of a website may be unaware of cookie stuffing taking place. For instance, their website uses an extension, such as a chatbot, that is designed to sneakily place third-party cookies in the visitor’s browser.
Fraudsters would get credit from malicious cookies if a customer happens to visit the company’s site and make a purchase that would cause further compensation - no matter if that site was ever promoted via an affiliate program.
As a result, a colossal marketing budget may be wasted on compensations for unscrupulous affiliates who, in fact, never put any marketing efforts into driving traffic to businesses.
Most of the time, website visitors don’t even need to click on the ad promoting the business within the affiliate program. Cookies get incorporated into their browsers without their knowledge and permission. Thus, not only affiliate marketing compliance guidelines are violated, but also the European Union’s (EU’s) General Data Protection Regulation (GDPR).
This affiliate fraud tactic involves registering domain names similar to the merchants’ domain names but misspelled in the most anticipated way. When users mistype the URL, they land at the fraudulent domain and then are redirected to the authentic website, thus increasing the number of referrals from redirects for the affiliates.
Typosquatting, also known as URL hijacking, includes five main subtypes:
A frequent misspelling, or foreign language spelling, of the targeted site.
A misspelling based on the mistake in a typed or printed text published somewhere else.
Plural or singular forms of the domain name.
A different top-level domain name (for example, .org instead of .com).
Misuse of the Country Code Top-Level Domain (.cm, .co instead of .com).
This affiliate marketing fraud type can be especially profitable if there’s a cost-per-install pricing model associated with the installation of an application. In this case, affiliates are paid for sign-ups and installs.
Software development kit (SDK) spoofing is a way of fake traffic generation when malicious actors determine how different app SDKs distribute install and attribution data. For example, fraudsters may use malicious programs that watch over the user’s activity and get informed every time a new app install starts. Later, they use this user data to indicate that a real user’s device had installed an app when, in fact, it never happened.
Without adequate oversight, SDK fraudsters can acquire multiple device IDs to keep generating fake installs and earning the commission. The issue with SDK spoofing is that it’s very hard to track and detect affiliate fraud since all installs look totally natural.
Website visitors unintentionally download malicious spyware that may appear in the form of pop-ups and other kinds of ad fraud. This adware sneaks the code into the user’s browser, which artificially blows up the traffic numbers reported to the merchant.
Another type of malicious spyware is the “loyalty” software. Affiliates place it on visitors' computers to remind them about the perks and profits of buying these goods from particular merchants. With this software installed, the user reaches the merchant’s website through the affiliate’s link. And fraudsters, as is often the case, claim their unfairly earned commission.
Main affiliate fraud methods
No one is immune to affiliate marketing fraud, and there’s always a chance that malicious actors are targeting or already exploiting your business. Checking the quality of your affiliate network is imperative, especially if you’re the owner of a small or freshly launched business.
There are several ways to prevent affiliate fraud and the negative consequences of fraudulent affiliates operating on the market.
Start being cautious about your potential affiliate partners from the very early stages. For instance, you may follow a multi-step application process and confirm new affiliates manually. When testing potential affiliates, you have to make sure they have a legit website and their content is tuned to your company’s products.
Once a new affiliate is accepted and you start cooperating, it’s vital to make your terms and conditions clear and transparent to avoid further misunderstandings. It’s always better to have a legal expert watching over your policies to ensure there are no gaps that can be used for affiliate fraud and abuse.
Regular and active monitoring of your affiliate analytics puts you in a better position in terms of fraud detection. You can locate suspicious traffic upturns, page redirects, or an unusual amount of transactions from the same IP address.
Keep track of your affiliates and carefully log in their IDs to your system so you can see how many users they bring and what share of them completes the conversion stage. After a while, you will have enough information to analyze your affiliates to distinguish conscientious partners from fraudulent ones.
Every user landing on your conversion page leaves a digital footprint, consisting of the device information, installed plugins, time zone, etc. This information is called device fingerprinting. Using this data, you can build profiles of your visitors and see if there’s any suspicious activity. For example, if you notice exactly the same configuration appearing on your website over and over again, there’s a chance it’s a fraudster trying to trick your system.
One of the ways to check if your marketing partners are trustworthy is to test the affiliate links. Residential proxies are the most suitable match for this task since they allow checking localized affiliate content using IPs of the required region.
Besides, if you have multiple affiliate links to check, you would most probably want to automate the process using special software. These testing bots may be seen as suspicious by some websites, which can lead to bans. In this situation, proxies will conceal your real IP address, or you can use rotating proxies to change IPs at your will, thus avoiding bot activity detection. These measures will help you look like an organic user and avoid undesirable blocks.
Lastly, if you like to make sure that your affiliates aren’t doing anything shady, you’d want to check their activity without being detected. Proxies can grant you superior anonymity to keep an eye on your affiliate program partners without them knowing.
As you see, proxies are a great tool for affiliate fraud detection. We at Oxylabs strongly adhere to ethical and legal proxy utilization principles and monitor the usage purposes of our proxies via the KYC processes and open Abuse Emails.
Use proxies to verify affiliate links
While affiliate marketing is one of the most efficient ways to drive traffic to online businesses, it bears certain risks. Flourishing affiliate fraud may severely damage your company’s financial condition and reputation. However, you can always take precautionary measures to prevent affiliate fraud. In particular, you can carefully monitor traffic, enable device fingerprinting, and use proxies.
If you found this content useful, head for another similar article for more insights.
About the author
Maryia Stsiopkina is a Content Manager at Oxylabs. As her passion for writing was developing, she was writing either creepy detective stories or fairy tales at different points in time. Eventually, she found herself in the tech wonderland with numerous hidden corners to explore. At leisure, she does birdwatching with binoculars (some people mistake it for stalking), makes flower jewelry, and eats pickles.
All information on Oxylabs Blog is provided on an "as is" basis and for informational purposes only. We make no representation and disclaim all liability with respect to your use of any information contained on Oxylabs Blog or any third-party websites that may be linked therein. Before engaging in scraping activities of any kind you should consult your legal advisors and carefully read the particular website's terms of service or receive a scraping license.
Get the latest news from data gathering world
Scale up your business with Oxylabs®
GET IN TOUCH
Certified data centers and upstream providers
Connect with us
Advanced proxy solutions