Affiliate marketing is a vital component of any company’s strategy due to its ability to reach untapped customers with relatively no work from the main advertiser. However, with the rise of affiliate marketing so comes the rise of affiliate fraud.

What is Affiliate marketing and how can it be abused?

Affiliate marketing is simply earning a commission by promoting and selling products or services on one of your platforms. Your primary goal with these programs is to make commissions by recommending products and services you believe will sell well. The company tracks conversions through referral links, and pays out money to the best marketers. 

Fraudsters try to earn these commissions by: spamming the referral links; using software to imitate human behavior and generate fake clicks and transactions; and maliciously diverting traffic from other sites. 

In some cases they will clone the vendor’s website, and host it on a domain name that looks similar. More advanced techniques include malicious browser extensions that swap legitimate affiliate URLs for their own, and even inject ads with referral links into ad-free web pages.  

According to research by the University of Baltimore and Cheq, affiliate marketing fraud is now costing businesses over $1bn. Left untouched it can seriously impact ROI so for most organizations globally, affiliate fraud detection is a crucial yet underappreciated component of their risk management procedures. 

In this article we’ll have a look at how fraudsters try to cheat affiliate marketers and how businesses can implement certain preventative measures to minimize risks.

Identifying Affiliate Fraud

Those working in the sector appreciate that fraud will forever be an ongoing battle as fraudsters update, adapt and establish new forms of abusing affiliate programmes. But for businesses that try to expand and build consumer trust, affiliate fraud can be a living nightmare.

Here we have listed seven of the most common types our clients have encountered so far:

1. Click Fraud

Fraudsters will spam pay per click (PPC) campaigns with sophisticated bots to emulate a user, drastically impacting the legitimacy of the campaign as well as potentially impacting costs.

Browsers such as Google are improving its anti-click measures through algorithms that help detect and filter out invalid clicks in real time, before any payments are made. They also utilise manual reviews and investigations based on reports / signs of suspicious activity.

2. Typosquatting 

Typosquatting consists of exploiting a URL similar to the main company’s name to collect referrals from redirects. The concept revolves around the users mistyping, landing them at the fraudsters domain instead of the merchant’s domain. 

3. Influencer Fraud

Perhaps one of the most engaging methods in the B2C space, influencer fraud offers great value in working with someone who aligns with the firm’s ideal customers. However, fraudsters can inflate numbers to appear to be a better partner, when in reality the majority of their followers are fake.

4. Ghost Sites 

Ghost sites are made by fraudsters who build blank or incoherent websites in HTML with a short code on the page. The page with the tech code is then added to a low-quality exchange to start generating money through fake impressions. They set the page to redirect to other, similar pages, to create an infinite loop. The goal with this is to have a ton of fake impressions through this loop. 

5. Traffic Diverting + Cloning

Fraudsters can use what’s known as ‘parasite sites’ to steal the traffic from a legitimate affiliate site. Cloning is somewhat similar but instead consists of lifting a different affiliate’s content.

6. Cookie Stuffing 

A fraudster sets code into a visitor’s browser that ultimately leads to earning the commission if and when that customer makes a purchase, without the customer knowing. A prime example of cookie stuffing relates to an incident in 2013 where two of eBay’s biggest affiliates were caught and convicted of fraud in 2013.

Merchants are at constant risk of wasting time and resources on campaigns that ultimately don’t increase sales as well as can damage their reputation.

Fraudsters are no longer restricted to basic click generation tools that can be defeated by CAPTCHA anymore – with human fraud farms a growing threat.

7. Software Development Kit Spoofing

This sort of fraud is especially lucrative if there’s a cost per install affiliate program associated with the installation of an app. This means that affiliate payouts are made through sign-ups or installs, without actually making a purchase.

This is where Software Development (SDK) spoofing takes form. SDK spoofing is a form of invalid traffic generation that involves a fraudster figuring out how various app SDKs transmit install and attribution data. It then uses that information to signal that a device has successfully installed an app when, in reality, no such thing has happened. 

Without proper protections in place, an SDK spoofer could buy a batch of device IDs and continue to generate install events, repeating the process and cashing in on each fake installment. The problem with this is SDK spoofing is hard to detect, since those installs look completely legitimate.

Spotting the Signs

When exploring fraud prevention solutions on the market, the importance of understanding the role which a fraud partner would play is important, especially for smaller merchants, value for money is imperative. 

Spotting abnormal activity is a good start point which can be done manually, for example low engagement rates and high click through rates are a tell-tale sign of bot manipulation. Having a solution that notes affiliate IDs, gives the opportunity to view how many of the users the affiliate brings and how many of these reach the conversion stage successfully. 

As the merchant collects more data, a strong solution will be able to separate good affiliates from bad ones before any major impact. These types of behaviour analysis metrics are an easy first route to identify potential fraud. Another example would be to compare the average time spent from acquisition to sale.

Placing a longer payout period for partners is an option but delaying commissions can irritate those that the main firm works with so this is only viable if there’s a massive impact on returns / chargebacks; keeping communication between your affiliates as well as establishing clear terms and conditions is a more sustainable approach.

Device fingerprinting is another method merchants look towards. Otherwise known as a digital footprint (with the right solutions) data can be extracted to help create a holistic profile of the visitor with information such as device information, time zone and any installed plugins. In combination with other data enrichment tools, you will be able to build a pretty complete profile of your users in real-time.

Despite the vast amount of options available, no solution can guarantee absolute, complete protection from affiliate fraud but being proactive and working with an adaptive fraud prevention tool dramatically minimizes risk.

Conclusion

Affiliate fraud can be a nightmare for many online businesses that try to expand in their markets with the help of affiliate marketers. 

However, fraud detection and prevention can be done fast and easy with the right traffic monitoring tools and risk analysis. In order to filter out any unwanted fraudsters who would harm your business, you need to implement the right risk rules and device fingerprinting analysis.