Fraud in Affiliate Marketing

Introduction

Affiliate Fraud!

This is probably the most feared activity in the affiliate marketing industry.

No surprise!

Affiliate fraud is an alarming and unethical activity! It can be a problem in affiliate marketing but also in many other fields and industries.

It’s powerful and viral, just like a plague.

Sadly, this industry is still haunted by this nefarious practice.

Terminating it swiftly is the ultimate goal.

Identifying it?

Now that’s the daily challenge!

The business is on the rise, and so have been the methods and schemes associated with fraud.

The estimated cost of digital ad fraud worldwide is predicted to rise from $19 billion in 2018 to $44 billion in 2022. While it is difficult to measure the channels being hit the hardest, the affiliate and partner marketing sectors in which I work seem less vulnerable to malicious theft than other channels. This is because the pay-for-performance model is harder to dupe than soft metrics like ad viewability or fake Instagram followers.

How Affiliate Fraud Works

But even with an affiliate marketer receiving up to 30% of a customer’s spend from merchants, there’s still no such thing as a free lunch. So what’s the catch? The growing spend and potentially high yields have made affiliate marketing an attractive target for fraudsters, posing a considerable risk to a growing business. Here are the affiliate fraud strategies merchants should be wary of.

Spam

While most customers identify and delete spam emails before they do any damage, all it takes for spam to perpetuate is for one unsuspecting customer to open junk email and make a purchase from a fraudster. Not only does spam cause legitimate merchants to lose sales, but when customers see the same product, brand or company appear over and over again in their Junk email box, the legitimate company is also at risk of a hit to their reputation.

Fake Websites

Fraudsters register variations of a vendor’s web domains (e.g., amazom.com) to attract unsuspecting buyers, and then the fraudsters sign up the variations for affiliate programs. This process, called domain squatting, ends up directing traffic away from the legitimate affiliate and to the fraudster’s site. The fraudster’s site may even be a complete clone of the legitimate site — graphics and wording alike. Customers end up making their purchases at the wrong site, causing the genuine merchant to lose the sale and letting fraudster cash commissions earned by honest affiliates.

Fake Leads

Fraudsters use software to imitate consumers’ behavior and generate false clicks, transactions and conversions on offers. Through click fraud, greedy fraudsters repeatedly click on income-generating cost-per-click links to inflate their income and, sometimes, just to cost merchants revenue. Merchants end up seeing their funds drained without realizing any sales.

Malicious Browser Extensions

Extensions add extra functionality to the browser and require a lot of power. They often ask for a variety of permissions to execute their features. With malicious extensions, after installation, monitoring tools don’t encounter any malicious behavior, which stays dormant for the first week or two. A visit to specific pages then triggers the fraudulent activity such as intercepting requests from the browser, modifying traffic or inserting JavaScript snippets.

A 2014 analysis by security researchers covering 48,000 extensions for Chrome detected many that are used for fraud and data theft, and going mostly undetected by users. They often change or add parameters within a URL in order to accomplish affiliate fraud. Some extensions will swap out the legitimate affiliate code for their own and gain credit for the sale, or even swap out ads on a website for their own. There are extensions that go as far as injecting ads into ad-free sites such as Wikipedia and even overlaying them on top of a site’s content. There are cases where extensions up-vote themselves on the extension stores, and even write automated positive reviews, to get broader distribution.

Cookie Dropping or Cookie Stuffing

 In this case, visitors to a website are unwittingly marked with cookies that belong to an advertising program of a large shopping portal such as ebay or amazon. If the user later buys something on these platforms, the alleged affiliate receives commission even though he did not include any advertising material from the program on his page at all. He is paid for an advertising service that he did not provide. Internet fraudster Shawn Hogan has become “famous” for large-scale cookie dropping. His scam was discovered and he was arrested by the FBI.

Fake orders

 In this case, orders are placed via affiliate links to receive the commission. In this case, the goods are usually ordered cash on delivery and never paid for. Although many affiliate programs usually only pay out commissions after the withdrawal period has expired, this method often affects shops that have developed their own programs and lack the necessary technical means to uncover this rather simple fraud.

Ad hijacking

 Here, fraudsters copy already existing ads on Google AdWords from large online shops or shopping portals and insert their own affiliate links. If the user finally clicks on the fake ad, the affiliate receives the corresponding commission if this user buys something on the stored target page. In order to be listed before the original shop, the fraudsters use a minimally higher CPC. In many cases, affiliate networks can minimize such affiliate fraud by, for example, excluding brand bidding in the affiliate program and sanctioning those who violate the rule.

 Affiliate Hopping

 This fraud technique is used to receive multiple commissions. For this purpose, fraudsters register for an affiliate program of an online shop in several affiliate networks. Each visitor is marked with the ID and cookie of each program. If the user finally makes a purchase in the advertised online shop, the fraudster receives a commission from all affiliate networks if the order has been submitted to them. A countermeasure is a so-called cookie switch, which prevents the placement of several cookies from the same advertising program.

Typosquatting

 This method uses incorrectly entered domain names and typos from users. Fraudsters, for example, register such a “mistyped domain”, deposit an affiliate code with a link to the original shop there and set up a direct forwarding. This form of affiliate fraud is therefore hardly noticeable for the ordinary user.

E-mail spam

An affiliate link is included in mass e-mails sent. If the recipients click on this link, they are marked with a cookie, which in turn, as with cookie dropping, leads to the alleged affiliate receiving commissions for a service they have not provided.

Easy Ways to Prevent Fraud

You can’t avoid fraud while doing business online. Hence, to succeed in this business, you need to take measures that would protect your business and clients against fraudsters. First and foremost, it implies understanding the nature of fraud in affiliate marketing and developing strategies to combat it.

The approach is similar to the general rules of internet security that all users should follow unless they want to risk their data. The same applies to managers of affiliate programs: to ensure a reliable platform with high-quality and fraudless traffic, you must regularly undertake precaution routine actions. 

Manually Approve Every Affiliate.

Although manually approving affiliates is time-consuming, especially for large programs, it is your first line of defense against fraudulent affiliates.  Before you approve an affiliate we recommend evaluating:

• Their website(s) listed to ensure they are aligned with your brand.
• If they meet your brand standards.
• Whether or not they look like a link farm.

You should also review any notes or history provided by the network (if available) to see if the affiliate has behaved fraudulently in other programs.

Enforce your new Terms and Conditions.

When you update your affiliate terms and conditions it is always a good policy to send a newsletter out to all of your affiliates announcing the changes to your terms. Be sure to include a due date for affiliates to bring their promotional efforts in compliance to your updated terms. This will ensure that honest affiliates comply with your new terms and allow them time to update their campaigns.

Once the due date has passed, start enforcing your new terms rigorously. There are helpful fraud detection tools available, that can:

• Monitor for keyword PPC violations.
• Aid in your fraud check efforts.
• Ensure that your affiliates are complying with all of your policies.

Using Data to Spot Fraud

The most powerful fraud detection tool you have at your disposal is your data. Here are a few key places to check your data for potential fraud:

• Referring URLs: Use your data to look through referring URLs and visit suspicious pages you don’t recognize. If you notice several redirects, it could mean an affiliate is trying to hide the real source of traffic from you.  For redirects, request URLs and screenshots of where your brand is being promoted. Verify that all sites promoting your brand could realistically drive the level of traffic being shown by looking at Alexa rankings, Similar Web metrics, audience engagement, etc. Shady traffic often hides behind front sites that may appear legitimate at first glance, but do not have the traffic numbers to support conversions being shown.
• Sub-affiliate networks: If you work with sub-affiliate networks like Skimlinks or Viglink, this can add another layer of complexity to your fraud detection efforts. These networks can give your program a tremendous boost by allowing you instant access to thousands of additional affiliates. However, it also means you have less control on what affiliates you let in to your program as they can always re-apply to one of these sub-affiliate networks. Again your best tool to detect fraud from affiliates in these networks is to look at your referring URLs and determine the original source of the lead or sale. Consider requiring sub-affiliate network partners to pass back a unique ID for all of their publishers to analyze traffic on a sub-affiliate level.
• IP addresses: Look at all of the IP addresses for your sales and leads. Do multiple transactions come from one single IP address? This could mean one person is placing multiple orders with stolen credit cards or some other form of illegal activity. If you can, try to authenticate these transactions to determine their validity.
• Data: Another good way to spot fraud is by identifying trends. If you notice a large, abnormal spike from one affiliate, it could mean that something fishy is going on. You’ll want to thoroughly investigate large spikes in sales or leads from otherwise low-performing affiliates. The days of simple cookie stuffing through tactics such as typosquatting have also grown more sophisticated with mobile attribution theft, SDK spoofing, and display ad hijacking. With any traffic, you’ll want to look for signs of this attribution theft. Key signs of this are abnormally high click rates, low conversion rates, and click-to-action times outside the norms of your program and verified clean traffic.

When you do find fraud in any form, be prepared to take action. Document the evidence and send the affiliate a violation warning. The affiliate may be out of compliance due to a glitch or something innocent and will need time to correct the issue. But if the issue occurs again or the affiliate is caught in another fraud attempt, it’s essential to terminate that affiliate from your program.

Create a Routine

Once you have your affiliate terms and conditions updated and you’re familiar with how to check for fraud in your program, it’s important to create a routine to keep your affiliate program in check. We recommend you set aside time one day each week to go through your data and your fraud checking tools to ensure affiliate compliance.

Start by checking your fraud detection tools, then look at your referring URLs from your sales and leads (pay special attention to referring URLs from sub-affiliate networks). From there, look at IP addresses to ensure no mass duplicate IPs. Finish up by looking for abnormal spikes in sales and leads from otherwise low-performing affiliates. The last two tasks we recommend adding to your routine are to create a blacklist of affiliates you don’t want in your program and staying current on industry trends and issues.

Creating a routine and sticking to it is going to give you the best shot at detecting and stomping out fraud in your affiliate program. Keeping this routine will mean higher ROI, better on-brand promotion from your affiliates, and more success overall in your affiliate program.

Knowing the ins and outs of what to look for to ensure all your affiliate activity is aboveboard can not only be nuanced, but preventing it often requires consistent oversight, expertise and resources – services that an experienced affiliate program management agency can provide.

Built-in Fraud Prevention Tools

At present, most performance marketing platforms offer in-house fraud prevention tools. These features can help you keep fraudsters away from your ad campaigns. But the possibilities of fraud prevention greatly depend on a platform you partner with.  

• Click-level fraud prevention – a tool that reduces fraudulent traffic by filtering VPN, non-earmarked traffic from proxies, bot traffic etc. The system detects fraudulent traffic in real-time, block it and doesn’t allow it to reach the destination website. These measures increase CR of ad campaigns, and the advertisers get higher-quality traffic to their offers. 
• CR automation. Besides its primary role, CR automation also serves as a regulator of basic traffic quality index based on CR percentage under specific conditions set by advertisers. Low CR percentage means that received traffic is of low quality. High CR percentage, on the contrary, indicates the presence of fraud traffic. Thus, by setting necessary conditions, you automatically decline a significant share of fraudulent traffic.  
• Rejection of IP duplicates. Conversions with duplicate IPs is a clear sign that you most likely work with low quality or fraudulent traffic. In the tracking platform, during an offer set-up phase, you can reduce the probability of low-quality traffic by choosing “Unique IP only” in the postback section. In this way, only conversions with unique IP will be approved. No one will be spamming with emulated conversions, and you will receive only quality traffic. 

Timely actions against fraud

Primarily, to avoid being trapped in a loophole, make sure that you are fully legally compliant. Constantly revisit and update the program terms and conditions. Next thing, don’t hesitate to act upon affiliate fraud in any form. Take any measure that you considered appropriate for every particular case: from sending violation warnings to affiliates to terminating them from the program. 

These are the must-follow recommendations. However, even they cannot guarantee absolute protection from affiliate fraud. Occasionally you can recognize and block suspicious affiliates, but when it comes to fraud, it’s difficult to always be on the lookout. The chance that you would miss something is relatively high. By doing the actions described above, you only minimize fraud risks but do not eliminate it. 

Fraudsters are very sophisticated in developing robust fraud strategies. Once one of their strategies is recognized and combated, they will come up with a new scheme to bypass your protection safety measures. 

• Detailed statistics. Your tracking platform must provide detailed statistics with data-slices divided by user device, user agent, devise OS, browser language, and also statistics on impressions, clicks, conversions and payouts. It helps to define fraudulent patterns in conversions and block them. For example, if you see that a browser language is Vietnamese, but the conversion IP – US. Or you observe a high number of impressions with only a few conversions, or with no conversion at all. Things like that are the first signs of fraud that you should immediately block. 
• Click to conversion time report (CTCT report). For every conversion type, there is a specified time span during which a majority of clicks and installs occur. High volumes of traffic beyond this time frame usually account to fraud. СTСT report is used to detect and prevent it, particularly mobile ad fraud such as click injection and click spamming. Thus, with the help of СTСT report, you see which conversions are outside the approved СТСТ and should be rejected. 

What to do When You Suspect Fraud?

If after following the above steps you feel that an affiliate is committing fraud on your network, it’s time to take action. Evaluate your relationship with the affiliate and decide if you want to continue working with them. Notify them that you have discovered fraud and what your planned course of action is (terminate relationship, probation, etc.) To temporarily or indefinitely terminate the relationship, suspend the affiliate account to stop all traffic and access. Calls to a suspended affiliate’s promo numbers are not routed and commissions are not earned, and users cannot login to their account. While it’s tempting to publicly sound the alarm, be cautious about publicly posting about your suspicions about an affiliate driving fraudulent calls. If an affiliate chooses to fight back, this could lead to legal issues such as defamation.

Don’t jump the gun. If you suspect an affiliate is committing fraud, suspend their accounts and investigate further.

Building Better Relationships with Fraud Fighting Given the history of fraud in performance marketing and the suspicions that brands may have about the industry, it’s tempting to put your head in the sand and quietly fight the baddies. In order to rebuild the reputation of the industry and instill trust in your partners past, present, and future, it’s time to face the beast head on and show that you’re doing everything in your power to fight it. Don’t hide the fact that you are actively fighting affiliate fraud for fear of acknowledging its existence. Brands already know that it exists and they are wary of it, so the best way to build trust with them is to show that you and the industry in general is doing something about it. Gather any metrics you can that show you are blocking bad calls, vetting your affiliates carefully, testing your methods, and monitoring performance. Turn your best partners into advocates with case studies and other co-marketing to display the trust that you have already built. And when you use platforms like Invoca that battle call fraud with technology, use that as part of your selling and confidence-building strategy as well. The performance and affiliate marketing industry is in a much better place than it was just a few years ago, but there is still work to be done. Building trust with your partners by diligently fighting fraud is the big first step. Once confidence is restored, then it is much easier to show the value and ROI of performance marketing for all parties involved.