Signs of affiliate fraud and prevention

Cookie dropping

There are publishers that try to earn money with affiliation in an undesirable way. These are parties who try to place the last cookie, in a manner that does not substantially contribute to the promotion of an advertiser. This can be done in many different ways and these publishers are constantly trying to invent new ways to make money. A common way of 'stealing' the last cookie is cookie dropping. Cookie dropping can be done by placing a cookie on the user's computer without them making a click. For example, when displaying a banner, a cookie is placed while there is only a view and not a click. Also cookie droppers sometimes place a cookie on a website that is not theirs, which means that undesirable cookies are placed by a third party, while the consumer is unaware of this.

There are always publishers that generate traffic in doubtful ways. Therefore it’s important to make sure that a network knows the publishers submitted to the advertiser programs and that you can explain to the advertiser how the publisher generates the traffic to the site of the advertiser. Quality is very important. More important than quantity. Especially in the Lead Business, Finance, Telco, Career and Lotteries fraud is easy because only filling in personal details is sufficient for receiving a commission.

Nowadays networks have a strict control at the gate if you have registered to join them. A publisher can expect his website and data to be checked. As a result, the publishers who are active are in general qualitative publishers.

Some reasons to doubt a publisher and do more research:

• Look at ‘last clicks’ – if the referrer is never recognized then this indicates suspicious activity. Sometimes the referrer can be masked by the publisher. If it’s not sure to tell, the publisher should be asked why the referrers are not recognized and what this publishers’ best traffic source is.

• If a publisher only has traffic through a Windows browser. This is a rare case, but this can be a form of distributing spyware on consumers' computers.

• Very low eCPC; a publisher drives lots of traffic, but generates only a few leads. If a publisher realizes an eCPC of 2 cents, then it's almost impossible to buy traffic from a banner network, because it is not profitable for the publisher.

• A publisher suddenly has a spike in sales, compared to other publishers. This often indicates that the publisher might use a display channel associated with pop-ups and site-unders, to get additional clicks in the hope of more conversions.

• A click to lead time which is very short, for example 1 minute. This means that the consumer ended up buying a product within 1 minute of leaving the publishers’ site.

• A conversion rate is too high, for example 80%. The IP addresses and traffic sources need to be checked if this is the case.

Some examples of generating fraudulent sales:

• A publisher generates its own leads by filling in his own personal information. This occurs with CPL campaigns in the finance sector, where a unique order number cannot be checked.

• Typo squatting: A publisher buys a URL domain with a typo (consumers directly enter the URL in the Web browser) to realize leads. An example is, where a publisher bought and put a cookie on typo, sending a redirect to There are no additional sales, but it’s as if the sale was stolen from the advertiser or another publisher. In this occasion all the obvious typos for the advertiser need to be checked, because the publisher will mask the domain.

• The spreading of Spyware on consumer computers. This has happened in the past, when an international publisher spread spyware. When a consumer clicked on a link then it automatically became a publisher link. In that case it’s important that the content of the publishers’ ad space is correct and up-to-date.

Continue reading?

Share this article