Affiliate Fraud – The Dark Side of Affiliate Marketing

The rise of the Internet has brought new opportunities for businesses, allowing them to reach new markets and audiences as well as specific niches that would remain unreachable otherwise. Affiliate marketing is one such process which substantially empowered online businesses.

“Affiliate marketing is a type of performance-based marketing in which a business rewards one or more affiliates for each visitor or customer brought by the affiliate’s own marketing efforts.”

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Wikipedia‘s definition of affiliate marketing.


Image Source

Tweet this: Malicious browser extensions gaining popularity in the affiliate fraud universe

Affiliate marketing has been around for the last decade and, as always where there’s money involved, it is prone to nefarious intents. Affiliate fraud is constantly evolving and fraudsters are leveraging new techniques to achieve their goals. As security provider PerimeterX reports, deploying malicious browser extensions is gaining popularity in the affiliate fraud universe. We’ll dig into that specific topic a bit later in the article.

What is Affiliate Fraud?

Any kind of illegal activity which aims at cheating merchants, affiliates or buyers can be considered affiliate fraud. Scammers apply various techniques that mislead merchants into paying affiliate commissions that they shouldn’t be paying. This practices range from repeated clicks on income-generating CPC links (cost-per-click) to using sophisticated software that simulate actual users.

Legitimate affiliates are greatly affected by such “black hat” activities. The fraud practice involves redirecting purchases to a parasite site and then cashing the commission which was earned by honest affiliates. The problem is that sites falsely attribute affiliate activity to the fraudster who isn’t contributing at all. It all results in:

  • Paying thousands of dollars in attribution fees of to fake affiliates
  • Ruining potential legitimate and successful affiliate relations
  • Skewing the analytics of affiliate channels

Buyers are not immune to affiliate fraud either as they are affected by spam, deceiving marketing techniques or by simply being misinformed about the product/service they were requesting. All legitimate sides involved in affiliate relationships are negatively affected by affiliate frauds. Affiliate marketing networks face great risks of losing their members (merchants) as they get discouraged in being involved in affiliate programs for fear of being scammed, which subsequently translates into merchants losing actual customers. Also, new fraud techniques are threatening to further erode affiliate’s trust.


Image Source

Tweet this: Business, affiliate, buyer – all legitimate sides are affected by affiliate frauds

How Affiliate Fraud Works

Considering that an affiliate program may pay out up to 30% of what a user spends to an affiliate marketer, it is obvious it makes an attractive target for fraud. Affiliate fraud has several forms, among which the best known are:

  • Spamming techniques – promoting products with tons of bulk e-mail
  • Variation of the vendor’s domain (typo) – registering variations of the vendor successful domain name to lure unaware buyers, and then signing up all those variations for affiliate program
  • Parasite sites and traffic diverting – diverting traffic from the legitimate affiliate to the fraudster’s site
  • Fake clicks or referrals – using scripts or software that imitate human behavior, and generate false clicks or transactions
  • Illegal transactions – making purchases using stolen credit card credentials or registering fake identification info. Usually the purchases turn later in refund, but the merchants have already paid the affiliate commission.
  • Site cloning – copying legitimate affiliate’s sites and content to mislead honest prospects, confusing them and directing traffic towards the wrong site, where conversions finally take place. Merchants are especially vulnerable to this technique because they lose relevant traffic as well as income.

Image Source

Tweet this: Malicious browser extensions often appear legitimate and highly rated in extension stores

Recently fraudsters have significantly improved their game as more sophisticated techniques are being applied, often combining multiple of the above mentioned ones. Deploying malicious browser extension is widely popular among affiliate program scammers where users don’t install malware on purpose. The extensions appear legitimate and are often highly rated in “extension stores”. They manage to stay undetected because they do perform real functions (downloading videos, adding features to Facebook Messenger or even claiming they will let you know who is watching your Facebook profile). PerimeterX’s experts have detected a widespread affiliate marketing fraud attack based on a network of browser extension malware which “hijacks” legitimate users and tags them to collect affiliate and referral fees. Methods of distribution and the impact of the fraud are thoroughly covered in the next chapter.

Malicious Browser Extensions

Extensions add extra functionality to the browser and require a lot of power. They often ask for a variety of permissions to execute their features. With malicious extensions, after installation, monitoring tools don’t encounter any malicious behavior, which stays dormant for the first week or two. A visit to specific pages then triggers the fraudulent activity such as intercepting requests from the browser, modifying traffic or inserting JavaScript snippets.


A 2014 analysis by security researchers covering 48,000 extensions for Chrome detected many that are used for fraud and data theft, and going mostly undetected by users. They often change or add parameters within a URL in order to accomplish affiliate fraud. Some extensions will swap out the legitimate affiliate code for their own and gain credit for the sale, or even swap out ads on a website for their own. There are extensions that go as far as injecting ads into ad-free sites such as Wikipedia and even overlaying them on top of a site’s content. There are cases where extensions up-vote themselves on the extension stores, and even write automated positive reviews, to get broader distribution.

Image Source

Tweet this: Sophisticated malicious extensions make it difficult to distinguish user & malware activity

Some of these malicious extensions have been downloaded millions of times. One specific extension aimed Chinese users injected tracking beacons to user sessions and reported all user activity to a remote server. It was downloaded over 5.5 million times.

The one encountered by PerimeterX is reported as highly sophisticated. It uses real users’ web browsers to perform what is known as a Man in the Browser attack. It develops a centrally controlled botnet which is then used for targeting thousands of websites. Once installed, the software inspects the user’s activity and operates on the user’s behalf without the user’s being aware of it. The sneaky act is difficult to detect because it’s executed from within the browser while the true user is active, making it extremely difficult to distinguish between the user’s activities and those of the malware. It then proceeds to falsely associate user’s activities and eventual purchases on a website to an affiliate that never actually refers the user. The extension scans every site with which the user interacts, checks its database of sites to see if the currently visited one is being targeted, and then “hijacks” the user by associating a referral ID to the user’s session that is accepted by the site. If you want to know more about the technical aspect of the attack reported by PerimeterX make sure to visit their blog post (“The attack, in detail” section).

As the fraud activities piggyback on legitimate users’ transactions, they benefit from the appearance and behavior of real users and manage to monetize by collecting affiliate payouts. It’s also common that fraudsters sell access to affiliates in order to add another layer of disguise.

This way, not only money is drained from the affiliate programs but also their analytics. That way affiliate marketing data gets skewed, losing track of KPI’s, ROI and actual contributor data.

How To Stop It

Affiliate fraud prevention is not an easy task although there are some common best practices to implement. There are a lot of details and signs that can point to fraudulent behavior. Measures can be taken to minimize risks:

  • Checking if the affiliate has an active Web site
  • Checking if the site’s content relates to the products
  • Checking if the affiliate’s site is optimized accordingly for the above mentioned content
  • Maintaining regular communication with actual affiliates

These measures can filter out a big part of affiliate marketing fraudulent behaviors. However, they just won’t be enough in case of advanced techniques which are growing in number and popularity. If you feel your online business is threatened by malicious intents, consider deploying professional solutions to fully secure your assets.

Feel free to contact us if you need assistance in choosing the right provider or have other web performance and security-related questions. Our experts at GlobalDots are here to help you secure your business’ online journey.

Latest Articles

How to Defeat Bad Bots in 2024 (and Why It’s Still So Hard)

Introduction  Bots today outnumber human users in eCommerce sites: From 15% in 2017, to 30% in 2019, to 64% in 2021. Some extreme cases we’ve witnessed peaked in 90-99.8% bot traffic. But perhaps the more concerning bit is the traffic share of bad bots: an approximate 39% of all internet traffic in 2021.   Hackers are […]

Eduardo Rocha Senior Sales Engineer and Security Analyst
13th June, 2024
EBS-Optimized Instances: A Guide to Cut Costs and Maintain Performance

A recent study of over 100 enterprises found more than 15% of AWS cloud bills comes from Elastic Block Store (EBS). But what can you do to cut those costs without impacting performance? The key is to select EBS-optimized instances. With the right combination of EBS-optimized instances and EBS volumes, companies consistently maintain at least […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
19th May, 2024
Cut Big Data Costs by 23%: 7 Key Practices

In this webinar, we reveal a solution that cuts big data costs by 23% and enhances system efficiency - without changing a single line of code. We’ll also explore 7 key practices that will free your engineers to process and analyze data at the pace and scale they need - and ensure they never lose control of the process.

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
15th April, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser


    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni


    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services