Affiliate Fraud — The Shady Advertising Secret
What do you call someone who earns money through shady means? A hustler, if you're Google.
In the real world, that's a fraudster—and if you do that in the affiliate marketing world, what you did is called "affiliate fraud."
In a broad sense, this is a subset of ad fraud.
Luke Taylor, Chief Operating Officer at Traffic Guard, while talking about ad fraud, puts it like this:
"The average individual ad fraudster makes $5-20 million dollars a year. The average ad fraud corporation pulls "many multiples of that."
And who's to blame for these scary numbers? Fraudsters who pick on businesses to run their shady schemes.
These schemes are by no margin a small amount, considering the average affiliate fraud attack can cost businesses between 20-65% in sales.
In this post, you'll learn all about affiliate fraud and how to protect your business from falling victim to it.
What is Affiliate Fraud?
Affiliate fraud is a form of advertising fraud where affiliates use illicit techniques to deceive affiliate programs to collect unearned commissions. Another way to put it: Affiliate fraud involves affiliates skimming off the marketers through their affiliate programs.
Before diving in and exploring affiliate fraud, let’s drill down to the cause—affiliate marketing.
What is Affiliate Marketing?
Affiliate marketing is a digital advertising model involving an individual or company earning a commission by promoting the product or service of an advertiser.
Here's an example:
Let's say you run a Shopify store selling denim jackets. You want more sales for your product, so you create an affiliate program. Depending on the structure of your affiliate program—be it individual or company, they're called affiliates.
These affiliates are people who promote your product on different channels to the target market.
In this program, let's say you reward affiliates with a 30% commission on every successful denim jacket purchase. If the price of each denim jacket is $300, at a 30% commission, each affiliate gets $90 upon every successful sale.
A good visual representation of this analogy is this infographic from Shopify.
It's a way for companies to compensate individuals for helping them get more sales on their products or services. Affiliate marketing is no small business; look at these 7 incredible stats.
- The annual spending by marketers on affiliate marketing between 2010 and 2022 has increased from $1.6 billion to $8.2 billion. — Statista
- Affiliate marketing is responsible for 15% of all digital media industry's revenue. — Business Insider
- Amazon holds the largest affiliate marketing share with 46.16% market domination. — Datayze
- The top 5 affiliate categories are Fashion (18.70%), Sports and Outdoors (14.60%), Health & Wellness (11.10%), Travel (8.60%), and Home & Garden (7.40%). — AM Navigator
- Over 80% of advertisers and 84% of publishers run an affiliate program contributing more than 20% to their annual revenue. — Forrester
- The United States is the largest affiliate marketing country with $6.8 billion in affiliate sales. — CHEQ
- Affiliate marketing drives 1% of the UK's GDP — IAB UK
With stats like this, it's no wonder every crook on the internet is looking for ways to get a piece of the pie. Inflating the traffic to the affiliate's website is one of the general ways of every affiliate fraud activity.
They do this using different means, most automated with botnets.
A good example is the case of Aleksandr Zhukov, an affiliate fraud mastermind who cost affiliate programs $7 million from September 2014 to December 2016.
Also, not too long ago, the FTC charged a group of affiliate marketers—spearheaded by Michael Gianullis and Michael Williams with affiliate fraud.
The duo and other affiliates helped promote MOBE (My Online Business Education) to unsuspecting victims using outlandish claims.
MOBE, a proclaimed business coaching, and investment scheme swindled its consumers based on "mentoring services," costing a minimum of $3,000—$4,000 per enrollment to as much as $60,000. I
n the settlement bid, the affiliate marketers were charged to pay $4 million by the FTC and turn over all personal items obtained from their participation in MOBE.
With cases like this being recorded daily, it's obvious affiliate fraud isn't going away anytime soon. A good option for every business would be not to include affiliate programs in their marketing strategy.
But it's quite difficult or even impossible to wipe out an $8.2 billion market accounting for more than 20% in annual revenue. It's safe to say nothing can be done to stop this— and that might be true to an extent.
On the other hand, knowing the type of affiliate fraud you encounter sets you up to prevent, detect and stop it from ruining your bottom line.
5 Common Types of Affiliate Fraud
Cybercriminals are getting smarter and developing different tactics to infiltrate the affiliate marketing industry. The methods they use are common, and below are 5 common types of affiliate fraud you'll come across.
1. App Install Fraud (CPI Fraud)
App Install fraud is a common type of affiliate fraud in the CPI (cost-per-install). CPI involves paying affiliates a commission on every successful app install.
CPI is a common advertising model in the mobile industry, especially with gaming companies looking to attract more users to their apps.
They also make up for 21.07% of the market share on the Apple Store.
In terms of running costs, reports from Data.ai show businesses spending $295 billion on mobile ads in 2021—a 23% growth from the previous year.
On the other hand, fraudsters take advantage of this by faking the installs using bots or manually installing the apps on multiple devices.
A recent report from Datavisor suggests that fraudsters' common methods to generate these massive volumes of installs were through Device ID Reset.
How Device ID Reset Works
- Fraudster engages with publisher's website and clicks on app download link
- This link leads to the app store (Google or Apple)
- Fraudster downloads the app and earns a commission.
- Then, uninstall the app, reset the device ID, and repeat the whole process.
- The advertiser will attribute the install to the publisher and pay an agreed percentage on every successful install
Using app install farms, resetting device IDs on a larger scale becomes possible, bypassing the fingerprint detection—this tricks the app owner into thinking that every install they get is from a new user. Global app install fraud hits 7.8%, costing marketers $2 billion per year.
2. Click Fraud (CPC Fraud)
Click fraud follows the CPC (cost-per-click) advertising model of paying affiliates a specific commission on the number of clicks they receive on an ad.
Affiliates employing click-fraud tactics generate many fake clicks using click farms or manually clicking on the ads themselves.
A more sophisticated approach to doing this with bots. Fraudsters infect different user devices with malware and recruit them into a robot network or botnet.
A good example is the Drainer Bot mobile ad fraud operation. Drainer Bot infected millions of devices through an infected SDK in hundreds of popular consumer android apps like Perfect 365, VertexClub, Draw Clash of Clans, and others.
This malware lets users' devices watch invisible video ads that report back to the ad network as a legitimate publisher website. In reality, the websites are spoofed.
Looking at recent data, click fraud isn't slowing down. More than 14% of all PPC clicks are estimated to be invalid, resulting in businesses losing $20 billion globally.
3. Lead Fraud (CPL)
Lead fraud takes on from manipulating the CPL (cost-per-lead) advertising model. CPL lets advertisers pay for every lead(s) they get through collecting user information; e.g., 84% of marketers use form submission to generate leads.
The affiliates, in this case, have a way of manipulating the data either by using bots to submit forms or buying a list of bad emails from the darknets and using them to prefill your lead list.
For 53% of marketers, spending at least half of their budget on lead generation, these leads are useless.
4. Acquisition Fraud (CPA)
Acquisition fraud goes up a notch compared to the others we've explained due to the complication in the CPA (cost-per-acquisition) advertising model on which it works. In CPA, advertisers pay affiliates a commission upon the fulfillment of a sale.
At first, this model was the most secure advertising model until fraudsters found a way around it.
Using stolen credit cards online, fraudsters can use the cards to finalize the sale.
Based on this type of transaction, credit card companies issue a chargeback on the advertiser's company, making them lose a ton of money, in marketing and in sales.
Reports from Expert Market estimate 30% of all chargebacks were due to stolen credit cards, and the projected cost of chargebacks is estimated to be $117.47 billion by 2023.
On a large scale, bots do the heavy lifting of sourcing the credit cards and finalizing the sale for these fraudulent affiliates.
5. Cookie Stuffing
Cookie stuffing happens when an affiliate places different third-party cookies from different advertisers into a user's computer. Once the user visits any of the websites with already-placed cookies and makes a purchase, the affiliate gets a commission.
Cookie stuffing tops the charts regarding affiliate fraud—mainly because it's the easiest to pull off and difficult to detect.
A good example is the eBay cookie stuffing case involving eBay's biggest affiliate marketer, Shawn Hogan, and his associates.
In the investigation, eBay records paying over $28 million in commissions to Shawn through unearned affiliate sales. Cases like this one are rampant in the advertising industry, costing businesses as much as $42 billion globally.
The issue of fraud in the affiliate industry is advancing faster than companies can find a solution. The average ad fraud attack takes companies 6-12 months before they find a substantial solution—with most attacks taking longer.
And by the time they find a solution, the damage is done, and fraudsters are nowhere to be found.
Uber, an American MAASP (mobility-as-a-service-provider), fell victim to a $70 million affiliate fraud scheme in 2019.
Former head of performance marketing at Uber, Kevin Frisch, noticed that their annual spend on mobile app installation yielded no return.
With an annual budget of $150 million, after exhausting $100 million on mobile ad spend, $70 million went to affiliate fraud, leaving only $30 million in actual affiliate spend.
On the podcast with Alan B. Hart, Kevin says,
"We basically saw no change in our number of rider app installs. Instead, we found that several installs we thought had come in through paid channels suddenly came in through organic.
I started gaining reports and seeing things that just did not make any sense. For example, there is an app with 1000 monthly active users, and in theory, we got 350,000 installs from them.
We kept peeling this back, and we found that someone saw an ad and downloaded and opened the app within two seconds, which is impossible. So we discovered what we had was attribution fraud."
Making a big company like Uber lose over 50% of their mobile ad budget to affiliate fraud sends a message to other companies to be cautious while running affiliate programs.
Nonetheless, talking about these cases isn't going to make it better. Knowing ways to prevent it and having a working solution will help you save a ton on ad budget.
5 Ways You Can Protect Your Business From Affiliate Fraud
Previously, protecting your business from affiliate fraud was a big problem as affiliates, in some cases, have a mix of traffic quality and content, masked behind shady and blacklisted sources.
Nordstrom, an American luxury department store chain, had this issue in 2012 when 2 brothers, Andrew and Allen Chiu, defrauded them of over $1.4m in commissions and rebates. Ensuring your business doesn't run into a similar case like Nordstrom, we've handpicked 5 ways to protect your business from affiliate fraud.
1. Cloak All Affiliate Links
Tracking affiliate data is the best thing you can do to ensure you're running a profitable affiliate program. The default method of giving affiliates a custom code to embed on their website makes it easy to manipulate with techniques like clickjacking.
But cloaking each affiliate's link allows you to monitor every traffic they receive for your offer. This way, you can key performance indicators like traffic sources and country IP.
Additionally, cloaking your link adds a layer of security that makes it hard for fraudsters to manipulate and inject multiple affiliate data to earn commissions.
A common way of cloaking links is using URL shorteners or target URL masking; tools like Bitly and Prettylinks are perfect for the job.
Prettylinks is an affiliate management plugin that does more than just shorten your URL. It keeps track of all your links and reports back to you on their performances.
A bonus feature using prettylinks is the Pretty Bar that takes target URL masking to new level. The web visitor doesn't see the target URL (your affiliate link) in their address bar using the pretty bar.
Bitly is the most popular link shortener among businesses, including Gartner, ESPN, The New York Times, and BuzzFeed.
One of the best features of Bitly is branding shortened links with your custom domain, allowing you to run campaigns.
With these campaigns, you can monitor all links attributed to different affiliates and get detailed reports on metrics to help you run your business.
2. Screen Affiliates Before Accepting Into Programs
It's good having people show interest in your business and be willing to promote it. That shouldn't cloud your judgment in ensuring every affiliate follows due process before entering your affiliate program.
Companies like OGAds have a good screening process that filters out unqualified affiliates wanting to join their network. Before registering, you need to answer questions like these that are almost impossible to fake.
Even after answering these questions, the probability of getting in is low.
A Google search into OGAds would show you hundreds of forums dedicated to bypassing the verification—half of which are unsuccessful due to the strict verification process.
Now, these rejections are solely to protect the business, and it's one you should incorporate into your business.To give you an idea, here's advice from a user on the AffiliateFix forum.
Screening affiliates puts you in the front line, ensuring everyone entering your affiliate program is verified and uses a legit source to promote your offers.
3. Track Affiliates' Traffic
Monitoring traffic is a daunting task. But monitoring who's directing people to your website becomes important when you're running a business and incorporating affiliate programs into your marketing strategy.
There are better ways to track your affiliate's traffic while still running your business effectively. The best approach to doing this is to keep a log of all affiliate IDs and create a set of triggers on your traffic monitoring tool.
Suppose you're using a link shortener like Bitly or Prettylinks. In that case, you'll get all the data on your dashboard — and the same goes for Google Analytics.
Here's an example from Bitly.
After keeping this log and tracking them from time to time, you'll begin to see patterns differentiating good affiliates from bad ones.
Let's say you notice an unusual spike in traffic from an affiliate at odd time intervals. Keep track of the behavior and dive deep to understand why.
Suppose you notice the traffic is from shady and unsupported regions masked as legit ones. In that case, you can reach out to the fraudulent affiliates and either warn them or kick them out of your program.
4. Use Device Fingerprinting
First, let's define device fingerprinting. Device fingerprinting is all information collected on a device for identification. A common word used for this is "cookie."
When users visit and interact with your website, the browser collects their fingerprints and stores everything concerning their session. A quick overview of what the browser collects during each visitor's session include:
- Time zone
- System fonts
- Browser plugin details
- Screen size and color depth
- The hash of canvas fingerprint
- Limited supercookie test
- Hash of WebGL fingerprint
- HTTP_ACCEPT Headers
- DNT header
All these help in many instances, allowing the faster loading of websites on the visitor's subsequent visit.
Another good use case is combating affiliate fraud. With this, you can identify if an affiliate is trying to use the same device to trick your system into thinking it's a different one.
You'll also detect devices running through proxies and masking their real location or device ID.
5. Switch to an Affiliate Fraud Solution
Running an affiliate program is considered one of the best marketing strategies that helps drive more sales and propels growth for any business.
Eight out 10 brands run an affiliate marketing program, in fact. In countries like Canada, affiliate marketing drives 16% of ecommerce sales. These irresistible stats lead marketers to prioritize the benefits over risks associated with it.
However, we recommend switching to an affiliate fraud solution.
Using Edgemesh's Affiliate Fraud Solution
A secure affiliate program does two important things for your business:
- Establishes trust in the minds of your customers
- Ensure your marketing budget isn't going to waste via fake clicks.
With Edgemesh, you're achieving both without worrying about affiliate fraud.
We can save you from paying out unearned commissions to bad affiliates by combining traffic monitoring, analysis report, device fingerprinting, and several affiliate fraud protection tools.
Thinking of making the switch? Give edgemesh a try today. Plus, you’ll get a 14-day trial with no credit card info required.