How You May Help “Cookie Stuffing” Scammers

Learn about cookie stuffing and other affiliate scams: Internet Scambusters #858

If you’re a blogger who uses ads to monetize your site, or an online merchant with an affiliate program, you may be a victim of cookie stuffing.

This tactic aims to steal compensation for online sales that rightfully belong to someone else.

Even end-use shoppers can become victims, as we explain in this week’s issue.

Let’s get started…

How You May Help “Cookie Stuffing” Scammers

Are you helping website crooks earn income without knowing it, merely by visiting their page — encountering a trick known as cookie stuffing or affiliate marketing fraud?

Let’s start by explaining what affiliate marketing is. It’s a way of earning income from a website by directing visitors to another website that pays for these leads.

So, for example, may run an ad or a link for If someone clicks this link, visits ExampleSiteB, and makes a purchase, ExampleSiteB pays a commission to ExampleSiteA for bringing them in.

How does ExampleSiteB know where the visitor came from? Because ExampleSiteA places a cookie, or tiny piece of computer code, on the user’s machine that identifies them to ExampleSiteB.

This is not only a legitimate way of marketing, it’s also highly profitable for some of the people who do this, known as affiliates.

Programs also operate via emails. A common example is an email that promotes cut price books on Amazon. Users subscribe to a daily list of price reductions — and if they click on one of the books and buy it on Amazon, the list publisher gets an affiliate commission.

All-in-all, affiliate marketing is big business both for the originating and sales sites. In fact, on Cyber Monday last year (November 26), an estimated 16% of all sales, worth around $1.3 billion, came from affiliates. The annual total of affiliate sales is forecast to reach $6.8 billion by next year.

So far, so good. All perfectly legal. Everyone wins, including, usually, the shopper who finds what they’re looking for, often at a good price.

But it turns out that some of those deals are not quite what they seem. Research a couple of years ago suggests that more than a third of affiliates working with Amazon were defrauding not only the online retailer but also other genuine affiliate sites and, in some cases, customers.

According to tech entrepreneur Monica Eaton-Cardone, affiliate fraud is a rampant problem. She quotes the example of alleged affiliate fraud mastermind Alexander Zhukov, who was said to have bilked $7 million from online merchants.

In another case, a crooked marketer was alleged to have earned $28 million in illegal fees from eBay.

Writing for the current events site, Eaton-Cardone says that the scammers’ tactics include spam emails with clickable links, typo-squatting (see Beware of Typosquatting and New Identity Theft Warnings), networks of hijacked computers, identity theft and cookie stuffing.

Cookie stuffing? In very simple terms, this involves our fictional ExampleSiteA placing cookies on the users’ machine without them ever clicking a link. In some cases, scammers may place multiple cookies for one site or single cookies for multiple sites, in hopes of eventually reaping a reward.

This type of fraud mainly affects businesses that run affiliate programs — not the end user.

But these days, many home users actually run blogs, forums and other websites that carry advertising as a way of helping to cover costs or even generate income — “monetizing” to use Internet parlance.

If you’re one of them, it’s important to abide by the rules and contractual requirements of the program operators.

You should also be aware of typosquatting, where someone uses a website name similar to yours, or perhaps a misspelt version. These sites could be stealing potential income from you. If this happens, notify the affiliate program operator immediately.

And if you are a merchant who runs an affiliate program, make sure you check out the credentials of would-be partners and tie them up with a watertight contract. Then monitor their activities, looking out for unrealistically high conversion rates.

In rarer cases, consumers can also be affected.

This happens when a user likes to buy products through a specific affiliate. For instance, they might choose to buy through ExampleSiteC because this company donates all its commissions to charity.

This works while the user has an ExampleSiteC cookie on their computer. But the actions of scammers can result in legitimate cookies being overwritten and the commission going to the scammers.

To avoid this, you should always visit your chosen affiliate site immediately before making a purchase.

Remember, too, that these scammers are posting cookies on your computer that are potentially illegal. There’s not a lot you can do to prevent this except to clear or block cookies altogether.

Monica Eaton-Cardone foresees continuing growth of affiliate marketing — and a corresponding increase on cookie stuffing and other fraudulent activities, with us, the users, as unwitting accomplices.

Alert of the Week

A new rash of one-ring call scams is currently sweeping the nation.

The trick involves a scammer, usually based overseas, calling numbers at random and then hanging up after a single ring — actually the whole thing is automated on computers.

The hope is that a curious victim will try to call the number back. If so, he or she will unwittingly connect to a premium phone line that lands a huge charge on their bill.

The latest outbreak involves calls from either the North West African country of Mauritania, or the Baltic state of Lithuania. The calls frequently arrive in the middle of the night, sparking added concern.

There’s a simple solution — don’t phone back after a one ring call. If you happen to know someone in the originating country, contact them directly through the personal number you have for them.

Time to close today, but we’ll be back next week with another issue. See you then!