Originally published on Mar. 24, 2015, this article has been updated to include an explainer video that covers a cookie-stuffing scheme exposed by cybersecurity firm Confiant in January 2023.
If there’s money changing hands online fraudsters are going to try to find a way to skim a percentage from the transaction. Fraud is a well-documented pox on digital advertising, but it’s also an issue for publishers and marketers working together on affiliate marketing deals, too. One of the more tried-and-true techniques is cookie stuffing. Let us explain.
First: explain what a cookie is?
There’s a lot of jargon here. Affiliate marketing is a process through which one business pays another for either bringing in clicks or, for retailers, sales on their sites. So if publisher X sends some visitors to Amazon to buy toothpaste, publisher X gets a small percentage of those sales, usually pennies on the dollar.
So WTF is cookie stuffing?
With cookie stuffing, while publisher X sends visitors to Amazon, a separate publisher actually gets credit — and hence money — for the sale. They do this by dropping multiple cookies after someone views a page or clicks on a single link. The hope is that dropping multiple cookies increases the chance that the person will go on to visit and buy from one of the commerce sites in question.
“Cookie stuffing creates wrongful attribution,” said Forensiq CEO David Sendroff. “It’s essentially stealing the credit for someone else’s attribution.” He said surreptitiously dropped cookies often replace those from legitimate publishers.
Where do these fake cookies come from?
The fake cookies come from a variety of sources — including pop-ups, scripts, toolbars and images embedded in message boards. Cookie stuffing is also common on online coupon sites, which fraudsters uses to drop handfuls affiliate cookies.
Why does it matter?
It matters because many more publishers are getting into affiliate linking. Gawker, for example, compiles a long list of affiliate link each days via its Kinja Deals series, and takes a cut whenever readers make a purchase. More affiliate linking fraud means less revenue for legitimate publishers.
It seems like a small problem.
It isn’t. Marketer Shawn Hogan helped scam eBay out of $28 million in online marketing fees from eBay before the company worked with the FBI to catch him in a sting operation. Hogan got sentenced to 5 months in prison, three years probation, and a $25,000 fine.
So why hasn’t cookie stuffing been stamped out?
The problem is that people like Hogan are the exception: Affiliate linking scammers are pretty hard to catch. For advertisers, hallmarks of cookie stuffing can include abnormally high or low conversation rates, depending on the techniques scammers use.
“With cookie stuffing, you’re committing a crime against another affiliate or the advertisers who is paying commissions on sales that would have happened anyway,” Sendroff said. “It’s not as eye-opening and it’s harder to catch because the advertiser has still made money.”