12 Mar 2018

Shadow traffic in affiliate networks

Read later or share with friends

Inventive and creative publishers can earn a good sum through an affiliate network. But some publishers can be inventive not in a good way and they make up sophisticated ways to generate much traffic of poor quality. The smoothest punishment for such ad spaces is that they will be banned. But if advertisers reputation is strongly harmed, dishonest publishers will get the severest punishment — they will be not only fined but also will have to defend themselves in court.

Sometimes novice “innocent” publishers have checked the requirements to ad spaces in the offer description and everything seems to be fine. But they read about some profitable way of generating traffic in some shady article on the Internet and decided to try it and to make money on it. And as we all know, ignorance is not an excuse. To avoid such situations Admitad Academy has compiled an article about fraud and forbidden traffic in the affiliate network so that you won’t be unfairly guilty.

No. Just never

In this part of the article we will discuss strictly forbidden traffic sources. In the affiliate network it is called fraud — when a dishonest publisher tries to imitate users activity using different technical tricks.

      Buxes and  Active Advertising Systems (AAS). They are online stocks where publishers post tasks and promise reward for their fulfilment. Tasks can be of different types: “Download an app”, “Sign up for the game”, “Click on all Y banners on the website X”, “Click on this link and stay on the website for 2 minutes, then click the banner in the right corner and scroll down the page till the bottom”, “Click this link, start playing and invest 5 cents in the game” and other pretty easy tasks. The advertiser, who posted an offer in the affiliate network, expects actions on CPI or CPL (installations and leads) and sees that the publisher attracts active traffic and pays him the reward. The publisher pays some part of this reward to the users who fulfilled those tasks.  But in this case users are not interested in the advertiser’s product, they are motivated by the reward from the publisher that is why such traffic is of poor quality and incentive. Incentive traffic can be accepted by advertisers in rare cases, for example, if an advertiser needs many installations of their app so that it will be in the top of application stores. But the advertiser will include this requirement in the offer description.

     Pretence to be the advertiser. If you think that you can copy an advertiser’s website in order to attract traffic to the real website of advertiser through it and the advertiser will be happy about that, you are making a huge mistake. This rule also relates to communities in social networks – you cannot just call yourself an official brand representative on Facebook or Instagram. We recommend confirming almost all brand mentioning with the advertisers as it is their reputation.

      Cookie stuffing. It is the situation when the cheater replaces the cookie of an honest publisher with his cookie. The cheater kinda convinces the advertiser that he has attracted the customer, although he did nothing for that. Cookie stuffing can work through:

      Toolbar. Toolbar — is the place in browser where users keep their saved tabs, buttons for fast access to the required websites and useful resources. As toolbar is attached to the browser it can “track” which pages the user loads and even affect their contents. The cheater can create the extension for the toolbar like “Weather forecast” or “Currencies” and include his cookies in them. That is when the concept Last Cookie Wins starts working. Without any suspicion a user installs the extension to have up-to-date forecast and from now on each time the user visits advertiser’s website, the systems supposes that this traffic was attracted by the publisher-cheater even if the user came through clicking other publisher’s banner or advertiser’s contextual ad. This happens because all cookies which are attached in the browser with cheater’s toolbar is replaced with cheater’s cookies Toolbar can turn all links at loaded page into affiliate links by attaching cheater’s cookies to them so that all traffic will be considered to be attracted by him.

      Iframe or img tags. Basically, they are pieces of a code which can be included in website html, and you can attach the affiliate links to these pieces. These tags give an opportunity to create an area of indicated size on the website and to open the contents of other websites in this area.  The example of legal usage of iframe: we can paste a video from YouTube on our website using that code and users will be able to play it, and at the same time it will be on YouTube – so we get kinda website inside the website. The same thing happens with an image with img tag. The illegal ways to use such tags: a publisher takes the affiliate links to the offers of the most popular shops and places them on his website (entertaining portal for example) in the form of iframe or img tags. But users do not see them as these tags are of 1х1 pixel size. The user opens the website which loads whole html code (including the tags of the affiliate links). The system sees that the user visits advertisers’ website but actually it does not happen. And the affiliate links has cookies of cheating publisher which are attached to the user. And if within the cookie lifetime the user decides to buy something on the advertiser’s website (that is why popular brands are usually used) and he did not click any affiliate links of other publishers, then the sell will be considered attracted by publisher-cheater. And this cheater could have replaced the cookies of an honest publisher without making any efforts to promote. How it happens: the user clicked on a banner (got the cookie of the 1st publisher) to visit advertiser’s website (for example H&M) and he found cool hoody but decided to buy it next day. After the H&M website he decided to visit some entertaining site to watch a movie, and while he is loading the page with the chosen movie dozens of tags with affiliate links to advertisers’ offers (including H&M) are also loaded on the same page. Those tags also contained cookies of website owner (2nd publisher). The user watched the movie, closed the website but 1st publisher’s cookies had been already replaced. The very next day he made up his mind and went directly to H&M website and bought the hoody. But who got paid? Unfortunately, the cheating 2nd publisher got paid, although the customer had been attracted by the first publisher through the banner.

      Browser and link redirect. It is a kind of virus which is attached to the user’s computer. When a user searches for something on the Internet or tries to open some site, one gets redirected through the affiliate links of the publisher who has spread that virus.  Even if the user doesn’t want, one is forced to visit advertiser’s website and at this moment cheater’s cookies replace other publishers’ cookies.

      Changed settings of public WIFI. We all know that it is possible to catch a virus through the public networks at restaurants, stations, hotels and so on.  Unfortunately, some publishers make this situation even worse as they set some WIFI routers in the way that even if a user comes directly to the advertiser’s website, he will have the cookies automatically attached to him.

This is not a full list of fraud types which dishonest publishers use to replace cookies of other publishers. There are many more ways to replace cookies without a user realizing it.

Allowed, but tricky

Some traffic types are not actually fraud but advertisers do not tend to allow and trust them. Mostly it is due to the fact that they are afraid that publishers will attract the customers through the channels where advertisers can attract these customers by themselves and so the publishers will become sort of their competitors. Another bad thing that can happen is that publishers may harm advertiser’s reputation or will replace some honest publisher’s cookie what will ruin good relationship with the advertiser. These channels aren’t bad, but they can be used only if the advertiser allows it and if the traffic quality will remain high.

      Brand bidding. This channel should not be used when the advertisers promote their brand through it as they do not want publishers to become their competitors. But this channel can be used when the brand is unknown and has just entered the market or when company does not have resources for contextual promotion.

      Adult traffic. It is the traffic driven from the websites with adult content like pornographic or shops with goods for adults. This traffic is well converted in some categories but strictly forbidden in others. It would be actually extremely weird to find the advertisement of goods for children on such websites. But on the contrary promotion of other ways of spending leisure time like online-games or food delivery can be very efficient.

      eMail spam. We all hate this type of advertisement. When you create an email letter for promoting some goods you should remember about quality and quantity. The letter should be well-designed, the offer in it should be beneficial for the receivers and increase their loyalty, and it is very important that frequency should be adequate. If an advertiser finds out that the publisher sends daily several letters to potential customers, one will forbid this traffic source so that the customers will not get annoyed. The same will happen in the situation when the email base was stolen or the users did not agree to receive emails. The same story happens with SMS-sendings and push-notifications.

      Teaser networks. The fact that these networks are called teaser gives us the hint that there is something provocative about this advertising channel. This channel got its fame through ads which content is dedicated to making people click on it at any price. This channel can be effective if you know how to show some product in the way that everybody will be surprised but at the same time it should be truth («This cream will remove 50% of your wrinkles»). If you made up some story («Secret method from Chinese scientists! You’ll look 10 years younger at once if you take this pill!»), most of the advertisers would not approve it as you lie to their customers.

     API traffic. The publisher acts like a broker who collects credit data of users for financial offers, on their behalf he fills in the applications for credit, credit cards, loan and send them to the advertiser from his ad space. Not all advertisers trust API traffic as the information gathered from potential customers is confidential. Its collection, storage and transfer to third parties is subject to the law and if you cannot act in accordance with the legislation, it is better not to work with API traffic.

      Click-under, pop-under, pop-up. It is a half-legal type of cookie stuffing which consists of tabs and banners which show up no matter if the website visitor wants it or not. Such ads can close the whole screen and show up in a new tab or in the new window behind the page after the visitor clicks on any spot on the site. They arouse different levels of irritation but they cannot stay unnoticed. If an advertiser allows this traffic source, you should not go too far.

      Retargeting/remarketing. There are many opinions regarding this traffic source. Somebody says it is not an independent customers source but just return of the customers (as the potential customers have visited advertiser’s website). Some advertisers do not mind if their customer will be “caught” and convinced to come back and finish the purchase. Anyway, this should be clarified with the advertiser.

No, it isn’t fraud

Let’s imagine the situation: a user saw a banner with new smartphone ad which was posted by the publisher Х. The user clicked on the banner, checked the smartphone and decided to buy it and even added it to the cart. But suddenly he recalled some cashback/coupon website (publisher Y owns this website), the user uses this link from that website and comes back to buy the smartphone. The cookie of the publisher X has been replaced with the cookie of the publisher Y.

Is it fraud? No, it is not. Because the user has decided by himself which link to use. Nobody cheated or replaced cookies, just the user was offered some bonus as a motivation (and he will get it only if makes the purchase so it is not incentive traffic). Publishers have different business models and in this case the model of publisher Y was more successful.

But we are talking about real cashback or coupon websites not fake ones which only promise bonuses but do not provide them.

FraudBusters: Admitad case

In current CPA-world, fraud detection systems should be improved and driven at least half automatically.

Admitad has developed the system of fraud detection in contextual advertising. The affiliate network has invented the mechanisms which can automatically detect the most complicated traffic fraud.  Based on monitoring results the system sends reports to the publisher who (intentionally or not) has conducted some cheating with advertisements and to the Advertisers Account Manager.

Let’s take a look at how it works. A cheater decided to place the advertising of aliexpress.com in Google search. In his Google AdWords account he indicated several words which are forbidden for Aliexpress offer (for example “aliexpress”) and he launched the advertisement in some regions.

Our system detects such violation:

This is how cheaters are displayed in the system

This is how cheaters displayed in the system

Then everything happens automatically:

      the system identifies which publisher-participant in the affiliate network has launched this advertisement.

      it finds the manager who is responsible for the advertiser’s affiliate program in the frameworks of which the ad was discovered.

      it notifies the publisher about the violation. The notification includes the links and proofs, the list of rules which have been broken and request to change the setting of ad campaigns.

      it notifies the employee who is responsible for the advertiser’s program where the violation was discovered in order to make sure that the cheater will not get paid.

      it registers the publisher in the internal system of fraud.

It is better to emphasize again that all these processes should be held automatically. The reason why we say so is simple – it will help to avoid human factor, forgery or other things that can undermine our customer’s trust and worsen the affiliate network rating at the competitive market of CPA marketing.

The work on controlling other traffic sources is also conducted. The purpose of such work is to make sure that all fraud will be declined, and actually nowadays it is not difficult to achieve it.

Not only publishers

Advertisers can cheat too. Affiliate networks catch advertisers on breaking the rules as well. It happens when after verification an advertiser intentionally declines some real orders which were attracted by the publisher and corresponded to all offer rules. The situation when real leads unfairly disappear from statistics or are not verified is called shave. Of course, sometimes it happens accidentally (due to a technical error, for example), but it also happens intentionally (when the representative of an advertiser or intermediary agency pretends that some part of traffic was attracted by them not by publishers). Some shadow affiliate networks even conduct shave by themselves. If you suspect that some party is working unfairly, check the following things: а) check if your ad space is in accordance with all rules and requirements (you might accidentally started attracting forbidden traffic and the advertiser banned you), b) if other affiliate networks produce the same result on this offer, c) at what stage the leads can be “stolen”, d) why advertisers decline the actions. Admitad has created special tool «Lost orders» which will help you to track the status of orders or to find out why it was declined.


Actually, fraud is easily detected so it is pretty silly to assume that you’ll attract forbidden traffic, get money for that and nobody will notice it. Most likely that you will get caught, the traffic and orders will be declined and you will be banned from the affiliate network forever. The same we can say about “middle” traffic – we can also track when some part of traffic is fraud, even if it is just a little part. Traffic control system of Admitad monitors daily traffic and catch the cheaters.

In order to detect fraud we just need to see consumer behaviour on the advertiser’s website (the amount of time spent on the website before performing the required action, user’s route on the website, conversion and so on) and then we make conclusion. Usually consumers have pretty predictable and logical behaviour on websites, so it is easy to notice any descriptions and check them. The same thing happens to advertisers and agencies which try to “shave” good traffic — publishers will notice really fast that their statistics differ from verification results.

Cooperation in the affiliate network is a “win-win” model, which produces results only if each party works fairly and thinks about both sides benefit.

Read later or share with friends


Leave comment