Different Types of Affiliate Fraud

Learn More About Our Products

Lead Fraud

Lead fraud exploits cost-per-lead (CPL) marketing, where affiliates receive payments for generating potential customer leads. This model is popular among service providers like insurance companies, law firms, and educational institutions, often offering substantial commissions to affiliates. Leads can be form fills, phone calls or requests for information, all of which can be exploited.

Malicious affiliates will use a variety of schemes to commit lead fraud:

• Fake Leads: Fake lead information is entered using bots, manually or through click-farm operations
• Stolen Credentials: Stolen names, emails and other information of real people is submitted
• Misleading Leads: Users enter their lead information under a fake pretense from the affiliate.
• Reselling Leads: Affiliates collect legitimate lead data and improperly submit them to multiple merchants.

These leads will often look legitimate at first glance but end up wasting money paid for commissions and time pursuing prospects that don’t exist.

Install Fraud

Install fraud involves the cost-per-install (CPI) marketing model. Here, advertisers are paying the affiliate for every install of their app the affiliate generates. This model is used most often by brands, gaming companies, and developers looking to target mobile users. This fraud can occur in a number of ways: 

• Device farms: People are paid less than the commission (typically in underdeveloped countries) to install an app, giving credit for a meaningless download 
• Emulator farms: One device is configured to emulate multiple devices so false credit for several downloads can be taken, usually done at scale, compounding the problem 
• SDK spoofing: Less common but can still happen, the app itself is hacked to report false information/install data giving download commissions to the wrong affiliates 
• Backdoor installs: An unrelated and seemingly legitimate app is downloaded and proceeds to download other apps without the user’s knowledge 
• Malicious software: Software previously installed will take credit for other app installs it didn’t earn

Like other forms of fraud, the install fraudster fakes installs using bots, malware, or manually installing apps on multiple devices. Sophisticated bots can not only install apps but also forge user actions within the app to make the install appear legitimate. These fake installs earn fraudsters illegitimate commissions. 

Sales Fraud

Similar to click fraud but more specific to affiliate marketing, cost-per-acquisition (CPA) fraud or sales fraud, occurs when affiliates take credit for completed transactions that appear legitimate to earn a commission but are later found out to be fraudulent. Unlike other forms of affiliate fraud, it’s a simple straightforward scam: lying and stealing.

• Misleading marketing: Affiliates purposely misrepresent the product or service to obtain a sale. 
• Stolen credit cards: Fraudsters buy stolen credit card credentials to generate sales knowing those sales will be subject to chargebacks. 
• Malicious software: Just like with install fraud, a program on a user’s device falsely attributes the sale to the scammer, stealing the commission. 
• Cookie stuffing: Adding cookies to a browser to falsely indicate browsing history or track the user

Affiliate sales fraud can be devastating for merchants because not only do pay out a commission on a sale that didn’t happen, but you then have to deal with upset victims and other affiliates. By the time the victim of credit card fraud flags the transaction and demands a chargeback, the fraudster is gone, keeping their commission.  

Click Fraud

In a cost-per-click (CPC) affiliate campaign, an advertiser pays an affiliate for every click an ad receives. Unscrupulous affiliates will fake clicks to collect click bounties they don’t deserve. This can be done in a variety of ways but is usually one of the following methods: 

• Manual: A scammer physically clicks or pays someone else to click on ads  
  • Click farms: People are paid to click links at scale 
  • Malicious actors: Individuals take the time to click to drive up costs 
• Programmatic: Automated programs generate clicks for scammers  
  • Traffic bots: Automated programs designed to click 
  • Malware botnets: Hacked devices are used as traffic bots 
• Technical: Software or platform exploits are used to fake or generate clicks
  • Cookie stuffing: Using cookies to steal credit for clicks 
  • Click stuffing: Using one user click to generate multiple fake clicks 
  • Clickjacking: Hiding what the user will be clicking using design 
  • RTB click fraud: Fraud that exploits RTB ad platforms to drive clicks

Regardless of how it’s done, each click drains the marketing budget while providing no return on ad spend. 

Impression Fraud

The pay-per-impression (PPI) model for affiliate marketing is ideal for exposure to your target audience because they’re easy to distribute and cheaper to buy than clicks but may still result in clicks. Payouts are done by cost per thousand views (CPM) and though affiliate commissions are low for impression fraud, that doesn’t stop fraudsters from attempting to steal them: 

• Ad stacking: Layering ads on top of one another but taking credit for them all 
• Pixel stuffing: An ad the size of a pixel is counted as an impression 
• Cookie stuffing: Cookies are added to take undue credit for views 
• Domain spoofing: When affiliates show ads on unapproved or fake sites 
• Ad injection: Hacking a publisher’s site to place ads 
• RTB impression fraud: Fraud that exploits impression data on RTB ad platforms