Affiliate fraud pt. 2: The detection


After our last post, where we touched some affiliate fraud types let’s move one step forward and  find those who use the presented techniques. I think there is no need to point out the importance of the fraud detection.

Detection of email and chat spamming


To detect email and chat fraud, you have to take a close look on the referrals. Easy to find if they don’t hide it, and you can see if the visit or the signup is coming from a known chat service or an email provider. In some cases affiliates hide their referrers with url shorteners, or referral spoofing redirect scripts. In this case, analyse the affiliates’ best converting campaigns. If the visitors arrive without referrer or from a wide range of url shorteners and the campaign is converting too good to be true, chances are you got yourself a spammer.

Detect typos


Basically this is the easiest to detect, but quite hard to decide on what to do with it. You have a typosquatter, you can see the referral domain and it’s converting okay. First thing you can do is to kick them out, but then they might drive their traffic to another offer (or even worse, a competitor), so this is not the best solution. You can try to sue them, but that’s quite long and complicated, and if they really face the law, they can change their sites to something completely different. Also lawsuits burn loads of time and money, and the results are not always that great. An acceptable solution is if you detect the typosqatter fast and buy their domains (or if you are lucky enough you can simply wait till the domain expires and bid them out :) ).It can take some extra time, but you can protect yourself from a major headache.

The best you can do here is prevention. Make sure to buy the main tld’s and the most common typos for your site.

Detect chargeback fraud


The best way if you focus on the prevention, not just detection. If you have lots of fraudsters trying to pay from stolen cards in your system, your bank will set limitations on your site, maybe even ban some card types for some countries. So better take this seriously.

The detection part is not too complicated here either. Look at the campaings’ productivity and referrals. You will see direct traffic and huge conversion rates. Unlike chat fraud, the users will buy like there’s no tomorrow and ask for chargebacks from their banks as soon the affiliate got paid. If you don’t have an inhouse transaction analyst, then you better keep an eye on the affiliates that brings you significantly more chargebacks than others.

Cookiestuffing detection

When someone sets a cookie, you will see that as an url call. Take a look at the site where the call occured. As an affiliate manager you can see the referring site “”, visit it and you can check if you received an affiliate cookie just for the site load. If yes, then congratulations, you found an amateur cookie stuffer. Kick this bad actor out from your program!

Fraudulent affiliates can make some masking to this process, where they add a tracking site to their pixel, and they can adjust the percentage of the stuffing and exclude some ip addresses, like the affiliate program’s office. In this case make sure you check out the affiliate’s site a couple of times from different proxies. Also you should check network console and look for suspicious url calls in the background.

Additionally, you can have a quick glance on your conversion funnel. Let’s say user arrives to a specific action after 4 minutes on the first visit. If the affiliate’s average from first visit to conversion is way too big compared to that, you better dig a bit deeper. It can be alarming as well if an affiliate started to send you huge traffic, and you can’t see it in your .js based tracking (e.g. google analytics). The reason of this is that Flash won’t run the tracking .js just call the url and set the cookies. Make sure you do some background checks on the affiliate’s site or mediabuying campaigns with Whatrunswhere or other advertising spy tools and check the referral sites with Similarweb and for suspicius details.

For more advanced and automated detection tools and systems, contact our team!


Leave a Reply

Your email address will not be published. Required fields are marked *