Ad networks offer affiliate programs that allow affiliates to generate income. These affiliates are given an affiliate ID that stores a cookie in a user’s browser for a specified period of time. If the user makes a sale/conversion before the cookie expires, the affiliate receives a commission for that sale/conversion.
​
What makes this approach unique is that it does not technically distribute any malicious content. If a user engaged with the page containing the iFrame on the compromised website, they simply transferred a network’s affiliate cookie to the user’s browser.

Cookie stuffing is a form of affiliate fraud where a website drops one or more third-party cookies onto a visitor’s web browser. These malicious cookies cause merchants with affiliate programs to misattribute any traffic with those cookies to the fraudster. So, when the time comes to pay affiliates for their efforts, the fraudster gets credit for traffic that they didn't really help generate.

This can take money away from affiliates who brought the traffic to the business or cause the business to spend money on affiliate reimbursement when the fraudster did nothing to promote their business.

Cookie stuffing harms a company’s affiliate marketing efforts since the affiliates who produce results start to see less profit from the program, which makes them less likely to keep participating.

Iframes are special bits of code on a website that allow HTML codes or documents to be loaded onto the page. This can be used to display ads, videos, documents, or interactive elements from other sources (a common example is an embedded YouTube video).

Sometimes, the “third-party” code used in the iframe can include malicious cookie stuffers—ones that automatically hit any browser trying to load the code in the iframe with a bunch of affiliate cookies. Here is an example of a publisher using an Iframe pixel to stuff cookies on the user's browser and generate fraud conversions.

When users visit a web page with a hidden iFrame like this, their browser loads all the content, whether the user can see it or not. This includes affiliate cookies, which are then stored in the browser.

Some networks will inject up to 20 different hidden affiliate iFrames on a single page to maximize the opportunities. These invisible iFrames are known to slow page load times and can lead to a negative user experience, but they are otherwise harmless to users. If the user makes a conversion before the injected iFrame cookie expires, the network will receive a commission for the purchase. By compromising more websites and distributing their injected Affiliate iFrames, exposure is maximized, as is the number of commissions generated for these black hat marketers, clearly showing that unprotected websites are a resource for bad actors.

To mitigate the risk of serving unwanted affiliate cookies or reducing site performance, website owners can closely monitor changes to their website files by using an integrity monitoring service. This service will make it easy to spot any suspicious or compromised activity.

In Trackier, we have created a shield to block any click coming from the publisher tracking URL, which seems to be the centre for image/ Iframe pixel for cookie stuffing.

Our dedicated server keeps a watch 24*7 for this kind of traffic and keeps blocking it, which makes you safe from paying fraud conversion to your affiliate and managing disrupted CR with advertisers.

​

The above image is a sample of what cookie-stuffing fraud looks like. With cookie stuffing, you’re committing a crime against another affiliate or the advertisers who are paying commissions on sales that would have happened anyway.

We're thrilled to have put together a top-notch team of qualified experts who are available to handle any of your concerns and respond to any inquiries you may have. You can contact us at any time by sending an email to support@trackier.com or using the in-platform chat feature.
​