Warning - New Affiliate Cookie Stuffing Forum Trick - Stealing Sales
Wanted to be sure forum owners and mods are aware of a growing problem. Black hatters are teaching affiliates a relatively new way (or at least only recently openly discussed way) to stuff hundreds of thousands of cookies on forums. FYI for those that aren’t aware, cookie stuffing steals commission from honest affiliates that should have gotten the sale. Cookie stuffing is not new - it’s this new method of doing it, that I am talking about.
I just discovered the problem at the 5 Star affiliate forum a few weeks ago. I researched how they are doing it and now we are catching a growing number of affiliates trying this unethical way of making sales. We’ve been banning them right away, but after catching another cyber crook today, I decided it’s becoming a big enough problem that we needed to set up a rule for it. So we added to our forum rules: “NO COOKIE STUFFING ALLOWED - Any type of cookie stuffing or cookie dropping (setting a cookie without a user generated click) will result in an immediate ban - no warning, no questions asked!”
For those that don’t know about cookie stuffing, it’s a way of loading cookies onto unsuspecting surfer’s browsers. The surfer never clicks a link or ad on an affiliate’s site or in the case of forum cookie stuffing, there is not even a link to click. They just get a cookie planted they never should have gotten.
It is OUT AND OUT STEALING!
For newbies that don’t get it or gray hatters that think cookie stuffing is OK, here’s a scenario. Let’s say you are doing PPC to drive traffic to Wealthy Affiliate for example. You PAID for a visitor, who then clicked to your site, is interested, clicks over to WA and likes what he sees but does not join.
Later in the day your potential new customer visits a forum and some black hat trickster secretly loads HIS cookie on YOUR customer’s browser. Your customer never clicked the black hatters link, visited his site or read his presale copy. The black hatter did NO ethical work at all. That night your customer goes back to buy. It should be your sale. You caused the last legit click! But the black hatter gets the commission. YOU PAID for that visitor - the BH did nothing to earn the sale - just stole it from you.
I’m not telling anyone here how it’s done because I don’t want to teach anyone how to do it. I can give forum owners a little heads up about how it’s done. It frequently happens like this. You have an existing thread about WA, eBay, Amazon or some other popular affiliate program. The black hatter will usually post a very innocent sounding post like “I’m a member of Wealthy Affiliate too and I’ve gotten some good info from it.” He won’t even sound like he’s trying to promote anything, because he doesn’t need to convince anyone to click his link - there is no link to click! You won’t see a link or anything else that would alert you that he’s cookie stuffing. There’s an easy way to catch these guys, but I doubt you’d ever even think of it, if you didn’t know that you should be suspicious.
I use Wealthy Affiliate in these examples because that’s what some of the cookie drops we’ve seen are for - but that’s probably because since we have an affiliate forum, that would be a popular option for our members. If you have a computer forum they are probably dropping Buy.com or eBay cookies or something.
If you own or mod a forum and would like to find out how you can catch black hatters and prevent them from stealing affiliate commissions on your forum, email me with the subject “Cookie Stuffing on Forums”.
You may also want to add something about it to your forum rules. We added: “NO COOKIE STUFFING ALLOWED - Any type of cookie stuffing or cookie dropping (setting a cookie without a user generated click) will result in an immediate ban - no warning, no questions asked.”
FYI this method also would be SUPER easy to do on blogs, blog comments and social media sites too, so keep your eyes open.
Added later: Have gotten some Qs from folks. No it’s nothing to do with iframes.
New here? Subscribe to RSS feed or follow me on Twitter. Thanks for visiting!
#1 Vlad wrote on Wednesday, June 11th, 2008:
Hello Linda,
This is not a new method. I read about it some years ago on a BH forum, but it was done a little bit different. The black hatters bought millions of popup/popunder views on second tier ad networks which they redirected to pages stuffed with Ebay and Amazon cookies. I saw people bragging that they were making tens of thousnads of $ this way.
I totaly agree with you that this is stealing, but I don’t thik that someone can do something about it. Maby the affiliate networks would be able, but they have no interests.
#2 Linda Buquet wrote on Wednesday, June 11th, 2008:
Hi Vlad,
No cookie stuffing is not new at all.
I’m saying this is a new method of doing it. It’s totally different than what you describe. One of the unique things about it, is that they aren’t sending anyone to a page on their site to drop the cookies (like some coupon sites do). They aren’t using a link, they aren’t using anything you can see.
“but I don’t thik that someone can do something about it. Maby the affiliate networks would be able, but they have no interests.”
Yes there is a way to do something about it. That’s why I’m letting forum owners know what to do.
Some networks do kick you out for cookie stuffing and BH that do it in volume often get caught.
#3 CT Moore wrote on Wednesday, June 11th, 2008:
Do the forums have to allow HTML for BHers to pull this off?
#4 Linda Buquet wrote on Wednesday, June 11th, 2008:
Hi there Chris,
Nope it can be done with BB code as easily as HTML. There is a particular feature in both HTML and BB code that could be disabled to prevent it, but it’s a feature most forums would not want to turn off. The detailed info I’m emailing to people that request it, explains it all.
FYI for those who have expressed concern. I would not send the info if a stranger with a yahoo email requests it. So far the requests have all been from legit forum owners who email me using their forum email address.
The marketing coordinator for Clickbank who runs their CB forum requested the info. I’m sure that forum is a PRIME target. So I’m happy he’s a regular 5 Star reader and saw this post.
#5 CT Moore wrote on Wednesday, June 11th, 2008:
@Linda,
I asked because I know of a way to do it with HTML, but didn’t want to mention it since we’re trying to prevent further hijacking.
#6 Linda Buquet wrote on Wednesday, June 11th, 2008:
Hi Chris,
I’m wondering if we are talking about the same technique. We should compare notes by email. I’ll shoot you a copy of the last one
I sent someone, then let me know if you are talking about a different trick.
#7 BlackHatter wrote on Wednesday, June 11th, 2008:
Boehoehoe, crybaby
I am a blackhatter and i stuff cookies, is it ethical guess not but i dont care about that, what i do care about is my bottom line and it seems everyone is doing it so i do it to, and you know what i am making a ton of money with it, and that is in the end all that matters to me, food on the table.
And most merchants dont give a rats ass, most of my sponsors (adult and mainstream) know what i am doing, know where i get my traffic from (SE Spamming and fucking up your rankings) but like me all they care is the bottom line sure there are a view exceptions on the rule but take it from me some well known networks don’t give a shit.
And there are ways to be and stay completely under the radar, so sorry but i will keep going with stuffing my cookies in your jar
Now cry me river
#8 videoscript wrote on Wednesday, June 11th, 2008:
Cookie stuffing is rife, that blackhatter is correct, everyone is doing it, and there is no way to stop it!
#9 eBay Sues High Profile Affiliate for Cookie Stuffing and Fraud - 5 Star Affiliate Marketing Blogs wrote on Wednesday, June 11th, 2008:
[...] It sounds to me like what they were accused of doing, at least in part, is this black hat cookie stuffing method I blogged about recently. Warning - New Affiliate Cookie Stuffing Forum Trick - Stealing Sales [...]
#10 James Trotta wrote on Wednesday, June 11th, 2008:
I may be missing the obvious here, but what’s the email addy for people who need more info on protecting their forums from this cookie stuffing thing?
#11 Linda Buquet wrote on Wednesday, June 11th, 2008:
Sorry James I get several emails about this a week, so people are figuring it out but I should have added it to the post.
It’s linda AT 5staraffiliateprograms DOT com
#12 DigitalPoint being sued by eBay for cookie stuffing! wrote on Wednesday, June 11th, 2008:
[...] a user generated click) will result in an immediate ban - no warning, no questions asked!” Warning - New Affiliate Cookie Stuffing Forum Trick - Stealing Sales - 5 Star Affiliate Marketing Bl… ——————– Brandon Sheley / vBulletin Setup Staff Check out our Newsletter for the [...]
#13 Afif wrote on Wednesday, June 11th, 2008:
Recently found out about this news. Especially worried on how to mod my forum now. So thos the forum owner gets to pay the price or the members?
#14 Arnold wrote on Wednesday, June 11th, 2008:
Thank you for bringing this to our attention, Linda!
#15 SEO & Security for Bloggers wrote on Wednesday, June 11th, 2008:
[...] scripts. These scripts can execute an array of malicious actions, from installing spyware to cookie stuffing — which can outright steal referrals from you by overwriting your affiliate cookies with [...]
#16 Caleb wrote on Wednesday, June 11th, 2008:
I’m guessing the “easy way” for finding pout is to right click to ”
view source” ?