Ohad Hagai

Ohad Hagai / 23 min read

Ohad Hagai

Ohad Hagai

-23 min read-

About This Report

Customer Journey Hijacking, a client-side phenomenon where unauthorized ads are injected into consumer browsers, is a growing yet invisible problem for eCommerce sites. This issue is widespread across the web — yet the eCommerce industry has only been made aware of its existence in recent years.

As the first and only solution to help online businesses eliminate the impact of Customer Journey Hijacking, Namogoo is leading the mission to educate the market about the scale and impact of this problem on both user experience and online business revenue.

Findings in this report are based on an analysis of hundreds of millions of page views across verticals, and include exclusive data insights that provide an in-depth look into this phenomenon and how it is affecting online businesses.

This report summarizes the data from the first six months of 2018 and compares it to the fourth quarter of 2017. Data in this report covers both desktop and mobile consumer web sessions in the U.S. and Europe across a variety of verticals.

To ensure industry knowledge of Customer Journey Hijacking and awareness of its scale and impact remains at the forefront, this report will be updated at the end of each quarter with new trends and insights.

The Namogoo Team

About Customer Journey Hijacking

What is Customer Journey Hijacking?

Customer Journey Hijacking is a rapidly growing phenomenon where unauthorized ads are injected into consumer browsers. These unsanctioned promotions are injected by digital malware that infects browsers and devices when users install software downloads or program updates, or in other cases, when they connect to public WiFi networks.

Once the digital malware is running on the web browser or device, online consumers are interrupted by injected product ads, pop-ups, banners and in-text redirects when browsing eCommerce sites. Because the malware resides on the user’s browser or device, server-side security solutions lack visibility or control over the problem.


The Scale of the Problem

According to a widely referred-to Google report, ad injections impact tens of millions of users globally, and have been cited as the single largest source of frustration amongst Chrome users.



In the course of analyzing hundreds of millions of web sessions weekly, Namogoo’s data shows that 15-25% of all user web sessions are exposed to unauthorized ads. In 40-70% of these cases, the ads feature competing promotions or products that divert customers to the retailer’s competitors. These infections increase substantially during peak shopping seasons such as the holiday season and can exceed 30%.


The Impact to Online Businesses

In the digital commerce arena, any interruptions distracting customers away from the intended online experience hurt the ability for businesses to convert and retain site visitors, and generate revenue. Through various types of injected ads, Customer Journey Hijacking disrupts users throughout their journey with invasive promotions that redirect them to competing product offers, cutting directly into eCommerce conversions and revenue.

In Namogoo’s 2018 Consumer Behaviour Study surveying over 1,300 U.S. online shoppers, over 58% of consumers indicated they were likely to click on product ads offering lower-priced products, while over 77% stated that encountering pop-ups, banners or advertisements from other sites would negatively impact their view of that retailer. Customer Journey Hijacking is estimated to cost businesses between 2-5% in annual revenue.

Additionally, unsavory and inappropriate content also appear to web visitors, further damaging the business’s brand equity.

Want to read the rest of the eBook?

Fill in the form below and read the next chapters!

Key Findings

  • In Q1 2018, more desktop users in the U.S. were infected with Customer Journey Hijacking, at 21.22%, than in Europe, at 20.09%; but European desktop infection rates reached 22.56% in Q2 2018, surpassing the U.S. infection rate of 19.11%.
  • The highest rate of infected mobile users was in the U.S. in Q4 2017 at 18.21%, while European mobile infection rates have risen from 13.37% in Q1 2018 to 17.30% in Q2.
  • A leading 62.51% of desktop users impacted by Customer Journey Hijacking use the Google Chrome web browser. At 79.38%, the majority of infected mobile users are disrupted by unauthorized ads when using Apple’s Safari Mobile browser.
  • Users on all major desktop web browsers exhibited high infection rates. Apple Safari users were the most impacted for both desktop and mobile browsers with infection rates of 24.91% and 19.52% respectively.
  • Desktop users in Q2 2018 were most infected with injected ads when browsing subscription-based (22.01%) and apparel (21.60%) websites, while mobile users were most impacted when browsing footwear websites at 20.94%.
  • Product pages were the most impacted part of the online journey for infected users across verticals with 31.56% exposed to injected ads. 28.74% of infected users encountered such ads after arriving at the checkout stage of their journey.
  • 38.69% of all infected users are interrupted by banner ads when visiting a website, while 30.59% are disrupted by pop-ups. 28.18% encounter product ads and promotions.
  • Infected users on both desktop and mobile convert over two times more frequently than clean users after Customer Journey Hijacking has been blocked from interrupting their online experience.
  • Checkout abandonment rates were dramatically lower for infected users that had unauthorized ad injections blocked from disrupting them at the last stage of their journey.

Customer Journey Hijacking: How Many Users Are Impacted?

While Customer Journey Hijacking is impacting both desktop and mobile users, the proportion of this phenomenon differs between devices.

In order to assess the scale of Customer Journey Hijacking, Namogoo’s methodology uses the term infection rate, which refers to the percentage of user web sessions where one or more injections of unauthorized content are detected.

Desktop Infection Rates

Infection rates for desktop users in both the U.S. and Europe substantially impact online revenue for businesses. Interestingly, the Q1 infection rate in the U.S. was 21.22%, notably higher than the 18.09% rate for Europe. This regional trend shifted in Q2 where European infection rates of 20.60% exceeded the U.S. infection rate of 19.15%.


Mobile Infection Rates

Infection rates on mobile devices are generally lower than on desktops. This can be attributed to the fact that while mobile browsing is increasing, most conversions still occur on desktops. Since the business model of malware creators is based on affiliation commission, most of their activities target desktop-specific browser extensions and other web services. However, with mobile traffic continuing to grow proportionately, it’s important to note that mobile users are less patient when it comes to disruptions, so the magnitude of these unauthorized distractions can be particularly harmful to online businesses.

Similar to the trend seen in desktop, mobile infection rates in Europe rose in Q2 2018 from Q1.


The Top Browsers Amongst Infected Users

When analyzing all infected web sessions for the entire reporting period, the browsers with the greatest share of users interrupted by injected ads can be clearly seen. At 62.51%, the highest percentage of infected desktop users are using the Google Chrome web browser. An even greater majority was identified when looking at infected mobile users, with 79.37% of all users impacted by injected ads using the Safari Mobile browser.


Customer Journey Hijacking by Browser

No web browser is safe from Customer Journey Hijacking. All of the web browsers most adopted by consumers have a significant percentage of infected sessions. Perhaps surprisingly, the highest infection rates for both desktop and mobile users belonged to Apple’s Safari web browser (24.91% for desktop and 19.52% for mobile). The mobile data also revealed that mobile users on Facebook’s in-app browser were second-most infected. With more mobile users browsing content posted on Facebook, the vulnerability to unauthorized ad injections on the world’s largest social media platform is a metric to watch going forward.


Customer Journey Hijacking by Vertical

Customer Journey Hijacking impacts all verticals since it is caused by malware running on the consumer’s device. Seasonal impact by vertical fluctuates, with some verticals more impacted than others depending on the time of year. The highest desktop infection rates in Q2 were seen in the subscription-based (22.01%) and apparel (21.60%) verticals. For mobile sessions, the most impacted vertical during this same quarter was footwear with a 20.94% infection rate.


Impact of Customer Journey Hijacking Throughout the User’s Journey

For the entire reporting period, we segmented infected web sessions by website section to assess where in the user journey site visitors are most interrupted by injected ads. A leading 31.56% of infected users were most exposed to unsanctioned promotions when visiting product pages on an eCommerce site. This high percentage is not surprising given that malware-driven injections tailor advertisements based on the product category the user is visiting.

The next two site sections with the highest infection rates were checkout at 28.74% and search results pages at 23.82%.

Note: Infection Rate by Website Section refers to the percentage of injected ads for all infected user sessions according to which section of a website they appear.


Customer Journey Hijacking: Types of Injected Ads

Customer Journey Hijacking includes several types of unauthorized injected ads — each with their own method of targeting the user. Results of the analysis showed that a leading 38.69% of infected users were interrupted by banner ads when visiting a website. This was followed by pop-ups, which featured in 30.59% of all infected sessions, while product ads featured in 28.18% of infected sessions.




What Types of Ads Are Disrupting Users?

Namogoo defines these types of malware-driven injections as part of the consumer-side threat to online businesses known as Customer Journey Hijacking:


Product Ads

A product ad is a smart widget that displays to users specific products they’re likely to be interested in based on their current or historic browsing patterns. With many sites regularly using related product recommendations, these types of ad injections can be very damaging; many are laid out subtly and appear as an integral part of the website.



Pop-ups can appear in front of a website and cover site pages and product displays with related products linking to other sites. They can also launch a new browser window on top of the one the user is viewing. Usually executed using some sort of JavaScript, pop-ups often divert the user’s attention from their online journey.



Also known as display ads, these are image-based advertisements that attempt to attract users’ attention to specific brand offerings and other web services. The visual nature of banners promotes competing brands, adversely impacting the user’s experience and perception of the hosting site’s brand.


In-text redirects

In-text ads locate existing text links within website pages and redirect them to external links, and in many cases, competitor sites. These redirects are most often entirely invisible and can be especially disruptive to users trying to navigate through a site, search products, or click on register, sign-in or checkout links.


Types of Injected Ads by Vertical

We compared injected ad types by industry to learn which kinds of disruptions appear most prominently to infected visitors browsing different product verticals. Subscription-based websites were most targeted by related product ads, which appeared to 38.92% of all of their infected visitors. 49.54% of all infected users browsing for apparel products encountered banners in various sections of the site. Nearly half of all infected users visiting online marketplaces were exposed to pop-ups.


Conversion Rates

One of the most common misconceptions regarding infected users is that they are less digitally savvy and are not as important a target audience for eCommerce businesses to focus on. Our data compares the conversion rates for clean users against those of infected users after injected ads were blocked to provide them a distraction-free experience.

The charts below demonstrate the importance of the infected user segment to online business revenue. As seen below, previously infected users for whom injected ads were blocked from running converted more than twice as frequently as clean users. This was consistent across device types and regions examined. While this may seem surprising at first, it actually highlights that the most active online shoppers are more inclined to download extensions and other web services that are bundled with digital malware — and consequently become infected.

While unauthorized injected ads disrupt these users, they are still more active online consumers than the rest of the population. When these distractions are removed from their online experience, they end up converting at a much higher rate.


Checkout Abandonment Rates

Similar to our conversion data, we compared the checkout abandonment rates for clean users with infected users after removing Customer Journey Hijacking from their experience. While overall checkout abandonment rates fluctuated moderately over the past three quarters, a much wider gap can be seen when comparing infected users who had injected ads blocked and clean users that left at the checkout stage. As shown below, users previously infected with injected ads abandoned their carts far less frequently than clean users in all three quarters covered in this report. As with our conversion findings, this highlights that the most active consumers are often exposed to unauthorized promotions as a result of downloading malicious content. Once these disruptions are removed from their experience at checkout, they abandon this critical stage of the sales funnel less frequently, and proceed to make their purchase.


Ohad Hagai
Ohad Hagai

Ohad Hagai is SVP Marketing at Namogoo. He leads marketing, communications and digital strategy at Namogoo, and brings a wealth of experience in eCommerce. An MBA graduate from Duke University, Ohad still gets Final Four fever every spring.