Einat Etzioni

Einat Etzioni / 15 min read

Einat Etzioni

Einat Etzioni

-15 min read-

About This Report

As consumer shopping further shifts online each year, creating seamless and personalized customer journeys becomes increasingly critical for retailers. And yet, the reality is that many of the shoppers who visit your website will have a markedly different experience there than the one you had planned.

In fact, today, during 15% to 25% of online shopping sessions, the shopper will be exposed to injected ads displayed via malware, WiFi hijacking, or both. In other words, they will be targeted by Customer Journey Hijacking (CJH).

As the first company to discover the widespread yet hidden problem of Customer Journey Hijacking, Namogoo is leading the mission to educate the market on both its scale and impact on retailers’ eCommerce site and revenue.

Our annual benchmark reports aim to illuminate the behavior of online consumers — both when they are impacted by unauthorized ad injections, as well as when they have been prevented from disrupting their shopping experience. In parallel, these reports bring to light the importance of this impacted customer segment to the digital investments of online businesses.

Findings in this report are based on an analysis of billions of web sessions across verticals. The data in this edition provides a complete summary of 2019 by quarter, and covers both desktop and mobile consumer web sessions in the U.S. and Europe across a variety of verticals.

Key Findings

  • Over 20% of all eCommerce site visitors were exposed to ad injections in 2019, with infection rates peaking during the critical Q4 covering the holiday shopping season.
  • Subscription-based eCommerce sites were hardest hit by Customer Journey Hijacking, followed by online marketplaces.
  • Site visitors viewed close to double the number of pages per web session after having ad injections eliminated from their customer journey.
  • From homepage through to checkout, more than one in 10 eCommerce web sessions were exposed to ad injections on every site section they visited in 2019.
  • Infected visitors protected against ad injections by Namogoo converted over 2.5 times higher. On mobile, protecting the customer journey nearly tripled the conversion rate.
  • After eliminating Customer Journey Hijacking, eCommerce businesses saw checkout abandonment for infected visitors drop 16% on desktop and more than 24% on mobile.


What is Customer Journey Hijacking?

Customer Journey Hijacking (CJH) is a widespread client-side phenomenon whereby unauthorized ads are injected into consumer browsers.

The injected ads can include product ads, pop-ups, banners and in-text redirects when browsing eCommerce sites. Because the malware driving these injections resides on the user’s browser or device, server-side security solutions lack visibility or control over the problem.

While there is some variability in the ways CustomerJourney Hijacking occurs, it is usually executed through a three-step process.

How does CJH occur?

  1. Malware is secretly injected on the user’s web browser. In most cases, this happens when they download free software such as a mobile app or browser extension bundled with adware and other injected scripts.
  2. The malware or adware-driven scripts track the user’s online activity, building a personal profile reflecting their shopping preferences and habits.
  3. When the user visits an eCommerce website, these unauthorized scripts automatically display injected ads. Alternatively, ad injections can occur via Wi-Fi hijacking, exposing even users who have not downloaded malware or adware.



The most common way that Customer Journey Hijacking hurts customer relationships is by guiding your website’s visitors straight into the arms of your competitors. At Namogoo, we have found that promotions for products offered by competing stores account for 60-65% of the injected ads that target customers of the retailers we work with. 

In our survey of more than 1,300 online shoppers, 58% of respondents said that if they were shopping in an online store when they saw a pop-up ad for a competitor selling the same product at a lower price, they would likely click the ad. And 80% said that if they ended up buying from the competing store instead of the first store in this scenario, the competing store is the one they would be more likely to visit the next time they are looking for a similar product.

Worse yet, consumers who view ad injections while visiting a website typically think these ads are coming directly from the site, rather than running on their own digital devices. As a result, if a shopper is in your online store when an injected ad appears, they are likely to blame your company.

In fact, in our study of online shoppers, 78% of respondents said that if they were exposed to an injected ad while shopping on an eCommerce site, they would view that retailer negatively because of this interaction.

Taken together, those numbers paint a stark picture of the damage that Customer Journey Hijacking could cause to your brand reputation and customer relationships.


If you think ads leading to your competitors are harmful, think of the damage that could be done to your brand reputation by the other 35-40% of ad injections.

Of the injected ads that we at Namogoo have identified and blocked, we have found that:

  • 10% promote pornographic websites.
  • 15-20% promote online gambling or gaming.
  • 5-10% are designed to mimic legitimate alerts (such as error messages or recommendations from the user’s operating system) in order to trick users into clicking on them.

How Many Users Are Impacted?

To continuously assess the scale of Customer Journey Hijacking, Namogoo tracks infection rates year-round.

While the scale of infection varies between mobile and desktop devices and fluctuates amongst online product verticals and regions during different seasonal periods, Customer Journey Hijacking impacts every business with an online sales funnel that relies on attracting and converting web traffic.

Infection rate – The percentage of visitor web sessions where one or more injections of unauthorized content are detected.

With more online enterprises today actively preventing Customer Journey Hijacking, companies still vulnerable to this hidden client-side problem continue to have their substantial digital marketing investments into traffic acquisition and sales funnel optimization undermined as a result.

Desktop Infection Rates

Over one in five web sessions on eCommerce sites were exposed to client-side ad injections in 2019. Exceeding 20% in each quarter of 2019, 23.35% of desktop visitors in the U.S. were impacted by Customer Journey Hijacking in 2019, while the year-round average in Europe was 20.58%.

Notably, the percentage of web sessions impacted by malware-driven ad injections during 2019’s final quarter was 12.7% higher than the 21.57% desktop infection rate reported in Q4 2018.

Mobile infection rates

In our 2019 Holiday Shopping Season Report we revealed that more orders were placed on mobile devices than on desktop or laptop computers during the 2019 holiday shopping season in both the U.S. and Europe. Ad injectors took advantage of this trend and looking at the whole of 2019, we see that mobile infection rates in the U.S. increased in every quarter of 2019.

Industry Verticals Most Impacted

Customer Journey Hijacking impacts all verticals since it is driven by digital malware running on the consumer’s web browser. Desktop visitors browsing subscription based services were most impacted in 2019, with 38% being subjected to invasive ad injections. A leading 28.54% of mobile visits to online marketplaces were disrupted by Customer Journey Hijacking.

The Verticals Most Impacted by Quarter

Seasonal impacts fluctuate by industry, with some verticals more impacted than others depending on the time of year. Notably,
the data shows that Footwear and Home product verticals all experienced major increases in Customer Journey Hijacking
in the second half of 2019. In the Travel industry, infection rates in Q4 jumped by over 27% from Q3, showing that as more shoppers browse online for travel destinations, they are also more susceptible to becoming infected with malware-driven ad injections.

Customer Journey Hijacking by Browser

All major web browsers are prone to Customer Journey Hijacking, however Apple’s Safari web browser had the highest infection rate for both desktop and mobile users at 25.44% and 20.99% respectively.

Desktop Browser Infection Rates

  1. Safari 25.44%
  2. Google Chrome 22.93%
  3. Opera 22.49%
  4. Yandex 19.89%
  5. Microsoft Edge 19.15%
  6. Mozilla Firefox 18.14%
  7. Internet Explorer 11  15.18%

Mobile Browser Infection Rates

  1. Safari 20.99%
  2. Firefox iOS 20.85%
  3. Pinterest in-app browser 17.30%
  4. Yandex 13.75%
  5. Facebook in-app browser 10.73%
  6. Google Chrome Mobile 10.20%

Infection Rates by Site Section

To assess where in the customer journey site visitors are most interrupted by client-side ad injections, we segmented infected sessions by site section. The findings show that Customer Journey Hijacking targets every key stage of the eCommerce sales funnel. While category and product pages registered the highest percentage of infected visitors, we can see that over one in ten visits were exposed to unsanctioned ads in every notable site section.

Customer Journey Hijacking and eCommerce KPIs

Injected Ads Target the Best Customers

Namogoo’s Customer Hijacking Prevention solution tracks conversion rates and other key eCommerce KPIs year-round, both for “infected” visitor sessions and “clean” visitor sessions.

The numbers consistently show that infected users have eCommerce KPIs far more promising than other shoppers – even before injected ads are blocked. That’s because the most active online shoppers are the ones most likely to install ad-injecting malware, which is often bundled secretly with free software that users deliberately download. And once Namogoo prevents Customer Journey Hijacking, those infected visitors’ eCommerce KPIs improve even further.

For example, in each quarter of 2019, conversion rates were more than 2.5 times higher among infected desktop visitors protected by Namogoo than among clean users. And on mobile, once injected ads were blocked, infected shoppers had conversion rates roughly three times higher than clean users

Infected visitors – Site visitors using digital devices (such as computers and smartphones) infected with ad-injecting malware (malware that Namogoo can block)

Clean visitors – Site visitors using digital devices not infected with ad-injecting malware


Infected Visitors Have Significantly Lower Checkout Abandonment Rates

Looking at checkout abandonment rates over the course of 2019, we can see again that Customer Journey Hijacking disproportionately targets the best shoppers.

Once injected ads were blocked, infected desktop visitors abandoned their shopping carts 16.06% less frequently than clean desktop visitors. And on mobile, the infected users’ cart abandonment rate was 24.45% lower than that of clean users.

Infected Users Also Show Greater On-Site Engagement

Looking at pageviews per session over the course of 2019, we also see that infected users were far more engaged than clean ones.

On both mobile and desktop, infected consumers viewed nearly twice as many pages as clean shoppers during an average visit to an online store. These differences were clear year-round, but they became even greater during Q3 and especially Q4 – the period including the holiday shopping season.


As the leader in Customer Journey Hijacking prevention, our yearly benchmark reports shed important light on how the widespread phenomenon of client-side ad injections affects the way today’s online shoppers actually experience critical aspects of the customer journey, and the impact this has on critical eCommerce KPIs.

Our data uncovered that the most engaged shoppers are increasingly targeted by ad injectors wherever they migrate during their online journey. Disruptive ads increased not just for desktop shoppers, but on smartphones and tablets as well to hijack and
profit from increased consumer spending on mobile. Ensuring a seamless mobile customer experience today means eliminating these disruptions that aim to undermine these investments for retailers.

Be it on desktop or mobile, keeping site visitors focused at each stage of the customer journey becomes increasingly critical for brands looking to engage, convert, and retain a loyal customer base. With a significant portion of online customers disrupted
by competitor ads and salacious content at each and every stage of the funnel, removing any unwanted friction from the homepage through to checkout is vital to compete successfully in the digital era.

Perhaps the most important findings in this report crystalize the value of shoppers impacted by these very disruptions. These shoppers converted at close to triple the rate once ad injections were eliminated from their experience, abandoned checkout significantly less frequently, and viewed almost twice the number of pages during their web session.

This data speaks to the tremendous importance of the customer experience, and the growth that can be gained by online enterprises when their most engaged shoppers receive the optimal journey uninterrupted.

Einat Etzioni
Einat Etzioni