Who is Hijacking Your Affiliate Marketing?
June 21, 2016
by Ohad Greenshpan
Expected to grow to nearly $7 billion over the next five years (according to Forrester report commissioned by Rakuten Marketing), affiliate marketing is no newcomer and has been at the top three most affective customer acquisition strategies for quite some time.
By effectively connecting between retailers, publishers and shoppers, affiliate networks have been able to create a powerful platform for customer acquisition, specifically catered to the special demands of online retailers. So it’s no surprise that 60% of online retailers plan to expand their affiliate spend (according to CJ).
But, a new type of malware threatens to break this effective and synergetic trio. Client-side Injected Malware (CSIM) enables hackers to inject ads and products onto retailers’ digital assets (on both web and mobile). Namogoo estimates that 15%-30% of online user are infected with CSIM that significantly changes the way they experience the customer journey, damaging their trust and loyalty. There are over 50,000 types of CSIM, including unauthorized ads, inappropriate content (porn and gambling), and various types of spyware and tracking malware. Customers become infected by downloading free software, apps and browser extension that also include malicious components, as well as network and Wi-Fi attacks that inject malware into customers’ devices.
For retailers, the impact of CSIM can be devastating. Product and video ads are particularly enticing and can lure customers away to competing destinations. CSIM also includes spyware that collects data on customers’ online behavior, passwords and even payment details. CSIM attacks often leverage social engineering attacks to collect information via fake surveys and forms that look legit but send the data to unauthorized parties.
In addition to the distracted, and at times unsafe customer journey, CSIM has a massive affect on affiliate marketing. By injecting unauthorized ads injectors essentially create a new form of digital real-estate, which have been used to inject affiliate product ads on top of any website. The injected affiliate product ads are pulled directly off affiliate marketing platforms and can be placed by injectors on competing sites, major publishers but also on the actual advertiser’s site, hijacking retailers’ codes to re-direct traffic within their sites.
Due to this manipulation, retailers become their own adverting real-estate, creating a double customer acquisitions expense. First, retailers need to acquire the initial customer but later during the customer journey retailers may need to pay again via its affiliate program to the injector that placed an ad on top of their site. “Retailers worldwide are subject to affiliate hijacking attacks on a daily basis, accounting for up to 70% of injected (unauthorized) product ads, and creating a massive impact on their customer acquisition expenses” explained Chemi Katz, Namogoo’s CEO. “Affiliate hijacking attacks are likely severely manipulate the customer journey, re-directing customers within the retailer’s site but not according to the designed sales funnel, potentially causing confusion and dis-trust” Katz added.
Despite the momentous impact on customer acquisition expenses and the customer journey, most retailers are not even aware of CSIM. These malware-born attacks run through the end users’ (customers) devices and remain invisible to traditional server-side cyber monitoring tools, leaving retailers unware of the attacks and without the basic capability to assess the damage to its brand.
Therefore, these new and sophisticated attacks require enterprises, and online retailers in particular, to change their security paradigm. For years we’ve been told that making certain that our servers and sites were secure was all that we needed to do to assure an effective customer journey. But CSIM is like a thief walking into a front door while you’re standing guard at the back and its impact is potentially devastating. Affiliate marketing attacks are just one example of a host of new malware-born attacks on retailers’ business model as well as their brand. So after being used to protecting from the inside-out, ensuring a well-secured infrastructure, now it’s time shift the focus to also protect from the outside-in.