Cookie Stuffing:The Blackhat Online Marketing Technique | Virus Positive Blog
  • viruspositive

Home>Resources>Blog> Cookie Stuffing:The Blackhat Online Marketing Technique
Cookie Stuffing

Cookie Stuffing:The Blackhat Online Marketing Technique

Affiliate marketing has grown many folds in the past few decades. As per a recent study by Statista, affiliate marketing spending in the U.S. alone will reach $8.2 billion by 2022

While affiliate marketing has become an unmatched tool to drive traffic, affiliate trap, on the other hand, has taken the industry by a storm.

One of the many traps used to con the advertisers is Cookie Stuffing. This article will discuss internet cookies, cookie stuffing, and their impact on your brand image, advertising ROI, and buyer experience.

What Are Cookies?

A cookie refers to a text file on an individual's web browser where the websites can read or write a unique ID. 

A web cookie also referred to as an HTTP cookie, is a text file that stores the users' browsing data. When a user visits a website, the web server sends a cookie to the individual browser: these cookies store browsing data and user information.

Cookies allow a website to track an individual's browsing history, save their credentials, and store all users' data valuable to the advertisers or affiliates. The server creates data stored in a cookie upon your connection, and this data links with an ID unique to your computer. When the cookie gets exchanged between the user computer and the network server, the server reads the ID and provides personalized content.

Cookies help websites track the user and use the information to personalize the user experience. A few of the significant uses are listed below:

  • User Session: A session cookie contains a unique ID that matches a user session with relevant content for that user. When a user visits a website, the server generates a session cookie and sends it to its browser. The cookie stores the user information for a specific period or until the user session is active, depending on user preference.

  • Personalization: As cookies store users' personal and browsing information, it helps in providing a personalized experience to the user by auto displaying the user information and products/services as per the choice.

  • Tracking: The cookies help track the user activity and pass the information like the reference source of the user, products the user is viewing, and more.

The advertisers using affiliate marketing programs depend on cookies to track the sales happening through their affiliates and compensate the affiliates for driving traffic to their website.  

What is Affiliate Marketing?

Affiliate marketing is a type of online marketing that is of utmost benefit to both – the brands and the marketers. The brand is referred to as Advertisers, while the marketer is referred to as the publisher.


 Affiliate Marketing Process

The publishers promote advertisers' products and services on their websites and other online platforms. The advertisers, in return, pay commission to the publishers for driving traffic to their website and successful sales of their products.

The publishers can pick up from the wide range of products listed on the advertiser's website and promote it on their website. These transactions are recorded via affiliate links, and the information is stored in the cookies. The advertisers then pay a commission to the publishers who drive traffic and increase sales.

Affiliate marketing has its share of advantages and disadvantages for both – Advertisers & Publishers. While the advertisers get access to many user traffic without getting into the hassle of marketing efforts, the publishers get commission on actual sales and qualified leads. The dark side of this industry is that the advertisers do not have visibility of the platforms used by the affiliates to promote their services and products. They need to have a tracking mechanism to monitor the affiliate activities. The open platform makes the industry more vulnerable to fraud and theft.

Advertisers use cookies to track and record the sales happening through each affiliate. Publishers follow illegitimate ways of dropping cookies on a user's system to monetize the sales. The unscrupulous practices of affiliate marketing dig a hole in the brand's marketing budget, as they compensate the affiliates without getting legitimate user traffic. The affiliates promoting ethically do not get ethical commission and lose interest. The advertisers lose customer trust because of fake deals and multiple redirections. And the list of disadvantages is never-ending. The brands are now shifting towards using brand monitoring tools and preventing customer journey hijacking by monitoring affiliate activities.

What is Cookie Stuffing?

Cookie stuffing is an illegitimate technique where a malicious affiliate drops multiple cookies in the user's browser or system to monetize the sales happening through that browser. Through cookie stuffing, the threat inhibitors can either stuff unwanted cookies or overwrite the legitimate existing cookies. It's difficult for advertisers to detect this kind of trap, and they lose their marketing revenue.  

"Cookie stuffing creates wrongful attribution. It's essentially stealing the credit for someone else's attribution." – David Sendroff, CEO, Forensiq.

For instance, a web publisher registered with a brand or an affiliate network to promote its products/services will commission every visitor purchase. If a user's browser is stuffed with third-party cookies, the third party will take a cut in commission even though they did not help in the transaction.

The threat actors either stuff fresh cookies or overwrite the existing, legitimate cookies in the user system, essentially stealing commission from another affiliate.

Cyber attackers use cookie stuffing to earn commissions from multiple advertisers without driving any sales themselves. 

Cookie Stuffing: How Does It Work?

Cookie stuffing is a one-click attack or session riding tactic used to exploit a website maliciously. The attackers do that by submitting the unauthorized commands recognized by the web applications.

Every time a user visits a website, the site drops cookies. There can be different ways the fraudsters sneak and overwrite cookies on the user's web browser. The most common ones are listed below:

  • Adware: Adware is software that displays ads in the form of pop-ups once installed on a user system. Marketers use these for effective promotions, but the malicious ones can change users' browser settings, add spyware, or bombard users' devices with advertisements. The malicious affiliates use adware to inject the user system with the affiliate cookies and earn a commission without getting user traffic for the advertisers.

  • Pop-Ups: A pop-up advertisement is a common and attractive way of catching user attention. Affiliate marketers use this tactic to instantly get users to click on their links and redirect them to the advertiser's page. Malicious affiliates induce adware in the user's system and bombard the system with ads and pop-ups. These pop-ups are programmed to make announcements and attract user clicks. As soon as the users click on the pop-up ads, the malicious affiliates inject cookies in the user browser and monetize all sales happening from their browser.

  • iframes: iFraming or inline framing is inserting/embedding a separate HTML page within an existing HTML page. Most advertisers have a readable product page, and the affiliates embed an iFrame on the target page with an affiliate URL. When the buyer makes a valid purchase, they leave an affiliate link, and the affiliate frauds earn a commission for the same.

  • JavaScript: The malicious affiliates can use JavaScript to redirect visitors to a different product page and inset affiliate cookies. Cybercriminals seek an advantage for an additional redirection without acknowledging the visitors. 

  • Zero Pixel Images: The illegitimate affiliates insert a zero-pixel image on the advertiser's website. It is a transparent or invisible image that appears as a blank space to the user and contains an affiliate link. When the users click on the hidden picture, the page reloads, and the user gets redirected to the product page with an affiliate cookie inserted in the browser. The affiliates can then earn a commission for all the sales from the user's browser.

  • Style Sheets: Cascading style sheets are helpful in coding pages visible all over the site, and it is possible to make such sheets look like an image and load them on every page of the advertisers of the advertiser's site. It is a trap that is the most common and challenging to detect, and it alters cookies for the users and achieves inappropriate advantages from affiliate marketing programs.

How do threat actors benefit from cookie stuffing?

There can be various intentions for injecting cookies; the major ones are below:
It alters cookies for the users and achieves inappropriate advantages from affiliate marketing programs. It is a trap that is the most common and most challenging to detect.

  • Monetizing through affiliate marketingAffiliates get paid for the completed transactions by promoting the advertiser's products on their websites and other social media platforms. The malicious affiliates use cookie stuffing as one of the mediums to earn a commission without getting legitimate users for the advertisers. They pose a threat to the advertiser's brand reputation and marketing budget.

  • Collecting User DataAnother use of cookie stuffing is to collect the users' data by storing their information like email address, contact details, browsing history, shopping preferences, and more. Affiliates can use this information for marketing purposes. They are collecting user information and using it for purposes other than specified resulting in a breach of user data policy and poor customer experience.

  • Tracking browser history: Cookies are used to track and monitor the user browser history to provide a personalized experience to the end-users. At the same time, this information is sensitive and private and requires approval from the user, affiliates record and use it without consent from the users. Such acts result in losing the trust f the users in the brand and directly hampers the brand reputation.

The process of affiliate marketing includes promoting the products and services of the advertiser on the publisher's website. Whatever sale initiates through the publisher's website, they earn an affiliate commission for the same.

If the user visits an affiliate website, clicks on the ad, lands on the advertiser's website, and purchases. The advertiser attaches a cookie to track the journey of the customer. If they find the path of the customer through an affiliate network, they offer them the affiliate commission.

What is the impact of Cookie Stuffing?

Whether it is a publisher running a cookie-dropping script inadvertently or a user installing a fraudulent extension, it ends up affecting the advertiser's brand image and end-users buying experience. As the advertisers attribute a sale to the recent affiliate, fraudsters often get the cut in case of cookie stuffing.

  • General Data Protection Violation: The data security regulations, such as the European Union's (EU's) General Data Protection Regulation, states that it is unethical to collect the user's data and expressly forbid collecting data without permission. In contrast, cookie stuffing violates such rules and stores the user data via cookies without seeking approval.

  • Legitimate Affiliates Lose Commission: Such acts affect the legitimate affiliates' earning capacity as the traffic they get to the advertiser's website is tracked by the cookie already stuffed in the user's system. And, the advertiser ends up paying Illegitimate affiliates.

  • Brands Lose Their Revenue: Advertisers pay commissions to their affiliates for driving traffic to their website and contributing to increasing their sales. Cookie stuffing helps the fraudsters monetize the sale from the traffic generated by legitimate affiliates. Advertisers end up paying the dupers and hurt their advertising budgets.

How to defend from malicious affiliates?

Virus Positive Technologies (VPT) is pioneering the market of Affiliate Fraud Management & Brand Protection. VPT's disruptive methodology identifies non-compliant behaviors that hurt conversion rates and damage the brand's reputation. A few are listed below:

  • Pop-up ads

  • Brand-bidding (the use of brand name keywords that are prohibited)

  • Incentives (any incentive practices, such as offering cash for clicking)

  • Aggressive & Misleading creatives

  • Malvertising (injecting malicious ads or links into legitimate ads)

  • Unauthorized Creatives (the visuals or links for custom ads)

  • Pre-landers & fake browser alerts

  • Google Display Network (any promotional activity on the GDN platform)

  • Spamming and Bundling

  • Forced redirects (clicks injected into consumer web sessions that divert customers to competitor offerings)

VPT offers a range of Brand Compliance Monitoring tools based on customized customer requirements and Affiliate Management Services to track and monitor the activities of the publishers in the advertiser's affiliate network. Our digitized services protect your brand reputation and give your customer an undisrupted experience. Visit our website, Virus Positive Technologies, or write to us at

Visit our Next blog, which is about The Malicious Bots


Popular Posts

Gaurav Sethi | Co-Founder & CEO

Gaurav is a passionate people man who has worked on delivering business solutions and unlocking business value for a wide array of clients across different industry verticals and across different geographies. He has been an esteemed speaker at various Ad tech events for many years. With his pedigree rich in technology and business management, he has been an entrepreneur for over 15 years.

Enquire Now