Modern affiliate marketing networks provide an infrastructure for connecting merchants seeking customers with independent marketers (affiliates) seeking compensation. This approach depends on Web cookies to identify, at checkout time, which affiliate should receive a commission. Thus, scammers ``stuff'' their own cookies into a user's browser to divert this revenue. This paper provides a measurement-based characterization of cookie-stuffing fraud in online affiliate marketing. We use a custom-built Chrome extension, AffTracker, to identify affiliate cookies and use it to gather data from hundreds of thousands of crawled domains which we expect to be targeted by fraudulent affiliates. Overall, despite some notable historical precedents, we found cookie-stuffing fraud to be relatively scarce in our data set. Based on what fraud we detected, though, we identify which categories of merchants are most targeted and which third-party affiliate networks are most implicated in stuffing scams. We find that large affiliate networks are targeted significantly more than merchant-run affiliate programs. However, scammers use a wider range of evasive techniques to target merchant-run affiliate programs to mitigate the risk of detection suggesting that in-house affiliate programs enjoy stricter policing.
[1]
Vladimir I. Levenshtein,et al.
Binary codes capable of correcting deletions, insertions, and reversals
,
1965
.
[2]
Tyler Moore,et al.
Measuring the Perpetrators and Funders of Typosquatting
,
2010,
Financial Cryptography.
[3]
Christopher Krügel,et al.
Hulk: Eliciting Malicious Behavior in Browser Extensions
,
2014,
USENIX Security Symposium.
[4]
Benjamin L. Edelman,et al.
Risk, Information, and Incentives in Online Affiliate Marketing
,
2015
.
[5]
Chris Kanich,et al.
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
,
2015,
WEIS.