Discover how to fight affiliate cookie stuffing in iframe, what are the best actions you can take to remove this threat from your business and stop losing money.
Affiliates are given by the affiliate networks an affiliate ID number that stores a cookie in a user’s browser for a specified period of time. If the user makes a sale/conversion before the cookie expires, the affiliate receives a commission for that sale/conversion.
What makes this approach unique is that it does not technically distribute any malicious content. If a user engaged with the page containing the iFrame on the compromised website, they simply transferred a network’s affiliate cookie to the user’s browser.
iFrame: It is used to add HTML code inside another HTML code. Generally, this technology is used to place ads on websites. Where advertisers are given a section on the website to place their creative codes.
Here is an example of a publisher using Iframe pixel to stuff cookies on the user browser and generating fraud conversions.
When users visit a web page with a hidden iFrame like this, their browser loads all the content whether the user can see it or not. This includes affiliate cookies, which are then stored in the browser.
Some networks will inject up to 20 different hidden affiliate iFrames on a single page to maximize the opportunities. These invisible iFrames are known to slow page load times and can lead to negative user experience, but are otherwise harmless to users.
If the user makes a conversion before the injected iFrame cookie expires, network will receive a commission for the purchase.