Cookie-Stuffers Attack!

Cookie-stuffing is a menace to both merchants and affiliates. For merchants, fake referrals created by rogue websites can cost an affiliate program thousands of dollars for sales that should have been credited to other traffic sources. At the other end of the buying funnel, affiliates can see sales gained from their hard-won visitors being stolen away when cookies are over-written. It is a major problem.

Today we have a particularly bad example, as revealed by ace investigator, Ben Edelman. Eshop600.co.uk, a British coupon site, is reported to drop "dozens of cookies invisibly," via encoded JavaScript disguising hidden IMG tags that redirect to a variety of affiliate networks including such majors as CJ and TradeDoubler.

Edelman's report includes a list of 26 different merchants targeted by Eshop600, among them some of Britain's largest retailers, grocers and department stores.

In addition he shows the enormous efforts that the alleged fraudsters have gone to in order to hide their cookie-stuffing exploits:

Eshop600 also tried other methods to avoid detection. Load an Eshop600 page repeatedly, and it won't stuff cookies every time; the site is clearly attempting to recognize repeat visitors to avoid restuffing the same users more than once. That makes Eshop600's practice harder to replicate (an extra challenge for anyone trying to prove an infraction) and helps reduce telltale signs in merchants' logs.

The performance marketing industry is fighting a battle to change its image among major brands and agencies. The CPA networks take most of the brunt of fraud attacks, but as Edelman shows, the CPS side of the industry can not relax. Cookie-stuffing websites should be banned from every network.