What is Affiliate Hijacking?

Affiliate marketing is a powerful channel for driving growth, but it's not without its risks. One significant threat that can silently undermine a brand's revenue and reputation is affiliate hijacking. This deceptive tactic, also known as brand poaching, direct linking, or URL jacking, involves affiliates impersonating a brand to steal clicks and commissions.

TLDR

Affiliate hijacking significantly impacts your brand's finances, causing both direct and indirect harm (see below). The direct harm comes from paying affiliates fraudulent commissions for sales you would have acquired anyway through your own channels like paid or organic search. This means revenue that isn't incremental to your business. Your own branded search conversions are often much cheaper than the commission paid to a hijacker for the same sale value. The cost disparity can be significant; for instance, a brand might pay less than 15$ for a conversion on branded keywords via their own campaigns, but pay an affiliate commission of 150$ for a hijacked conversion of the same value.

This wastes ad spend and drains your marketing budgets. However, the harm extends beyond this direct cost. The indirect harm occurs because hijackers competing on your branded keywords in paid search auctions drive up your Cost Per Click (CPC). This increased competition forces you to pay more just to appear for your own brand terms. Stopping hijacking can lead to substantial reductions in branded CPCs, even 30% reduction can be a lot of money. Overall, hijacking results in wasted money, misattributes revenue, causes channel conflict, and affects reporting data. It's a widespread issue impacting many brands and potentially a large percentage of traffic.

What is Affiliate Hijacking?

Affiliate hijacking occurs when affiliates fraudulently earn commissions by intercepting traffic intended for the brand. They achieve this by exploiting loopholes in search engines to impersonate brands and place ads on branded keywords. These rogue affiliates create paid search ads that look identical to the brand's own ads, often copying ad copy, logos, and other identifiable features. They use similar headlines, descriptions, and even the same display URL to increase the likelihood that unsuspecting users will click on their ad instead of the brand's legitimate ad.

To someone looking at a Search Engine Results Page (SERP), a hijacked ad appears no different from a regular brand advertisement. The customer typically has no idea they have clicked on an affiliate ad. However, behind the scenes, the click is being redirected through the affiliate's tracking link before the user lands on the brand's site. This allows the affiliate to earn commission on subsequent purchases that the brand would have captured directly through their own channels like organic or paid search.

More sophisticated hijackers use complex systems and advanced cloaking techniques to hide their actions and evade detection. This involves masking their referral through a series of redirect URLs, making it virtually impossible to find them without specialized monitoring tools. Be-incremental, for example, bypasses all known cloaking techniques to uncover the affiliate redirect.

How Does Affiliate Hijacking Work?

Hijackers employ several tactics to execute their fraud:

• Impersonation in Ads: They duplicate the brand's ad copy, logos, and features. Using loopholes in platforms like Google & Bing Paid Search, they can display the actual brand's domain as the ad's display URL. Some even fraudulently verify their advertiser account as the target brand.

• Bidding on Brand Keywords: They target brand, brand+generic, and even misspelt brand keywords. These terms often have low costs, high ad impressions, and high conversion rates. Brands that are not bidding on their own branded terms are particularly vulnerable due to a lack of competition.

• Click-Through Deception: When a user clicks a hijacked ad, they are silently redirected through an affiliate network or scam website before landing on the brand's site. The transaction data is misattributed, and the sale is recorded as coming from the affiliate network, leading to the brand paying commission to the hijacker.

• Advanced Cloaking and Obscure Targeting: Hijackers try hard to remain hidden. They use cloaking services to determine if the user is a real person or an ad verification bot, redirecting bots directly to the brand's homepage. They may also target ads in specific locations or times of the day when they think they will go unnoticed, sometimes even targeting specific audience demographics. Be-incremental detects "phantom hijackers" who are extremely difficult to spot manually.

Why is Ad Hijacking Harmful?

Affiliate hijacking has several significant negative impacts on a brand:

• Reduction in Brand Revenue: Hijackers steal valuable clicks on branded keywords and capture conversions that should be legitimate and earn fair commissions. This leads to the brand paying fraudulently gained commissions for sales they would have acquired directly through their own search efforts. This drains marketing budgets and leads to revenue loss.

• Increased CPC on Branded Terms: By competing with the brand on branded terms in the paid search auction, hijackers drive up the Cost Per Click (CPC). We see clients brand CPCs fall by as much as 60% when aggressive hijacking is stopped.

• Skewed Metrics and Attribution Issues: Hijacking causes search revenue to be reported as affiliate revenue, spoiling attribution. This means brands make budgeting decisions based on inaccurate data, and the performance of the affiliate marketing program can be vastly overstated. This can make accurate revenue attribution impossible.

• Channel Conflict: When affiliates and the brand advertise on the same keywords, channel conflict occurs. Search engines typically only show one ad per domain on a search result page. The affiliate's ad might be shown instead of the brand's, meaning they are competing against each other.

• Messaging Conflict and Brand Reputation Damage: Hijackers may use outdated offers, misleading ad copy, or an incorrect tone of voice in their ads, which visitors believe are from the brand. This can lead customers to misleading or harmful sites. Poorly written ads that would not be approved by the brand can also damage the brand's reputation and trust.

According to one source, close to 75% of brands they track are impacted by affiliate hijacking, yet the issue goes largely unnoticed. This wasted ad spend transfers money to fraudsters instead of genuine affiliates. It can also lead to legitimate affiliates losing out on rightful commissions, diminishing their trust and potentially causing them to leave the program.

Recognizing Affiliate Ad Hijacking

Because hijackers steal the brand's identity and mask their behavior, spotting the signs of affiliate hijacking can be difficult. However, some common indicators include:

• Sudden Spikes in Affiliate Commissions: If affiliate revenue suddenly jumps, especially from affiliates not well known to the brand, it can be a sign. Cross-referencing the claimed volumes with realistic traffic estimates for the affiliate's disclosed websites can be a first step.

• Nearly Identical Conversion Rates: Affiliates showing conversion rates almost identical to a brand's branded paid search campaigns could indicate hijacking.

• Drops in Search Performance: Affiliate ad hijackers can cannibalize paid and organic searches, leading to sudden drops in traffic, revenue, and cost spikes. A reduction in impression share and clicks on the brand's ads can also be a sign, as hijacked ads may replace the brand's ads on the SERP.

• Poor Ad Copy in Branded Ad Campaigns: Occasionally, brands may notice poor ad copy that they didn't create. Checking the advertiser identity (e.g., by clicking the three dots next to a Google ad) can reveal if the ad is run by the legitimate brand.

Google Ads Transparency Center

For manual recognition, in addition to looking for suspicious traffic patterns or manually checking ads you see in search results, you can utilize resources like the Google Ads Transparency Center (adstransparency.google.com). By selecting "Search," choosing a country of interest, setting a time period, and entering your website URL, you can review ads that have run for your domain. Scroll down through the list of advertisers. If you find ads displayed by an entity that is not your company or an authorized agency managing your branded campaigns – essentially, any advertiser you don't recognize – this is a strong indicator of potential affiliate hijacking. While affiliate hijackers employ sophisticated techniques like cloaking and obscure targeting to evade detection, manually checking this resource, coupled with other indicators like sudden spikes in affiliate commissions or drops in search performance, can help uncover fraudulent activity.

Analyze URL tracking

Another manual method involves closely analyzing your URL tracking links. When reviewing the data associated with conversions or traffic in your analytics or BI system, examine the URL parameters. Look for URLs containing parameters that you don't recognize or, more importantly, combinations of parameters that shouldn't logically appear together for a typical affiliate visitor. A key indicator of potential affiliate hijacking is finding an affiliate identification parameter (such as utm_medium=affiliate or other specific affiliate network tracking, which your marketing analyst should recognize) combined with a paid search click identifier like Google's GCLID/gbraid or Bing's MSCLKID. Legitimate visitors arriving via a standard affiliate link (from a content site, review, etc.) would have the affiliate identification but would not have a paid search click ID. The presence of both strongly suggests that the user originally clicked on a paid search ad (likely a hijacked one), causing the misattribution and potentially indicating fraudulent activity. While sophisticated hijackers use cloaking techniques to make this harder to detect, analyzing your URL parameters for these illogical combinations can be a simple manual detection method of less savvy hijackers.

Manual methods are time-consuming and error-prone, and hijackers use tactics like geo-targeting and dayparting to avoid detection. Automated paid search monitoring tools are often necessary to effectively identify hijacking instances. Be-incremental automates detection by cross-referencing advertisers and bypassing cloaking techniques. Be-incremental’s Ad Hijacking Detection tool continuously monitors search results, flagging ads, identifying suspicious redirects, and gathering evidence.

Preventing and Stopping Affiliate Ad Hijacking

Taking control of your brand and securing your affiliate programs requires proactive measures.

• Implement Secure Affiliate Agreements: The first line of defense is airtight affiliate agreements. These agreements should clearly state the brand-bidding policies and the consequences for violations. It should be very clear that brand bidding is not permitted and violating guidelines will lead to removal from the program.

• Monitor Brand Keywords and Affiliate Campaigns: Continuously monitoring brand search results with a dedicated tool is crucial. Tools like Be-incremental, Adthena and Marcode continuously check who is running ads across multiple locations, helping to prevent potential hijacking. This involves crawling search results, flagging suspicious ads, and identifying redirects and affiliate links.

• Use Automated Detection Tools: Automated paid search monitoring tools, like Be-incremental’s Ad Hijacking Detection, are essential for identifying hijacking. These tools provide detailed reports, including affiliate IDs and SERP screenshots, giving brands the information needed to respond swiftly.

• Take-Down Support: Be-incremental provides actionable evidence for reporting unauthorized ads to search engines, aiding in their removal.

• Selective Partnering and Cautious Commission: The risk of abuse can increase with the size of the affiliate program, especially through subnetworks. Being selective with partners, understanding their risk vs. reward, and setting cautious commission levels for risky partners can help.

• Regular Checks: While automated tools are vital, manual checks are still important. Checking websites, verifying tracking links, clicking on referral URLs to see where traffic originates, and requesting performance reports from affiliates can uncover hidden tactics. As our conversation highlighted, even with sophisticated tools, manual investigation and communication are necessary, as affiliates can fake data. If an affiliate is not transparent or their data doesn't add up, it's a sign something isn't right.

By stopping affiliate hijacking, brands can protect their reputation, maximize revenue potential, and ensure only authorized affiliates earn commissions, preserving customer trust and securing revenue streams. This allows brands to focus on working with reputable affiliates who drive incremental and genuine sales.