How to Protect Sites – And Customers – From ‘Affiliate Malware’ Scams
Contributed by Ken Zwiebel, CEO of PageSeal.
Christmas 2017 was a huge one for retailers, especially online retailers – but it was also a banner year for the bad-actor affiliates that “feed” on the success of websites’ sales. That’s because of a proliferation of “affiliate-distributed malware,” a scam that redirects – in effect, steals – customers off the sites they intended to buy from, and sends them to alternate sites that make the sale and pocket the profit from the purchase.
The scam works like this: Users who download an app (on their mobile device) or a freeware or shareware application (on their computer) are offered a “companion” app. Many times, we’re not even aware of accepting piggybacked software, we just go on clicking “Next” until the window on our screen is closed, because let’s be real, hardly anyone reads all the fine print when downloading an application.
Often, though, these add-ons do the opposite of “helping”, and the add-ons themselves can be malware which inject unwanted ads, and show ads from competitors on web pages of shopping sites. Some of these programs can even reroute shoppers from the site they are shopping at to an alternative one, without their even realizing what happened. What would you think if you were browsing at the Best Buy site – and an ad popped up offering the same product elsewhere, for less? You might be tempted – but the Best Buy people would not be amused, to say the least.
These scams have been adopted by affiliates of big shopping sites, who insert code that recognizes retail sites. When shoppers land on pages of products offered by their chosen site, the code gets activated, and displays ads and links offering the same product at the affiliate. And if they click on the link, they will get redirected to the affiliate – where they will find a product similar to the one they were interested in, often for less money, ultimately costing the original site its sale.
And the problem is far bigger than many believe.
Data reveals that as many as 25% of visitors to shopping sites could be carrying this “bug,” meaning that sites could potentially lose a big chunk of their bottom line. According to some estimates, e-tailers lose more than a billion dollars in revenue annually because of affiliate injected malware. That gives shopping sites well over a billion important reasons to stop this – but doing so is not so easy because the malware infects the customer’s devices and not the site itself.
Traditionally, most malware compromises the site that it gets installed on – so the IT team of a shopping site with a strong cyber-security system installed might believe they’re safe. Not so in this case; because the affiliate malware is installed on the customer’s system, traditional cybersecurity measures do little to mitigate this threat.
Affiliate malware is delivered and installed in the form of interactive scripts. When the malware detects that a customer has arrived at the targeted shopping site, it activates itself. But because the script is interactive, shopping site owners can detect when it is operating – and that’s their opportunity to defend themselves. Solutions exist that can arrest the activity of affiliate malware on the shopping site, and so while the malware may remain on the user’s device, it will be intercepted and rendered unable to display its ads and links on the shopping site.
Thus, online retailers can prevent the dual theft that affiliate malware hackers impose on both themselves and their customers. Customers can get what they want from the site they’ve chosen to shop at, and site owners can take comfort in the fact that if a customer decides not to buy, it will be because they decided not to do so – and not that they were redirected away from their site because of affiliate malware. If web retailers were to adopt solutions like these en masse, affiliate-distributed malware would be a thing of the past and sites would ensure that not only they retain their business, but that the people who come to buy from them get the goods and experience they were looking for.
PageSeal’s technology defends websites from client-side injected malware designed to redirect consumers to competitor sites. For a full diagnostic test and to begin protecting your website visit PageSeal.io