Users Exploit Referral Programs with Ad Hijacking

sam.engel Oct 16, 2013

Referral programs are a useful means of acquiring new customers and users. By encouraging word-of-mouth with incentives, companies can accelerate growth at a reasonable, consistent cost. Referral programs are also a great way to transform loyalists into full-fledged brand ambassadors. With the opportunity to gain some extra perks, these star customers can bring on a lot of incremental traffic and revenue.

But is this always incremental? When it comes to online referrals, many companies rely on URL systems that can easily be gamed by blackhats. These users exploit referral programs by locating their unique referral link and then running PPC ads through it. Whenever a visitor comes through that link and completes some sort of action (signs up for an account, places an order, makes a booking), the referring account gets a reward. This usually comes in the form of account credit or a discount, but can also be cash.

In order to push a significant amount of PPC traffic through their referral link, these users tend to engage in brand bidding—poaching traffic from their target company's branded keywords. This helps them ensure a high conversion rate and a relatively cheap cost-per-click, allowing them to turn a profit in the process. Furthermore, since the referrer's ads always land on the brand's domain, they can also displace the brand's own ads. This makes this tactic nearly identical to affiliate ad hijacking that we expose so often at BrandVerity.

Cutting into Profits

To determine the extent of the tactic, we decided to monitor referral programs for a number of brands. Here's an early example we found targeting the accounting software service FreeAgent:

Ad Hijacking Example FreeAgent

This ad doesn't really try to hide what's going on here. The advertiser is pretty direct about it, even using the term "Referral Code" in the headline of the ad. The ad takes the user to this landing page on FreeAgent's site, crediting the referrer 4392kdp8 with any subsequent customer signups. Not only that, user 4392kdp8 will also receive 10% off on their own account for every month that the referred customer pays for FreeAgent.

Furthermore, according to FreeAgent's referral scheme, these account credits are stackable. By referring 10 customers, someone can get FreeAgent absolutely free. By referring more than 10, a user may even become eligible to earn a referral fee. Considering that the 10% discount applies to both the referrer and new customer, this can really start to add up.


A $50 Loss Per Signup?Gilt Ad Hijacking

Another brand, Gilt, also had some particularly high incentives behind its program. Promising a $25 discount to both the referrer and referred user, Gilt could stand to lose $50 any time a signup resulted from ad hijacking. Gilt places its own PPC ads and advertises on its branded keywords. So any ad placed by a referrer could displace one of Gilt's own ads—and would drive up Gilt's cost-per-click as well.

As you see on the right, we found an example of ad hijacking for Gilt at the top of a Google Mobile SERP. While Gilt's normal PPC ads for its branded keywords use copy such as " - Gilt - Official Site - Daily Sample Sales. Insider Prices?," this ad is focused on the discount, offering "$25 off your first purchase." This discount is featured despite the fact that the search term ("") implied no specific intention to find a discount, promo or coupon.

This particular ad leads to this page on Gilt's site, the referral link for user 19916034ar2vd34pyhg2. That's $25 to 19916034ar2vd34pyhg2 every time a searcher clicks on their ad and then signs up. With 9,900 monthly searches on Google for the term "", that could already represent a significant number of unearned discounts.


Brand MisrepresentationDropbox Ad Hijacking

Beyond the financial impact of these tactics, it's also important to consider what effect these ads can have on a company's brand. With messaging being left in the hands of many autonomous referrers, each with their own set of incentives, there are many opportunities for inconsistent or even deliberately misleading communication.

For example, take this ad targeting Dropbox that touts 16 gigabytes of free space. According to the plans on Dropbox's pricing page, users start with only 2 gigabytes of free space. Although users can increase their free allotment to 18 gigabytes (by referring new users, amusingly enough), this probably isn't the typical case. The ad seems perfectly content to avoid mentioning that caveat in favor of promoting the most enticing offer it can.

In other cases, we found ads quoting deeper discounts than were actually available. For the prospective customer, this is not a great experience. Furthermore, even when such discounts are accurate, they can create an unrealistic expectation that a customer will never have to pay full price with that brand or the impression that the brand is a "discount brand." Such perceptions can certainly harm a brand—particularly when the brand has no knowledge that these perceptions are being created.

How Common Is This Problem?

In our monitoring, we've found evidence of ad hijacking by referrers of a more than a dozen brands. So far, the targeted brands include:

  • Uber
  • Evernote
  • Vitacost
  • Hulu Plus
  • Choice Hotels
  • Zazzle
  • Peapod
  • ShopBop
  • VenMo
  • Dropbox
  • FreeAgent
  • Gilt

Of course, our testing has not been entirely exhaustive thus far. Based on the results we've seen, we would expect that significantly more referral programs are experiencing this type of abuse. As always, we're also happy to field any questions from brands who are concerned that they might be affected by this—and we'd also encourage anyone to chime in if they've had any experience with this tactic.

Topics: Search Engine Updates, Paid Search, Affiliate Marketing

What you don't know will hurt you. Start monitoring and protecting your brand.
Don't Miss Out

Get the latest insights on brand protection, compliance, and paid search delivered right to your inbox.