Users Exploit Referral Programs with Ad Hijacking

Brendan Lash May 15, 2019

Having worked with many different types of companies on their paid search compliance strategy, I’ve seen my fair share of program abuse. Paid search abuse takes many forms and involves a variety of bad actors, including trademark abusers or affiliate program violators.

With the rise of referral programs that reward users for referring new members, a new type of abuse has emerged. Referral programs are a useful means of acquiring new customers and users. By encouraging word-of-mouth with incentives, companies can accelerate growth at a reasonable and consistent cost. Referral programs are also a great way to transform loyalists into full-fledged brand ambassadors. With the opportunity to gain some extra perks, these star customers can bring on a lot of incremental traffic and revenue. But is the traffic always incremental? I frequently see referral members running ads on a brand’s trademarked keywords using the brand’s display URL. In the example below a search for “tesla referral code” serves up an ad that looks like a Tesla ad - not a referral user’s ad.

Tesla referral code ad example

But when the consumer clicks on the ad they land here:

Example of Tesla referrer’s web page

You’ll notice at the top of the page that the url is a referral link for Jacob, rather than Tesla’s homepage. This is the link Jacob uses to earn credit for referring new customers. Most referral programs, however, restrict referrers from running paid search ads on branded keywords. Why should Tesla pay Jacob for a prospect that was already aware of Tesla (ie. they did a branded search) and already inclined to purchase?

Because these referral users are bidding on your branded keywords, they appear when consumers are searching for your brand. What’s more, by using your brand’s display URL, they displace your brand’s own ads from appearing on the search engine results page. This makes this tactic nearly identical to affiliate ad hijacking that we expose so often at BrandVerity.

Now, all of your earned branded traffic already headed to sign-up is being routed through referral links while your own users’ ads increase your branded cost-per-clicks (CPCs).

Cutting into Profits

To determine the extent of the tactic, we decided to monitor referral programs for a number of brands. Here's an early example we found targeting the accounting software service FreeAgent:

Ad Hijacking Example FreeAgent

This ad doesn't really try to hide what's going on here. The advertiser is pretty direct about it, even using the term "Referral Code" in the headline of the ad. The ad takes the user to this landing page on FreeAgent's site, crediting the referrer 4392kdp8 with any subsequent customer signups. Not only that, user 4392kdp8 will also receive 10% off on their own account for every month that the referred customer pays for FreeAgent.

Furthermore, according to FreeAgent's referral scheme, these account credits are stackable. By referring 10 customers, someone can get FreeAgent absolutely free. By referring more than 10, a user may even become eligible to earn a referral fee. Considering that the 10% discount applies to both the referrer and new customer, this can really start to add up. 

A $50 Loss Per Signup?Gilt Ad Hijacking

Another brand, Gilt, also had some particularly high incentives behind its program. Promising a $25 discount to both the referrer and referred user, Gilt could stand to lose $50 any time a signup resulted from ad hijacking. Gilt places its own PPC ads and advertises on its branded keywords. So any ad placed by a referrer could displace one of Gilt's own ads—and would drive up Gilt's cost-per-click as well. As you see to the right, we found an example of ad hijacking for Gilt at the top of a Google Mobile SERP.

While Gilt's normal PPC ads for its branded keywords use copy such as " | Gilt Luxury Designer Labels | Shop Now & Take Up to 70% Off‎” this ad is focused on the discount, offering "$25 off your first purchase." This discount is featured despite the fact that the search term ("") implied no specific intention to find a discount, promo or coupon.

This particular ad leads to the member sign up page by redirecting through the referral link for a specific referrer. That's $25 to the referrer every time a searcher clicks on their ad and then signs up, which could represent a significant number of unearned discounts.

Brand Misrepresentation

Beyond the financial impact of these tactics, it's also important to consider what effect these ads can have on a company's brand. With messaging being left in the hands of many autonomous referrers, each with their own set of incentives, there are many opportunities for inconsistent or even deliberately misleading communication.

In some cases, we found ads quoting deeper discounts than were actually available. For the prospective customer, this is not a great experience. Furthermore, even when such discounts are accurate, they can create an unrealistic expectation that a customer will never have to pay full price with that brand or the impression that the brand is a "discount brand." Such perceptions can certainly harm a brand—particularly when the brand has no knowledge that these perceptions are being created.

Custom Referral Domains

Another type of referral abuse that can be detrimental to your paid search program are ads placed by referral users on your trademarked keywords that direct you to a referral user’s custom website. On their homepage, they’ll have links to sign up with their referral code for all of the major businesses in their vertical. Not only do these ads increase the competition on your trademarked terms, but they pose a high risk that the user will be diverted to a competitor rather than to your brand.

In the example below, a referral user’s ad appeared on a search of Uber’s branded keywords, driving up the brand’s CPCs and increasing competition on those search terms.

A Uber referral user placed an ad on Uber's branded keywords.

Not only that, but once you click on the ad and visit the landing page, you can see that this user is advertising their referral links for both Uber and Lyft. They also have a number of other referral links present on the page for other brands, like Food Delivery Services.  

The landing page for an ad placed by an Uber referral user.

How Common Is This Problem?

In our monitoring, we've found many examples of ad hijacking by referrers. So far, the targeted brands include:

  • Dropbox
  • Evernote
  • FreeAgent
  • Gilt
  • Hulu Plus
  • ShopBop
  • Tesla
  • Venmo
  • Zazzle


Of course, our testing has not been entirely exhaustive thus far. Based on the results we've seen, we would expect that significantly more referral programs are experiencing this type of abuse.

How Can You Stop It?

There are a few ways that you can spot this type of abuse. Monitoring services like, BrandVerity’s Paid Search software can help identify these violations when they happen. You should also review your referral program analytics regularly. Any user bringing in significantly more sign-ups than others could also be an indication of paid search abuse.

Finding instances of abuse is half the battle. Stopping the abuse requires consistently taking action by contacting the referring users and requiring them to abide by your terms of service. If your agreements do not have clear rules around this type of activity, step one is to revisit your agreements and policies to make sure you have explicit language around what you allow. Once that is in place, you can take action to enforce those agreements. Our Paid Search Monitoring solution not only helps you find referral abuse, but it also helps you take action to stop it.

Want to learn more about how we help companies with extensive referral programs combat referral abuse?


This post was originally published by Sam Engel in 2013, but was has been updated with recent tactics, examples, and information.


Topics: affiliate marketing, paid search, Search Engine Updates

Don't Miss Out

Get the latest insights on brand protection, compliance, and paid search delivered right to your inbox.

What you don't know will hurt you. Start monitoring and protecting your brand.