Recently we've seen affiliates exploit a hole common to web browsers to evade detection from affiliate managers. The hack is known as the CSS History Hack and it exposes information about what sites you visited before. Affiliates use this technique to determine if a web visitor is an affiliate manager (or network representative), and then hide their affiliate ID if the user is an affiliate manager.
CSS History Hack Details and Example
The affiliate purchases a search ad on behalf of the merchant partner and use their display URL. For example, we found this ad on Yahoo:
The North Face Store
Shop Official The North Face Site
For Premier Outdoor Apparel & Gear.
- https://nyms.linksynergy.com/owa (Hosted Exchange for Linkshare Employees)
This technique is known as a browser history hack and current versions of Internet Explorer, Firefox and Chrome all leak this information. The technique leverages the fact that web browsers treat links you have visited differently than links you haven't visited before. You can read more on our internal FAQ or by exploring the site http://www.whattheinternetknowsaboutyou.com.
If a user has visited one of these URLs (or fails the other checks that the affiliate conducts), the user is sent directly to the merchant website, without dropping an affiliate cookie. If the user passes all of the checks, they are then redirected to an affiliate website that looks similar to a legitimate website. In our specific example, the user is taken to: http://www.theshoppingclipper.com
The Impact of the Technique
Affiliates are using this technique to purchase ads on trademarked keywords (in violation of the merchant's affiliate program terms), and divert traffic intended for the merchant through their affiliate link. Affiliates get inexpensive traffic that has a very high propensity to convert, while the merchant ends up paying significantly more for visitors that they would have received anyway.
Merchants, affiliate program managers and affiliate networks are left without any data to know that this attack has occurred and their investigations will not connect the affiliate to the abusive ad. Additionally, the affiliate may be alerted to the investigation and shift their activities in a manner that protects their ill-gotten commissions from reversal.
Countering These Techniques
We've become increasingly convinced that attributing the affiliate at the moment an abusive ad is found is critical. PoachMark is able to determine the affiliate ID of examples such as this one at the time that the ad is found. In the event that you are investigating an ad that you believe is abusive, we strongly suggest keeping a clean browser (one with limited history) available for your investigations.
If you find this content useful, please consider subscribing to our RSS feed.