Web attribution fraud
Click spoofing
When advertisers rely on their publishers to self-report click events server-side, they are vulnerable to click spoofing. Unchecked, a malicious publisher may trigger a click tracking event in the absence of a legitimate click.
How they do it
- Malicious publisher registers for an advertiser’s affiliate program
- User navigates to the publisher’s website
- User does not engage with an ad on the site
- User visits the forum page and views the signature
- Malicious publisher fires click-tracking event anyway, spoofing the user’s engagement
- After some time, user navigates to the advertiser’s website organically or via another valid partner’s promotional effort
- User completes a purchase
- Advertiser attributes credit to the malicious publisher, even though they provided no value in driving the sale
