Web attribution fraud
Click spoofing
When advertisers rely on their publishers to self-report click events server-side, they are vulnerable to click spoofing. Unchecked, a malicious publisher may trigger a click tracking event in the absence of a legitimate click.
How they do it
- Malicious publisher registers for an advertiser’s affiliate program
- User navigates to the publisher’s website
- User does not engage with an ad on the site
- User visits the forum page and views the signature
- Malicious publisher fires click-tracking event anyway, spoofing the user’s engagement
- After some time, user navigates to the advertiser’s website organically or via another valid partner’s promotional effort
- User completes a purchase
- Advertiser attributes credit to the malicious publisher, even though they provided no value in driving the sale
![Click spoofing](/wp-content/pf-assets/static/web-click-spoofing-57ff4a57793e3283607db1f45217e93a.gif)