Web attribution fraud
Toolbar injection
A malicious browser extension (think toolbar plug-in) injects cookies into the browser as a user navigates, feigning credit for an organically occurring event.
How they do it
- Malicious publisher has previously registered for advertiser’s affiliate program
- User downloads a malicious publisher’s toolbar plug-in
- User goes to advertiser’s website to shop
- User starts adding things to their shopping cart
- Before completing checkout, the toolbar drops a cookie in user’s browser, claiming credit for driving the sale
- User completes their purchase
- Advertiser attributes credit to malicious publisher, even though they provided no value in driving the sale, and pays them a percentage of revenue
