As affiliate fraud becomes more sophisticated, brands are losing more than just their margins. Affiliate Leaders exposes the cracks in the channel and the AI-powered threats lurking within.
The digital advertising ecosystem has reached a critical juncture where the scalability of performance marketing (particularly affiliate) has become inextricably linked to increasingly sophisticated fraud.
Affiliate marketing remains one of the fastest-growing acquisition channels; currently valued at $18.5bn and projected to reach $31.7bn globally by 2031, according to Hostinger, an AI-powered tech and website hosting company.
Despite its growth, affiliate marketing remains one of the most vulnerable channels to fraud. Inconsistencies in compliance and tracking has created loopholes, which in high-commission verticals such as sports betting, the economic incentives for fraudulent actors has never been greater.
Analysis by Juniper Research estimates digital ad fraud is costing advertisers more than $100bn annually, and affiliates are one of the most exposed marketing channels. That is because the pay-for-performance model compensates third-party publishers for driving clicks, leads or sales and fraudsters manipulate these tracking and attribution systems to claim the commissions for themselves.
Unlike other digital ad fraud, which tends to centre on manufacturing junk volume, affiliate fraud is distinguished by scammers being able to hide within legitimate customer journeys and steal attribution from genuine conversions.
As marketing budgets tightened, spend has moved towards partner-driven acquisitions, wit retail and e-commerce, travel, sports betting, igaming and financial services among the most mature sectors. And for good reason: affiliate marketing offers scalable reach, pay-forperformance models and diverse ecosystems.
North America dominates, contributing to more than 40% of the total revenue, with the US being the largest affiliate marketing hub, expected to reach $16bn by 2028.
When it comes to the scale of the issue, Erez Noham, vice president of products at Partnerize, an affiliate platform, says it can vary in cost from several thousands of dollars to even hundreds of thousands of dollars – “one fraudulent partner can create a lot of damage”.
Figures from Fraudlogix’s 2026 State of Ad Fraud report, which analysed 105.7 billion ad impressions collected throughout 2025, shows there was a 20.64% global invalid traffic rate (IVT). It also estimated that $37bn of adspend was at risk in the US.
Fraudlogix, a fraud prevention platform, also noted there were more than 30 million fraudulent IPSs in its pre-bid blocklist, updated hourly. Desktop traffic carried a 27.03% IVT rate, with proxy and VPN traffic being the most common fraud vectors.
AI and bot sophistication is also increasing year-on-year, which is making fraud detection more challenging.
Types of affiliate fraud
Click fraud is one of the most basic forms of affiliate fraud and targets cost-per-click (CPC) campaigns. It involves artificially inflating or generating clicks on affiliate links often usings bots or scripts.
John Wright, co-founder of software and marketing firm StatsDrone, says in igaming, this can occur when an affiliate negotiates a high CPA deal with an operator.
“The operator tests the traffic in one week or month and after the affiliate thinks the operator isn’t looking, they add them to their no deposit bonus pages and drive more FTDs [first time deposits] that are lower player values for the result.”
Wright goes on to add: “I’ve also heard something similar where affiliates can tell an operator brand top positions in many GEOs [markets]. When the operator isn’t looking, that affiliate has either resold those positions to someone else or simply not had them on the negotiated places assuming the affiliate manager isn’t checking 24/7.”
While click fraud does impact affiliates, there are three other types of fraud Noham sees his “clients fighting against”: ad hijacking, trademark bidding and cookie stuffing and attribution hijacking.
Ad hijacking is essentially content scraping or copycat ads on search engines. It is a “deceptive practice” where fraudsters run ads that masquerade as the brand itself or mimic legitimate partners, he explains.
When a user clicks these duplicate ads, they are forcefully redirected through the scammers’ affiliate tracking links before landing on the brand’s actual website.
“This type of fraud has been around for many years and easy to understand, because it’s very visual,” Noham adds. “You search for something on Google, you see an ad and you can check who is behind it.”
Then there is trademark or brand bidding fraud, which also uses distinct tactics to manipulate search engine results and capitalise on brand equity. Brand bidding is where scammers bid on merchant’s branded keywords to intercept high-intent organic traffic, such as ‘best running shoes’. This often violates affiliate agreements, but isn’t necessarily illegal.
While trademark bidding fraud is a legal violation, where unauthorised parties use protected trademarks in ads to impersonate brands, steal traffic and siphon commissions. For example, a fraudster may bid on the phrase ‘Nike shoes’ as it “captures users who were already actively searching for the brand”, Noham explains. The result: “Brands end up paying a commission for a customer they would’ve likely acquired organically or via their own paid search efforts.”
For the frauds listed, Wright says it’s relatively simple to detect – brands and operators need to inspect the data including the “traffic and registrations”.
Noham agrees adding: “It doesn’t matter if it’s gaming, retail or fashion, the mechanism of fraud is almost always the same. Therefore, you just need to catch the mechanism, not the specific hardware or malware being used.”
However, cookie stuffing and attribution hijacking are more “sophisticated forms of affiliate fraud and in order for brands and platforms to detect it, you can’t look only at your data”, he says.
Cookie stuffing and attribution hijacking
Both cookie stuffing and attribution hijacking exploit browser extensions, but their operational intent and timing differ profoundly.
Cookie stuffing is a “speculative, top-of-funnel tactic” where fraudsters indiscriminately drop affiliate cookies onto a users’ browser without them ever clicking an affiliate link.
“It is typically executed via hidden iframes, background scripts, or invisible pop-ups,” Noham explains. “The goal is to establish a presence ‘just in case’ the user eventually converts, even though the affiliate had no real influence on the purchasing decision.”
In short, cookie stuffing steals attribution from legitimate affiliates and costs merchants money for conversions. Shawn Hogan, who made millions from eBay in affiliate commissions in 2010, used this type of fraud.
Attribution hacking, conversely, is an active, bottom-of-funnel interception that targets a user who already has the intent to buy.
Right before the conversion occurs, software – typically a browser extension, redirect or malware – injects or overwrites the affiliate tracking data.
“This effectively steals the attribution credit from the organic, direct, or legitimate affiliate channel that actually drove the sale,” continues Noham.
To detect this type of fraud, “you have to look at the journey data of the users, because that’s where you pretty much see the attribution”. Up until recently, many companies didn’t have this data or were unaware of how to best use it, he admits.
“But now, I see more and more platforms taking active steps in order to prevent it. Google has started picking up on this kind of malicious extension. [So] we are actually seeing a nice decrease.”
Is AI accentuating the issue?
AI is no longer just a tool for marketers to develop, optimise and streamline campaigns; it is a force multiplier which allows fraudsters to automate and create personas that can bypass traditional security layers with human-like precision.
“Bot traffic is being used in so many ways that it’s hard to keep up. For example, it’s a great way to influence rankings in Google,” Wright says.
For igaming affiliates, Wright believes “bots could possibly have access to real money accounts”,
but it is up to the operator to detect. “Bots themselves don’t cause the problems,” he adds, highlighting it is the actions of bad actors.
The consequences of falling victim to affiliate fraud extend beyond the direct financial losses such as
draining marketing budgets, lost products and chargeback fees. There is also wasted resources, corrupted data and misguided strategy, and the cost of inaction by marketers could even lead to damaging brand reputation and eroding trust in affiliate marketing.
But the rise of AI and LLMs like ChatGPT, Claude and Gemini may not be a bad thing. Noham believes it is not a localised threat, “it is primarily a broader cybersecurity mechanism utilised to gain unauthorised access or control over a device”.
For affiliates, the focus should be on content. LLMs are automatically pulling in more content to answer user queries. The new tech tools, coupled with the fact consumer journeys are changing – there are fewer clicks – means this content is starting to influence total conversions.
As a result, “a lot of bad partners will disappear”, claims Noham.
And regarding zero-click customer journeys, “there are no novel vulnerabilities beyond standard
attribution hijacking”, he adds. “Therefore, it does not represent a new or unique risk vector for the affiliate space.
While AI could help shut down a portion of the affiliate fraud taking place, Wright believes that affiliates
need to self-regulate to some extent to tackle the issue.
“I talk to a lot of people in affiliate marketing (not just in igaming) and there doesn’t seem to be a consensus on how this will get fixed other than by large networks and affiliate programmes leading the way. First by banning networks that abuse the system,” he says,
The affiliate marketing landscape is evolving rapidly. The problems affiliates faced 10 years ago are very
different to now. Over the past few years, affiliates should have been moving towards becoming more data-driven, Wright says. And it is this which could help tackle affiliate fraud.
“There are new data tools hitting the market that give them [affiliates] the answers and insights without having to build their own reports. I believe the analytics space is already in a transformation where the end products are more done-for-you services.
“It isn’t just building 20 dashboards that do things, but it’s also alerting you to the insights and key actions you have to take. The new role of affiliate management today will be a bit more on relationship building and when it comes to fraud, they simply have to take action,” he concludes.
