How to deal with hijackers

how to deal with hijackers dealing with hijackers requires a clear strategy should you work with partners who've been involved in hijacking, or take a zero tolerance approach? this guide shares our perspective based on years of experience helping brands clean up their programmes is affiliate hijacking ever acceptable? no there's no legitimate way to run hijacking ads by accident hijacking requires deliberate effort setting up ads to run to the brand website targeting brand terms with deceptive ads technical know how to manipulate tracking and add affiliate parameters implementing cloaking to hide affiliate ids this isn't a mistake; it's a calculated theft that inflates your costs and steals traffic that was already yours how hijackers enter your programme understanding the entry points gives you context on how to deal with hijackers, and prevent future fraud 1\ subnetworks (most common) most hijacking comes from subnetworks, where a publisher recruits sub publishers they haven't properly vetted how it works subnetwork joins your programme they allow anyone to promote under their id hijacker uses the subnetwork's credentials you pay the subnetwork, they pay the hijacker 2\ direct sign ups with fake details some fraudsters apply directly to your programme using fake company information fabricated traffic statistics legitimate looking but fake websites 3\ cashback platforms users sign up to cashback sites and insert their details into hijacked ads to earn cashback on purchases why it's difficult cashback platforms don't want to restrict user sign ups, making it hard to police individual members engaging in ad hijacking users may not realise they're participating in fraud volume makes individual detection challenging who's actually running the ads? probably not the publisher you see in your reports in most cases, we believe a hijacker signs up to multiple subnetworks the subnetwork hasn't vetted them properly the hijacker uses the subnetwork's id to get paid the subnetwork is unaware (or willfully blind) exceptions exist we believe some publishers are entirely fraudulent operations running their own hijacking campaigns if you suspect this, contact us, as we can advise on specific cases we've seen our recommended two step approach based on industry best practices that emphasise swift action to limit damage, retain legitimate partners, and set a clear no tolerance standard, here's our framework step 1 suspend commission & request explanation send this immediately when hijacking is detected suspend all commissions until they respond request explanation for all sales (not just hijacked traffic) how were these sales generated? what traffic sources were used? can they provide evidence of legitimate promotion? ask about the hijacking specifically how did this happen? who had access to their affiliate credentials? what steps will they take to prevent recurrence? why ask about all sales, not just hijacking? suspicious partners often try to justify fraudulent sales with obviously fake evidence websites that couldn't possibly generate that volume (check with similarweb) influencer profiles that never mention your brand blog posts with no traffic or engagement email lists that don't exist if they provide fake justification = immediate removal this is a cover up step 1 1 no response = suspension if you receive no response after one follow up (within 7 days), suspend them from the programme why only one chase? legitimate partners respond quickly, they want to protect their reputation silence usually indicates guilt or a fraudster who's moved on to other targets step 2 monitor impact after hijacking stops once the hijacking stops (verify in marcode), analyse the impact on their sales if sales drop to nearly zero they were driving no legitimate value all traffic was fraudulent remove them permanently warning watch for tactic switching when caught hijacking, fraudsters often pivot to discount site brand bidding browser extensions other forms of fraud check all marcode reports, not just hijacking step 3 make your final decision based on their response and sales impact, decide whether to allow them to remain ✅ keep with a warning if they responded promptly and honestly did not attempt to cover up the activity couldn't reasonably have prevented the hijacker from entering their network continue driving legitimate, non fraudulent sales after hijacking stops provided concrete steps to prevent recurrence ❌ remove immediately if they attempted to cover up with fake justifications all their sales were fraudulent (stopped when hijacking stopped) they were unresponsive or evasive they didn't provide reassurance about prevention measures this is a repeat offence the reality of subnetwork management affiliate networks should support you throughout this process, so you should keep them looped in to communications and ask them for assistance they may be able to help identify users in subnetworks and fraudulent transactions themselves one word of warning, networks are not incentivised to remove partners so wil llikely suggest a more leniant approach than us the reality of subnetwork management important context not all subnetworks are created equal good subnetworks vet their sub publishers rigorously monitor for suspicious activity remove bad actors quickly when notified have transparent processes maintain legitimate sales beyond any fraud bad subnetworks accept anyone without vetting ignore warnings about fraudulent activity have no legitimate traffic beyond fraud are slow or unresponsive may be fraudulent themselves your goal is to identify and keep the good ones while removing the bad dealing with cashback platform hijacking cashback platforms present unique challenges the problem individual users sign up legitimately they insert their cashback details into hijacked ads the platform may not even know it's happening our recommended approach contact the cashback platform directly provide evidence of the hijacking pattern so the cashback platform can identify the user involved you may need to go via your affiliate network for this, often they are the ones who identify the user in the cashback site and then pass this onto the cashback site to do this you will need to share the following network parameters rakuten siteid awin clickref and/or clickid impact com clickid cj cjdata ask what measures they'll implement to prevent this behaviour if they're unresponsive or dismissive consider removing them work only with cashback platforms that prioritise fraud prevention, invest in detection tools, have clear compliance policies, and proactively remove members engaging in hijacking when in doubt, ask us we've dealt with hundreds of these cases and can provide specific guidance on whether a publisher is likely fraudulent or victimised how aggressive to be in your approach red flags we've seen with specific publishers or networks commission recovery strategies next steps ready to take action? evidence gathering best practices document everything properly email templates first warning start the communication process when to warn vs ban quick decision framework using task manager track all your enforcement actions commission recovery get your money back want to prevent future hijacking? building fraud resistant terms & conditions strengthen your t\&cs vetting new affiliates stop hijackers at sign up setting up alerts catch fraud immediately 💡 remember speed matters acting quickly limits damage, retains legitimate partners, and sets a clear no tolerance standard the longer hijacking continues, the more you pay in fraudulent commissions and the more emboldened fraudsters become