Cookie stuffing

Cookie stuffing or cookie dropping is when a user visits a website, and in turn from that visit receives a third-party cookie from an entirely different website. In this sense, Google AdSense and other internet ad networks cookie stuff visitors who view a web page that is serving their ads. Cookie stuffing can sometimes be a blackhat online marketing technique used to generate fraudulent affiliate sales. It involves placing an affiliate tracking cookie on a website visitor's computer without their knowledge, which will then generate revenue for the person doing the cookie stuffing. Income is generated when the affected user visits the target affiliate site and either creates an account or makes a purchase, depending on the terms of the affiliate agreement. This not only generates fraudulent affiliate sales, but also has the potential to overwrite legitimate affiliates' cookies, essentially stealing their legitimately earned commissions.

Operators of websites that allow user-generated content, such as forums that allow users to post, should be aware of this technique in order to protect their visitors from this attack. Cookie stuffing can be accomplished with as little as including an image in a forum post.

Techniques used to accomplish cookie stuffing are very similar to those used in cross-site request forgery (CSRF) attack.

See also

• Black hat SEO
• Search engine marketing
• Affiliate marketing

References

• Cookie-Stuffing Targeting Major Affiliate Merchants