Affiliate Fraud: The digital version of the tire puncture scam

by Frank Kolenbrander

A well know cautionary tale: coincidence or scam?

You have probably heard the story before: people were holidaying in Spain and all of a sudden they had a punture in their tire. Coincidentally a bystander knows a really reliable puncture shop... Is this pure coincidence or is it a puncture scam?

This oldfashioned scam method now has a digital version, it has been going around the internet for a while now. It earns malafide affiliates and their “bonafide” partners money.

What is Affiliate Marketing?

To understand what affiliate fraud is, you need to understand what affiliate marketing is. It's a process in which affiliates receive a commission for each visit, signup or sale they generate for a merchant. For example an advert on a website: when you click on it and make a purchase, the affiliate earns a commission. (Source en.wikipedia.org/wiki/Affiliate_marketing)

In itself there is nothing wrong with it, bit there is also a downside: advertising fraud.

Advertising fraud and URL mis-use

In advertising fraud, users are lured to the wrong websites via URL manipulation. This can happen by:

Clicking on a misleading link
A typo when entering a website URL

Suppose someone wants to visit our website, but accidentally types in dataexper.nl instead of dataexpert.nl. How often would that happen? Well-known and large websites are abused in this way. You then end up on a page with false virus notifications that encourage you to click on a link and scan your computer. If you do that, your browser becomes infected and you constantly receive pop-up notifications about viruses found.

The psychological game: First the shock, then the "Solution"

You look at the URL in your browser and see a well-known antivirus program as the solution. Because the URL is correct, it seems reliable. But before you buy the software, think back to the tire puncture. In this modern variant, you have been misled by an incorrect URL. Perhaps you clicked on it or typed it in yourself. You have received several notifications and after the shock has set in, you are referred to a solution, the purchase of a well-known antivirus program.

Who is the real perpetrator?

Who is scamming who now? It starts with the unreliable affiliate, who is comparable to the tire puncturer. But is the antivirus software provider really ignorant? Or are they consciously playing along with this revenue model?

A quick search on the internet provides enough hints for a bona fide antivirus software provider to realize that something is wrong with those referrals from the same affiliate. These parties could take much more active action against this.

How does this form of Malware work?

This fraud works in almost all browsers, including Chrome, Firefox and Edge. Because browsers often continue to run in the background, the fake warnings continue to appear. This type of malware is also known as the Pop-up Ads virus and is distributed via domains such as Avitechwin.co.in.

How to remove this virus?

The solution: Reset your infected browser and remove the malicious code using a reliable antivirus or anti-malware program.

Not just Windows: Mac and Android are also vulnerable

Do you think you are safe because you do not use Microsoft Windows? Unfortunately, Mac and Android users can also fall victim to this attack. (Source: https://malwaretips.com/blogs/avitechwin-co-in/)

Cybercrime or digitalised fraud?

Is this cybercrime or a modern form of fraud? And what are the detection options? Curious? Check out our Cybercrime training courses and learn how to protect yourself and others against digital fraud.

Contact us

Do you want more information about our solutions, products, training and services? Or want to contact one of our employees? Please fill out the form and we will contact you! For further questions regarding personal data we kindly refer you to our Privacy Policy and Privacy Statement.