A publisher’s best defense against hackers? Having complete visibility into your data

Did you know that hackers can use affiliate links to steal publisher data? Getting deeper insights into your performance data can help you reduce the impact of an attack. Learn how hackers compromise publisher data and how to prevent this from happening to your publication.

Have complete visibility into your data
Matt Moore
Matt Moore
Associate Manager of Product Marketing
Read time: 3 mins

Hacker activity and fraud in the affiliate space have increased in the last several years. According to cyber security firm CHEQ, 17 percent of traffic from affiliate programs is fake—a 10 percent increase from two years ago. 

This negatively affects brands paying out commissions for fake traffic, but did you know this impacts publishers too? 

Discover how hackers can compromise publishers’ commerce content efforts and how having holistic insight into your data can be the perfect tool for prevention.

Affiliate marketing fraud is a publisher problem, too

Affiliate marketing fraud takes different forms. Most often, brands bear the brunt of the damage. Bad actors generate fake traffic to their publications to earn fraudulent brand commissions. 

Because of this, many publishers assume that they don’t have to worry about affiliate fraud. After all, if they’re legitimate and honest, then their partnering brands can rest easy. 

But some hackers also use affiliate links to steal publisher data and, in some cases, commission payments. SQL injections are the most common way hackers do this—and it’s easier than you might think. 

Let’s start with the basics: What is SQL Injection?

SQL injection, known as one of the most common hacking techniques, is when an unauthorized party uses malicious SQL code to break into a secure database. Typically, hackers enter this code into website areas where users can enter information, such as a login or contact form. 

When the hacker submits this malicious code, it performs actions on the website’s back-end system based on what the hacker wants to achieve. Typically, the code exposes essential information about the system to the hacker or allows the hacker to alter the system.

How hackers use SQL injections against publishers

Most publishers won’t find hackers injecting SQL code into a contact form or login page. Instead, they use affiliate links taken directly from your website. 

Hackers use click bots that insert malicious code into the subID value of affiliate links. Though subIDs are typically used for affiliate tracking, putting malicious code into this field acts as a submission to the network. The code then attempts to run on the network and execute commands.

Generally, the hacker will inject code that downloads the network’s database. Once they have this information, they can do whatever they want.

The aftermath of an injection attack

At a base level, these attacks skew your data by running fraudulent clicks in an attempt to break into the networks. That means an unknown number of clicks aren’t from actual users.

At a minimum, these attacks can heavily skew your data. This means sending inaccurate reports to brands, interrupting the feedback loop you use to guide your affiliate strategy, and more.

Hackers can access your data, see payment information, and even redirect commission payouts if an attack succeeds. Data breaches also compromise your relationship with advertisers, potentially damaging your reputation and increasing revenue loss in the future.

Gaining full visibility into your data protects you

Though most affiliate networks have protections to prevent SQL injections, they still happen. By being aware of the problem, you can quickly identify potential attacks.  

Any abnormalities become highly visible when you have full visibility into your data. Regularly conducting data audits allows you to: 

  • React quickly
  • Protect your data
  • Alert affiliate networks and brands of any breaches

Unfortunately, if you’re like many other publishers, your data may be scattered and siloed in different platforms and networks, making it difficult to identify anything out of the ordinary. 

Trackonomics by impact.com—part of the impact.com for Publishers suite—unifies your data across platforms to get a comprehensive view of your performance data. You can even filter out fraudulent subIDs, providing insight into your true number of clicks. Having deeper insight into your data also helps you catch fake traffic, flag potential cyber attacks, and scale your affiliate marketing efforts faster and more effectively. 

Trackonomics and other impact.com tools for publishers allow you gain deeper insight into your affiliate traffic, sales, and other important data. Take a free Publisher Tools Basics certification course from the Partnerships Experience Academy to tour of these tools and see how they can help scale your content monetization efforts. 

Stay in the know. Get our monthly newsletter right in your inbox.


You have successfully signed signed up to our newsletter. Keep an eye on your inbox...

Invalid email

impact.com values your privacy.