This little piggy went to the affiliate market

Posted by on May 14, 2013 in Affiliate Fraud, Cookie-Stuffing, Wire Fraud ranks in the top quarter million sites in the world and almost in the top 100k for the US (see Alexa). If you are an ordinary user looking for a coupon then you won’t notice anything out of the ordinary when browsing through this site. affiliate fraud

Piggycoupons is an affiliate that has an indirect relationship with a number of online merchants via an affiliate network. For each merchant, Piggycoupons receives a tracking or click link that it will use when trying to market the merchant. Much like publishers in the online advertising world publish ads that are relevant to their content (hopefully resulting in more click throughs), affiliates try to market their merchants in an effort to get their users to click through on their affiliate links and buy something. Instead of being paid per click, an affiliate is paid if the end user buys something from the merchant after a click.

So a user could browse Piggycoupons today, click through on one of their merchants and only decide to buy something tomorrow. If a sale occurs, the merchant pays the affiliate network and the affiliate network pays the affiliate. The reason this transaction does not have to happen in a single browsing session is because tracking cookies are placed on the user’s machine upon clicking on one of the links handed to an affiliate by the affiliate network.

Enter the Rogue Affiliate

Rogue affiliates try to get around the click part of a transaction by forcing the click to happen no matter what. This results in the tracking cookies being stored on the user’s machine without an affirmative action (a click) from their side. The hope of the rogue affiliate is that the user will eventually end up buying something, and if they do then this affiliate will be paid (even if he did not earn it!)

Rogue affiliates are tough to compete with because they don’t play fair. By forcing the click through they will simply overwrite the cookies of honest affiliates.

This Little Piggy

If you fire up your favorite DOM inspector and take a closer look at this page on Piggycoupons, you will find that line 261 of their HTML has the source of an image set to an affiliate click link.

cookie stuffing

The browser will try to render this image by following the click link and storing all associated cookies that come back. This is faking a click. Since this is not a valid image link, the browser will be unable to render anything so a broken image icon will be displayed. Piggycoupons knows that what they are doing is wrong and that a broken image will give them away, so they try to hide what they are doing by setting the width and height of the image to 1 pixel.

In the image below we don’t notice the broken image:


I modified the DOM of Piggycoupons and altered the width and height of the malformed image, red arrows lead the way:

cookie stuffing

Remember, this affiliate is not playing fair. Having a malformed image setup in this manner forces clicks to every user that visits this page. The net effect has this affiliate potentially stealing revenue from honest affiliates and/or claiming unearned revenue from merchants.

Merchants impacted by Piggycoupons are and

Fraudster Score

This fraudster scores a pitiful 1/10:

  • 1 point for the most basic form of Cookie-Stuffing

* Update 5/16/2013 *

The folks from Piggycoupons got in touch with me, insisting that this was an innocent mistake made by their editor, who intended to paste an image tracking link and not a click link on the several pages that were guilty of Cookie-Stuffing. Piggycoupons assured me that all traces of Cookie-Stuffing have now been removed from their site.

From previous posts, we know that accidental Cookie-Stuffing is definitely possible. Hopefully this was an innocent mistake and Piggycoupons is trying to play the affiliate game fairly after all.

« »


  1. Test
    May 17, 2013

    Nope, line 261 is still the same :)

  2. guru
    May 20, 2013

    @Test, I think you wrong, it’s changed.
    the difference is between “click” and “image” within the url.