When the Honey scandal was revealed at the end of 2024, it shone a spotlight on something that often flies under the radar: Affiliate fraud.
The scandal exposed Honey, a PayPal-owned browser extension, for scraping creators’ affiliate revenue.
What resulted was several class action lawsuits being filed against the company, a total lack of distrust in the company, and Honey losing over 3 million users.
But, unfortunately for affiliate marketers, the vast majority of affiliate fraud flies well under the radar. And with affiliate marketing growing at an unprecedented rate, it’s quickly becoming an even bigger, even more lucrative target.
And here’s the thing: Affiliate marketers are busy people. They’re constantly juggling moving parts; networks, sub-networks, influencer partners, browser extensions, coupon sites, app integrations, and all the weird little gaps between them.
It’s a messy ecosystem, which unfortunately results in vulnerability. And vulnerability is where fraud thrives.
Affiliate fraud isn’t always loud or obvious. It’s usually the quiet kind - the kind that steals revenue attribution silently and siphons off budget you didn’t even realize you were losing.
To help affiliate marketers remain aware of the increasing level of threat they face, we spoke to Jake Scrace - an affiliate marketing veteran with years of experience managing affiliate programs under his belt - to discuss the intricacies of affiliate fraud.
We covered:
- the surprising impact of affiliate fraud
- the key signs of affiliate fraud marketers should be looking out for
- and what to do next if you’re impacted
Watch the full conversation here - or if you’re low on time, keep reading for the written takeaways.
Timestamps:
0:00 - Coming up...
0:37 - Intro
3:20 - Affiliate fraud explained
6:08 - Are affiliate campaigns more vulnerable to fraud?
8:18 - Are marketers aware of affiliate fraud?
9:47 - The main types of affiliate fraud
14:06 - How widespread is affiliate fraud?
19:00 - The PayPal Honey scandal explained
24:12 - Early indicators of affiliate fraud
27:12 - How invalid traffic is an indicator for affiliate fraud
29:32 - Key recommendations to secure affiliate programs
35:06 - Final thoughts & next steps
Why affiliate fraud isn’t like other fraud
Affiliate fraud is often lumped in with broader “digital ad fraud,” which makes sense at a high level. But it falls apart the moment you examine the mechanics.
In paid channels, click fraud typically creates fake interactions.
In affiliate programs, affiliate fraud steals real ones.
Jake summed it up perfectly:
“Rather than manufacturing huge volumes of fake clicks, a fraudulent affiliate often waits until a real customer is just about to purchase… and then fires a sneaky tracking pixel or injected click behind the scenes.”
Suddenly, attribution reroutes.
The network sees the fraudster as the last touchpoint.
The affiliate gets paid for influencing a sale they never influenced.
And the brand foots the bill.
It’s the digital equivalent of someone darting into frame right before the finish-line photo and claiming they ran the marathon with you. They didn’t run a step, but now they’re wearing a medal.
This distinction is crucial because:
- Affiliate fraud hides inside real customer journeys, not junk traffic.
- It preys on attribution logic, not ad-serving loopholes.
- It steals value quietly, instead of overwhelming you with fake volume.
That’s why so many marketers underestimate the problem. They’re looking for the wrong signals.
The Affiliate ecosystem is a perfect playground for fraud
If you tried to design a channel vulnerable to exploitation, you’d struggle to build a better playground than the average affiliate setup. Jake touched on this in the conversation, and honestly, he was being polite.
Here’s the thing:
The affiliate ecosystem is fragmented.
And not just “a bit messy” - we’re talking Russian-doll levels of complexity.
You have:
- Affiliate networks
- Sub-networks hidden behind those networks
- Individual partners inside those sub-networks
- Browser extensions
- Voucher sites
- Mobile partners
- Influencers
- API integrations
- Redirect chains stretching across half the internet
And every single one of them can add, modify, or intercept tracking parameters.
Even the tracking itself is built on conventions - predictable URL structures and standardised parameters - that fraudsters know how to manipulate. Once you know how the puzzle pieces usually fit together, you also know exactly where to slip in your own piece unnoticed.
Meanwhile, affiliate managers are often managing hundreds or even thousands of relationships, many of which they’ve never spoken to, and some of which they didn’t even know existed until something broke.
So is the affiliate channel uniquely vulnerable?
Yes. Absolutely.
And for reasons that are structural, not accidental.
Which brings us to click fraud - or invalid traffic (IVT).
Even though affiliate fraud isn’t primarily bot-driven, elevated levels of invalid traffic often point to deeper issues:
- Traffic laundering within sub-networks
- Automated sessions designed to mimic user engagement
- Partners faking performance to negotiate better payouts
- Cloaked journeys masking redirect hijacking
- Early-stage testing by fraudsters before they ramp up
IVT might not directly result in the affiliate fraud itself, but it’s often the breadcrumb trail that leads straight to it.
And once you know that, you stop treating IVT as a reporting nuisance and start treating it for what it really is:
An early warning system for attribution theft.
The affiliate fraud tactics marketers need to recognize (broken down in plain english)
Jake listed several forms of affiliate fraud in the podcast, and every single one deserves attention. That’s because they don’t just threaten revenue - they erode trust in the entire channel.
But instead of drowning in jargon, let’s break these down the way marketers actually talk about this stuff.
Think of this section like a field guide. Not too heavy, not too technical, but detailed enough that the next time you see something strange in your partner reporting, you’ll know exactly what you’re dealing with.
Click manipulation - the silent attribution thief
This is the big one. The fraud type that hides in plain sight.
Click manipulation happens when a partner fires a fake click after a customer has already arrived on your site and is about to purchase. They don’t drive the traffic; they intercept it.
A few common versions:
• Force Clicks
A partner forces a click through invisible elements on their site. The user never intentionally interacts - but the network thinks they did.
• Cookie Stuffing
The affiliate secretly plants their tracking cookie in the user’s browser, hoping to swoop in at conversion time.
• Invisible Iframes
A page loads a hidden iframe that auto-triggers an affiliate click without the user knowing.
• Browser Extensions Injecting Clicks
Extensions can fire last-minute tracking events even when a shopper never actively used them - exactly the kind of manipulation seen in the Honey scandal.
Jake made this point clearly: affiliate fraud often isn’t about adding “fake” conversions. It’s about stealing real ones by manufacturing a click right before checkout.
Link hijacking & redirect tampering - when your click path stops belonging to you
Affiliate links often travel through multiple layers of redirects. Sometimes five. Sometimes more. Jake explained that fraudsters can stretch these redirect chains to 12+ hops, slipping their own ID into the path like a pickpocket blending into a crowd.
Common techniques include:
- swapping affiliate IDs in transit
- adding cloaked redirects
- spoofing URLs
- replacing partner parameters with fraudulent ones
If the customer journey were a package delivery route, this would be the moment your parcel disappears into a sketchy warehouse and re-emerges with someone else’s name on the label.
Redirect-level attacks are especially dangerous because they exploit the predictable, universal nature of affiliate tracking conventions. Once someone understands your tracking structure, they also know exactly where to alter it.
Traffic laundering - Where most IVT lives
This tactic blends both fake and real traffic to create the illusion of strong engagement. The goal is simple: look valuable enough to get better commercial terms.
Jake highlighted that bad actors often use IVT to inflate engagement, especially inside sub-networks where partner-level visibility is low.
This usually looks like:
- partners with no real content posting huge session numbers
- recycled bot networks repackaged as “audiences”
- blended traffic sources masking bot flows
- automated “warm-up sessions” that precede attribution hijacking
Conversion manipulation - fake conversions, real payouts
The most direct method: generating conversions that never existed.
Jake mentioned several types, but one stands out:
Postback Spoofing.
This is where fraudsters fabricate server-to-server conversion signals and send them back to the network as if they were legitimate. Because postbacks are trusted by default, they’re incredibly easy to exploit unless you have strong validation in place.
Other variations include:
- stolen credit card testing
- automated order simulations
- fake new-customer flags to trigger higher commissions
This is fraud at its most brazen: the affiliate literally invents money and asks you to pay them for it.
Bringing it together
Once you understand these tactics, affiliate fraud feels less mysterious. You start spotting patterns you would’ve missed before. You start treating IVT spikes as signals rather than annoyances. And you start understanding why the affiliate channel, despite its massive potential, requires more scrutiny than most marketers give it.
And now that the tactics are clear, the next step is figuring out how to spot them (and stop them) before they drain your budget quietly in the background.
But first, let’s dig deeper into the now-famous Honey affiliate scandal:
Remember the Honey scandal?
We mentioned it in the intro, so we won’t rehash the whole saga. But the Honey scandal is worth revisiting briefly because it captured something important:
Even the biggest, most trusted players can manipulate affiliate attribution at massive scale without being detected for years.
Browser extensions were quietly injecting their own affiliate IDs during checkout. Creators who drove genuine traffic weren’t paid. Consumers had no idea what was happening behind the scenes. And far too many brands assumed everything was working as intended.
Jake noted that advertisers were already skeptical about browser extensions even before the scandal broke - there was a lingering sense something wasn’t quite right.
And honestly, that’s the whole point.
If fraud can slip under the radar with millions of transactions flowing through a single partner, just imagine how easily it can hide in a mid-sized affiliate program with limited oversight.
When it comes to affiliate marketing, don’t assume scale equals safety. Sometimes scale just magnifies the damage.
The affiliate fraud red flags
Once you know what to look for, affiliate fraud becomes much easier to detect. The challenge is that most people don’t know where to start.
Or worse, they chalk anomalies up to “weird data” and move on. Jake shared several clues worth paying close attention to.
Here are the big ones:
1. When the data doesn’t feel right
This is where trusting your gut really matters. Jake said it plainly: affiliate managers are deep enough in the numbers to feel when something’s off - even if they can’t articulate it yet.
Look for things like:
- Huge spikes from a partner with a weak website
- Conversions growing faster than clicks
- Traffic rising without any conversions
- Conversion rates that feel impossibly high
- A sudden wave of “new customers” that doesn’t match internal analytics
2. Redirect chains that look like a maze
If a link jumps through an unusually long chain of redirects, someone might be tampering with it. Standard affiliate journeys may include a few hops. Fraudsters stretch them to absurd lengths - sometimes 10, 12, or more - so they can hijack IDs unnoticed.
When you see:
- obfuscated redirects
- cloaked domains
- affiliate IDs changing mid-stream
That’s a problem.
3. Partners who look valuable but… Aren’t
Traffic laundering often produces partners who appear “highly engaged” on paper.
A few telltale signs:
- traffic volume that doesn’t match content quality
- suspiciously consistent behavioral patterns
- lots of traffic but suspiciously few conversions
- IVT surges tied to a single sub-network or partner group
As Jake pointed out, IVT tends to show up frequently in these partner types.
4. Attribution discrepancies
Your internal analytics say one thing, but your affiliate network says another.
The numbers won’t line up. And they never will - because someone else is altering the journey.
Jake described affiliate fraud as an iceberg: the obvious stuff sits above the surface (like brand bidding), but most of the fraud lives below, invisible unless you go looking for it.
If attribution feels skewed, assume there’s a reason.
How to protect your affiliate program (without losing your mind)
The good news is that you don’t need to rebuild your affiliate setup from scratch to create an affiliate program more resistant to fraud.
But you do need to strengthen the areas fraudsters exploit.
Jake shared a series of recommendations that every brand, regardless of size, can apply.
Here’s how to make your program tougher to exploit.
1. Modernize your tracking infrastructure
Most affiliate fraud thrives on outdated tracking setups. Moving to server-side tracking helps shut the door on cookie-based manipulation, iframe injections, and last-second click stuffing.
Jake explained that with server-side tracking, events go through the brand’s backend first - letting you block suspicious “hidden” conversion attempts before they ever hit the network.
This alone removes a huge chunk of vulnerability.
2. Use redirect verification as your early warning system
Since redirects are a playground for hijacking, you need automated checks that validate:
- redirect length
- suspicious domains
- cloaked hops
- swapped affiliate IDs
If a link journey looks more like a backpacking trip across Europe than a straight shot to your product page, redirect verification flags it.
Fraudsters hate verification tools because they turn their favorite tactic into a blinking red alert.
3. Get visibility into sub-networks
This one’s huge.
Sub-networks can contain hundreds of hidden partners, each with their own traffic, practices, and incentives. Jake emphasized how important it is for brands to understand who, exactly, is behind the traffic coming through these middlemen.
Don’t accept “trust us” reporting.
Demand:
- partner-level transparency
- traffic-source explanations
- removal of low-quality or high-IVT senders
If a sub-network can’t explain its partners, that’s a problem - not a partnership.
4. Strengthen your program terms (and actually enforce them)
Clear rules give you leverage.
At a minimum, your affiliate T&Cs should cover:
- brand bidding restrictions
- extension behavior
- cookie usage
- bot and automated traffic
- consequences for violations
Jake noted that when fraud appears in plain sight (like brand bidding) it’s easy to shut down because you can point directly to your terms.
But vague rules lead to vague enforcement. And vague enforcement… Well, it’s an invitation.
5. Get an independent audit (not from someone with a stake in the program)
Jake was very clear on this:
don’t rely on your affiliate network to diagnose fraud.
Not because they’re malicious, but because:
- networks earn from volume
- internal data teams may lack affiliate-specific expertise
- fraud often hides in places most analysts don’t know to check
That’s why a third-party audit is so valuable. It reveals:
- where attribution is being stolen
- which partners are causing harm
- how big the financial impact actually is
- what you can stop paying for immediately
Affiliate programs should reward genuine performance, not whoever can hijack the last click.
Lunio’s new affiliate fraud prevention solution can not only serve as an independent, non-biased audit - but it can give affiliate marketers real control by screening every click and conversion in real time, validating traffic quality before payouts go out the door.
With network-agnostic implementation, clear rejection reason codes, partner-ready evidence exports, and automated alerts for suspicious patterns, Lunio helps you protect commission budgets, strengthen attribution integrity, and scale your affiliate program without scaling your risk.
It’s a simple way to cut out fake clicks, fraudulent conversions, and attribution hijacking - while proving to finance, networks, and partners that your program is clean, fair, and built for long-term growth.
Final thoughts
To bring the conversation home, a few final insights Jake shared deserve emphasis:
Most affiliate teams don’t have the time, or the training, to identify fraud.
Affiliate managers are constantly juggling partners, approvals, content placements, negotiations, and reporting. Fraud detection becomes a “when I have time” task… which means it rarely happens deeply enough.
Fraud is evolving faster than tracking systems are.
According to Jake, affiliate tracking hasn’t kept pace with the increasing sophistication of fraud tactics - especially in the last five to ten years.
You can’t fix what you can’t see.
This was one of Jake’s strongest messages: most brands dramatically underestimate how much fraud affects their affiliate programs simply because they’ve never looked past the surface.
Education is half the battle.
The more you understand the mechanics, the easier it becomes to protect yourself - and the less “mysterious” affiliate fraud feels.
Taking control of your affiliate program
Affiliate marketing can be an incredible revenue channel when it’s clean. But when fraud creeps in, it becomes a leaky bucket - one that quietly drains budget while showing you beautiful numbers that don’t match real impact.
The truth is, you don’t need to overhaul everything. You just need visibility. Once you can actually see the problem, you can choose how aggressively to fix it.
And if you’re curious where your vulnerabilities might be hiding, Lunio offers a free affiliate audit that can reveal the fraud you’re currently paying for - and give you evidence to push back on future payouts, just like Jake mentioned in the conversation.
Because here’s the thing:
Your affiliate channel should grow your business - not siphon from it.
And now you know exactly how to make that happen.
