In one of the most successful, but least talked-about, tricks, hackers are ripping off online retailers to the tune of nearly a billion dollars a year using nothing but simple malware. And what’s worse, retailers often aren’t even aware that they are losing money.
It’s not magic hackers are using to scam online retailers, but a clever strategy called affiliate injected malware. Utilizing the malware, hackers inundate the computers and devices of potential customers with pop-up ads, banner ads, and toolbars designed to convince them to shop at alternative sites — in some cases even rerouting them to these affiliate sites, without the customer even realizing what is going on. For retail sites, it’s tantamount to outright theft — resulting in the loss of huge numbers of customers.
The malware that pulls this trick off often gets installed by users in the guise of an add-on — a “helper” toolbar or pricing app that comes piggybacked on an application installed by the user. The malware contains code that recognizes when users land on the page of retail web sites — and the code then activates and unleashes the annoying pop-ups and toolbars that are the main features of the affiliate malware scam. The ads or toolbars offer similar products at lower prices on the affiliate sites, and sometimes simply reroute shoppers to those sites, where they put an item in their cart — without even being aware that they were not on the site they intended to shop at. Thus, the legitimate site loses out on a sale that it should have been able to make . But that’s not all the site loses.
Advertisement
The sheer volume of pop-ups and toolbars makes for a very poor user experience. Every page is inundated with unwanted junk, interfering with the customer’s experience and it is likely they will remember it and think twice before going back to the site — if they even go back to the site. So the loss essentially becomes twofold: stores lose out on customers who are stolen away, and those that aren’t have their user experience ruined.
The worst part of all this? The retailer has no way to halt this malware at the source. The malware is installed, and operates, on the customer’s device. That is not something the retailer can control; even the most sophisticated cybersecurity systems won’t prevent affiliate malware from pulling off its annoying tricks on customers’ remote devices. In fact, even the customer often has no idea what is going on — believing that the annoying pop-up “noise” that they are experiencing is actually a feature of the shopping site!
So if traditional cybersecurity measures have no response for this tactic, how can retailers defend themselves against malware they can’t directly battle? The best solution is preventing the malware from interacting with their site before it can even load. Sophisticated systems that can identify code that engages with a site can halt affiliate malware in its tracks before they have the chance to activate. As soon as the code is detected, a protective system would be enacted, acting on the customer’s browser and preventing the malware from showing up on the retail site — thus keeping the pop-ups, toolbars and other “features” off their site, as it is being seen from the customer’s side.
It’s an antidote to the affiliate malware sites are plagued by, and it will ensure that the customer’s user experience is neat and clean — and that they get to shop at the site they chose to buy from, not the one a hacker chose for them. One good trick deserves another — and this one can ensure that shopping sites can keep both their sales and customer experience up.
Ken Zwiebel is the CEO of PageSeal, a provider of client-side malware protection. PageSeal’s technology defends web sites from client-side injected malware designed to redirect consumers to competitor sites. For a full diagnostic test and to begin protecting your website visit PageSeal.io