April 18 0 235

Affiliate Marketing & Cybersecurity: Intersecting Worlds or Parallel Universes

Today, cybercrimes are no surprise to anyone. Viruses, malware, and DDoS attacks target any website, application, or service. But companies and corporations defend against cybercrimes by creating entire departments and divisions dedicated to cybersecurity. But what about affiliate marketing?

The Partnerkin team talked to specialists who successfully combined two different fields — affiliate marketing and cybersecurity. Let's discuss which cybercrimes are more common in affiliate marketing and how to resist malicious actors.

Stay up-to-date with the latest affiliate marketing news, articles, guides, and case studies. Subscribe to our Telegram Channel today!

"Security in IT is like expensive underwear — no one sees it, but you feel confident," — Alexey Alexeev, IT Manager.

Hi. Tell us a bit about yourself — what do you do, and what's your relationship with cybersecurity and affiliate marketing?

My name is Alexey Alexeev. I'm an IT manager and have been working in the field for over 11 years. I started with programming, delved deep into web development from design to SEO. For the last 3 years, I've been working in affiliate marketing (CTO, IT manager, product owner). I've worked in both CPA networks and affiliate marketing teams, so I'm familiar with many processes, tools, and cybersecurity issues in these areas.

What cybercrimes have you encountered in your work, and how often do they occur in the field of affiliate marketing?

I've actually encountered quite a few cybercrimes. For example, fraud. For affiliate programs, it’s a typical occurrence and the basis of everything. Phishing, viruses, and other threats are also not uncommon for affiliate marketing. I remember a case where a browser installation was conducted through a fake link, and even a complete reinstall couldn't help.

I've experienced instances where a major hosting provider's servers were hacked, resulting in the website displaying content completely unrelated to what was intended, often with political motives behind the attack. There have also been cases involving exploits, where clever individuals injected malicious code into outdated versions of WordPress, granting them access to the website. These breaches often went unnoticed for some time, during which the website continued to direct traffic to the malicious actor.

I've also come across situations where criminals inserted deceptive code into landing pages. Essentially, when you duplicate the landing page, the obscured code redirects your traffic to a malicious website or prevents the landing page from displaying after a certain period.

In your opinion, which cybercrimes are the most sensitive for affiliate marketers?

In my view, the most sensitive cybercrimes are those that lead to data loss, loss of access, or resource downtime. In the first case, you lose time and money, but you realize the value of information and the importance of security. In the second case, you lose your reputation and possibly suffer significant financial losses.

Do you know how to deal with cybercriminal attacks or defend against them?

I'll start with the obvious but critically important. Do not delay the issue of security planning, even if you are a small team. Sooner or later, you will encounter it, but it's better to prepare in advance.

Here are a few basic points:

  • Access. Keep it secure, knowing who has been given access and for what. Avoid transferring root access whenever possible; create users with limited rights. Are your Google Docs accessible via a link rather than shared with specific emails? Accept the fact that in this case, they are publicly accessible. If an employee leaves, and you don't change the passwords to the resources they had access to? Expect trouble and leaks of insider information.
  • Servers. For truly important resources, choose reliable hosting providers, preferably with responsive technical support. Remember that not all servers support IPv6. So, you may not know that your website isn't accessible to IPv6 users, causing you to lose traffic.
  • Authentication. Try to use multi-factor authentication (MFA) for key services. This will enhance security against unauthorized access attempts.
  • Backup. Backups deserve special attention. Any server can lose data, even if it's in your garage. Therefore, make it a rule — if the data is important, it should be backed up.
  • Employee Training. Train your team members in cybersecurity principles, such as recognizing phishing emails, secure password usage, etc. This will help prevent social engineering and other types of attacks.

These are the minimum steps that will help deal with attacks and protect your data.

How do you think, do affiliate marketers need a cybersecurity specialist on their team?

I believe this is a question every affiliate marketer should ask themselves. But overall, security in IT is like expensive underwear — no one sees it, but you feel confident. If you want to feel confident, take care of cybersecurity.

Can you share an interesting case related to cybercrime?

A pretty interesting case happened when I was working as a technical director in an affiliate marketing team. It was all quite simple — downloaded a file from an unreliable source and got a virus as a gift. By a stroke of bad luck, it ended up in the finance department, which handles payments. The essence of the virus was quite simple — when copying a cryptocurrency wallet, the value in the clipboard was replaced. You copied one wallet but pasted another. And the money went to the criminals.

Fortunately, we had a vigilant person on our team who double-checked the start and end of the cryptocurrency wallet address (and I recommend you do too!), so the question came to me immediately. It turned out that the virus was very stubborn and wasn't detected by antivirus programs. Only a complete reinstall of the operating system helped. Fortunately, we didn't send anything to the scammers.

"Cybersecurity is insurance. We pay money now so we don't lose it later," — Anton Bochkarev, cybersecurity expert, Broconf 2 speaker.

Hi. Tell us a bit about yourself — what do you do, and what's your relationship with cybersecurity and affiliate marketing?

Hey there! I'm Anton Bochkarev, and I've been working in cybersecurity for a solid 10 years now. Over the years, I've been deeply involved in penetration testing, held positions as an external cybersecurity director, clinched victories in hacker competitions, and even started my own company, "Third Party." My link to affiliate marketing stems from my professional experiences. I've gained insights into how webmasters and affiliate marketing teams can cut costs, where to begin learning about cybersecurity, and the most effective ways to safeguard your company.

What cybercrimes have you encountered in your work, and how often do they occur in the field of affiliate marketing?

All companies that make money, use web applications and have some infrastructure are vulnerable to cybercriminal attacks. Most often, this is fraud. Scammers use access to internal data, and the money begins to leak somewhere, strange payments occur, or traffic is simply siphoned off.

In the realm of affiliate marketing, it's not unusual to come across ransomware attacks. These criminals aim to encrypt your system and demand payment to unlock it. Sadly, if you're hit with ransomware, you're faced with a tough choice: pay the ransom or accept that your data is gone for good. Decrypting it yourself is out of the question. What's interesting is that ransomware attackers aren't always in it for the money. Sometimes, their goal is to tarnish a competitor's reputation and sow doubt among their customers.

But DDoS attacks are more often aimed at reputation. They are the easiest to organize and demonstrate that competitors are weaker reputationally, that they are not protecting themselves, etc.

In your opinion, which cybercrimes are the most sensitive for affiliate marketing?

It all depends on the situation and the specific affiliate marketing team. For some, financial damage hurts more, while for others, reputational losses are more painful. Team owners should think about what is more dangerous for them and which critical events are most sensitive.

Do you know how to deal with cybercriminal attacks or defend against them?

Of course, that's my job. And I can give webmasters and affiliate marketing teams some tips on dealing with attacks and protecting their data:

  1. Conduct security assessments — you should understand how secure your applications are and how easy they are to hack.
  2. Train your employees — simple things, such as not clicking on suspicious links, not opening random emails, and not downloading and running unfamiliar files, will protect you from phishing.
  3. Monitor security — regularly check if anything unnecessary has leaked onto the internet due to admin errors and other guys who maintain websites.

When successfully repelled a cybercriminal attack

Cybersecurity is something that needs attention. If you haven't had any problems with cybercrime today, it doesn't mean they won't happen tomorrow. And remember, attacks usually target the less protected, rather than specific companies, websites, or applications.

What do you think, do affiliate marketing need a cybersecurity specialist on their team?

No, definitely not needed. The team doesn't have enough tasks to keep a cybersecurity specialist busy full-time. And such a specialist is very expensive. The best option is to bring in someone on an ad-hoc basis for specific tasks. For example, to check the infrastructure, explore new products, track how team members fall for phishing attempts, etc.

However, if the team needs to constantly manage its security, I recommend hiring an external Chief Information Security Officer (CISO) for a few hours a month. They can manage security, advise the team on further development, what needs to be done, what's safe, etc.

Can you share an interesting case related to cybercrime?

A funny story happened with one team during an internal audit, they found two insiders at once. And they were working parallelly, and the second one blew the cover of the first. Here's how it went down. The guy had been working in the team for a long time, quietly committing fraud on the side. He was experienced, cunning, and savvy. But then another person joined the team, who also had the idea to make some extra money on the side. The second one was foolish and immediately got caught. The team conducted an internal investigation and also uncovered the first insider.

"Companies hire SOC specialists when people in uniforms show up and take all the equipment," — #Pumba app, technical specialist.

Hi. Tell us a bit about yourself — what do you do, and what's your relationship with cybersecurity and affiliate marketing?

Hi. I'm #Pumba app, a technical specialist and a jack-of-all-trades. I do everything except frontend and traffic pumping.

What cybercrimes have you encountered in your work, and how often do they occur in the field of affiliate marketing?

I’ve encountered a lot of things. For example, DDoS attacks. For SEO traffic, it's a common story. But for PWA applications, DDoS attacks have become something new, but no less unpleasant. Cybercriminals have figured out that PWAs don't hide URLs and deliberately attack apps.

There are also hacks. In SEO traffic, hacks happen if you don't update your plugins. Without updates, errors and vulnerabilities accumulate, which become open doors for hackers. They also hack applications. But usually for a different purpose — to see how things are done with competitors, to replicate a case. In the world, this is called reverse engineering in the affiliate marketing case. Such hacking of apps allows you to save time and money.

Phishing in affiliate marketing is rare but happens if someone needs to gain access to an affiliate program or software. Usually, this is a targeted attack, and the goal is specifically for you, your software, or the affiliate program. It's more like a niche for affiliate marketing to use logs.

In your opinion, which cybercrimes are the most sensitive for affiliate marketers?

In my opinion, the most sensitive for affiliate marketers is a DDoS attack. Because while the attack is ongoing, all traffic goes down the drain.

Another painful blow could be the leak of insider information, landing pages, and other internals. There was a case when the head left the team and for several months leaked information. It happened because, after his departure, they forgot to change the Keitaro API key.

Do you know how to deal with cybercriminal attacks or defend against them?

It's not that difficult. Limit access to servers, and apply action logging and firewalls. And Cloudflare will protect against DDoS attacks. These simple rules will help prevent the most common cybercrimes in affiliate marketing.

I'll also share a secret trick so that your landing page can't be stolen. Insert this code <?php if (!isset($rawClick) && !isset($click)) { die(); } ?> at the beginning of the landing page on Keitaro, and no one will be able to take it away. An important condition is that the landing page must be index.php.

What do you think, do affiliate marketers need a cybersecurity specialist on their team?

Maybe they do, but usually, for example, in large affiliate marketing teams of 100 people or more, SOC specialists are hired after some incidents. Or when people in uniforms show up and take the equipment. After that, they immediately hire a specialist who controls the perimeter and sets up departmental rules.

Can you share an interesting case related to cybercrime?

The most interesting one was with Galia Busheva (aka SEOheroine). Through phishing, her account was hijacked, and all the information was dropped.

There was also a funny story in the category of "crimes that never happened." One of my clients wrote an article about a blogger. The article was just an article, but the blogger and his fans took offense. By chance, in the chat of this blogger, I saw a discussion of a DDoS attack on my client's website. I connected the blogger and my client, they talked and resolved all issues. As a result, there was no DDoS attack.

Conclusion

Affiliate marketing, like any field where there is money and valuable information, is susceptible to cybercriminal attacks. But you can deal with them and protect your resources if you update your software promptly, monitor accesses, and use special services like Cloudflare. Whether to hire a cybersecurity specialist or personally guard your finances and information is up to you.

How do you like the article?