November 08, 2023 0 624

After Several Years of Committing Cookie Stuffing Fraud, an American Man Made $28 Million: How Affiliates Monetize Toolbar Traffic

As the internet developed, numerous specialized software, add-ons, and extensions appeared in operating systems, intended to facilitate users' lives. However, not all specific programs positively affect the computer's performance. Some extensions carry potential risks.

Such software includes toolbars — special toolbars that are added to the computer system itself, the browser, or other programs, providing additional capabilities. This article discusses when toolbars appeared, how they are hazardous to PCs, and how webmasters use them for fraud.

Stay up-to-date with the latest affiliate marketing news, articles, guides, and case studies. Subscribe to our Telegram Channel today!

When and How Did Toolbars Appear?

Toolbars are tool panels that simplify access to the functionality of a particular program. In this capacity, the first toolbars appeared in 1988, in the first version of Microsoft Word released by the Windows Corporation. Over time, toolbars, in the form of a convenient graphical interface element, began to be added to various computer programs.

The program window of that very first "Word" with the recognizable toolbars’ classics:

The new opportunities for toolbars emerged with the advent and development of the Internet. They began to be developed for the first windowed browsers and search engines. Thus, their toolbars appeared in the late 1990s at AOL and Yahoo. In addition to the main functions of accessing navigation tools, they allowed instant access to email or finding the necessary information on the network. Later, various services began to release toolbars in the form of proprietary add-ons and advertising panels, reminding users of a particular brand.

The variety of toolbars allows us to distinguish several types:

  • Useful toolbars — panels with tools that make people's lives easier. These are toolbars with information about the weather, time, counters of new emails, and so on.
  • Conditionally useful — the same informational toolbars with added advertising banners. Advertising in such panels usually offers to download additional software or other add-ons in the brand's line.
  • Advertising toolbars — panels without useful functions, but with advertising information that prompts targeted actions. Messages popping up on these panels aggressively encourage users to download something, visit a particular site, subscribe, or order a service through a pop-up form.

Useful toolbars include specialized panels embedded in browsers from well-known search engines such as Google Toolbar, "Yandex Elements" with Yandex Bar, and others. The usual advantages of toolbars are:

  • Simplifying work with familiar tools.
  • Contextual adaptability — toolbars can dynamically change content and functionality, reacting to the current state of the program or active interface panels.
  • Easy configuration — toolbars allow you to add and remove all necessary buttons in a few clicks.
  • Extensibility — with the help of add-on plugins or APIs, toolbars can be equipped with new features or integrated into other applications.

In the advertising sphere, several types of AdWare toolbars are distinguished:

  • In-browser plugins and BHO — Browser Helper Objects for IE. They operate within browsers.
  • Coupon and loyalty toolbars — activated on advertisers' sites, helping people to avail of discounts or offering promotions and bonuses.
  • Shopping assistants — popping up in browsers as panels with product and service advertisements, as well as offering coupons and discount offers when transitioning to the advertiser's site.
  • Reminders — toolbars that change color or use other visual effects to attract the user's attention.

The branded toolbar offering discount coupons:

The main drawback of modern toolbars is that some advertising panels tend to embed themselves into operating systems independently, thereby causing irritation and dissatisfaction among users. Among the disadvantages is the fact that even useful toolbars installed by users themselves are used for harm — for redirecting users to unnecessary websites and for replacing cookies. Cookie stuffing technologies, including through toolbars, are used in black affiliate marketing.

What is Cookie Stuffing?

The technology of cookie stuffing originated at the time when affiliate marketing itself appeared, as cookies were used precisely to track users and approvals. The substitution occurs in the user's browser without going through the affiliate link.

Here's how Cookie Stuffing works in detail:

  1. The user visits the webmaster's site and then, without taking any action, leaves the resource.
  2. The webmaster calls the affiliate tracker and simulates the user's transitions to the websites of online stores and other platforms from the webmaster's site itself. As a result, cookies from different sites are set in the user's browser.
  3. Next, the user himself enters the internet store tracked through cookies and places an order, without even realizing that the cookies necessary for the webmaster's affiliate network are set in his browser.
  4. At the moment of finalizing the user's order, a tracking pixel with data about the order — ID, its cost, and other data — is sent to the affiliate network.
  5. After the approval of the lead obtained in this way, the affiliate network credits the unscrupulous webmaster with a reward.

Of course, the user does not see the cookie stuffing. It is used stealthily, even if the user comes to a specific online store from another advertising channel or even types the site's address directly.

The problem for website owners and users alike is that various elements of the site - images, frames, Flash, Java scripts, and CSS — can be used for transmission, and therefore substitution of cookies. HTML tags embedded in iframes and images open a page or several pages within another on the site — it is there that the unscrupulous webmaster's referral link is located. These pages are impossible to notice, as they open in an iframe, loading into an inconspicuous 1x1 pixel. Thus, it is impossible to technically prevent Cookie Stuffing.

Cookie Stuffing in Toolbars — Can Cookie Replacement Be Prevented?

Cookie Stuffing in affiliate marketing is considered fraud and accounts for about 60% of the affiliate marketing industry. The use of cookie substitution technology through toolbars is widespread because people actively use them and install them themselves. However, toolbars are often "embedded" on computers without authorization.

This happens when people download something necessary or interesting from the Internet, such as games, free or unlicensed copies of applications, videos, and other content. During installation, there is a notification with an automatically checked box in an inconspicuous place — "install browser extensions."

After downloading, users discover a new advertising or informational panel on the taskbar or in the browser, through which cookie stuffing can occur. If the extension has "penetrated" the computer, it will run when the browser is loaded. If it is a hidden program, it is added to the autoloads by default and starts when the PC is turned on.

In affiliate marketing, it is impossible to trace clean and dirty traffic from toolbars, so it is usually prohibited by affiliate networks. In some adult and gambling offers, less frequently in the nutra sphere, toolbar traffic is sometimes considered. However, generally, advertisers prefer not to deal with such traffic, as it poses reputational risks for the brand — many users dislike intrusive advertising through toolbars.

Some advertisers consider among the risks not only the devaluation of brands in the eyes of customers but also in the eyes of commercial partners who organically do not accept the use of toolbars in marketing.

Many advertisers in affiliate marketing ponder whether it is possible to identify cookie substitution. The purity of leads can be checked through standard analytical counters like Google Analytics and Yandex Metrica. However, these tools work on a last-click or last-click-not-direct model, so the results of the check will not yield anything.

Fraud involving data attribution generally requires a lot of time for study and analysis. To recognize it, advertisers need to clearly define the key performance indicators of metrics, analyzing them during and after campaigns, thereby identifying the data indicators that indicate fraud.

Sean Hogan — the Man Who Made Millions of Dollars Through Toolbars

One of the most scandalous cases of cookie stuffing through developed toolbar software is associated with the name of American businessman and IT specialist Sean Hogan. The founder and CEO of Digital Point Solutions software provider, Hogan gained fame in America in 2006 thanks to a brilliant defense case before the Motion Picture Association of America (MPAA), which accused him of downloading the movie "Meet the Fockers" via torrent. By that time, already a millionaire, Hogan could have simply paid $2 500, thus admitting guilt, but he stood his ground and ultimately won the case against the MPAA.

However, two years later, Sean Hogan again appeared in court on charges of illegal earnings through cookie stuffing. The scheme, at that time, was not new but quite inventive: by developing two original, conditionally useful toolbars, Hogan earned millions of dollars through them in the eBay affiliate program. The indictment featured an amount of $28 million "earned" in this way.

In 2010, Hogan and his commercial partner involved in his case were finally convicted of digital fraud and causing substantial damage. Because the savvy IT specialist agreed to cooperate with the FBI right away, the judge imposed a relatively lenient punishment: Sean Hogan was sentenced to 5 months in Federal prison with a fine of $25 000 and subsequent three years of probation. Interestingly, during the trial, Hogan claimed that eBay knew about the fraudulent toolbar scheme from the very beginning of the software's launch, preferring not to intervene for the time being. However, he couldn't prove this in court.

The scale of the phenomenon of cookie stuffing is vividly illustrated by the case of the interaction between the TrackAd platform and the network stores Yulmart and MediaMarkt. Over two months of working with the business, more than 10 000 orders with various types of fraud were identified - cookie stuffing through toolbars and context on the brand, as well as no less than 4 500 orders with incorrect data deduplication. In most cases, fraud represented the classic cookie stuffing — it accounted for almost 75% of all orders during the advertising campaign.


The method of cookie substitution in affiliate marketing is one of the most popular ways of fraud, which appeared at the dawn of the emergence of affiliate marketing as such. Unscrupulous webmasters used a variety of methods to drain traffic through cookie stuffing, among other things, they learned to disguise fake user activity through popular toolbars.

It is extremely difficult to fight cookie substitution in affiliate marketing, so some types of traffic are prohibited in almost all verticals. Allowed traffic drainage through toolbars is a rare phenomenon today, although in exceptional cases, such offers can be found in adult and gambling. To detect invalid leads, advertisers try to carefully sift traffic, analyzing it both during the advertising campaign and at the approval stage.

How do you like the article?
#cookie stuffing #traffic