Cashback ad hijacking is a deceptive practice in affiliate marketing that involves exploiting cashback programs to hijack traffic and commissions assigned to other sources. In such cases, a publisher (affiliate partner) uses various tricks to insert themselves into an existing customer purchase journey and collect the commission—even though they did not actually acquire the customer. In other words, it’s about intercepting clicks and sales that would have occurred anyway, but through manipulation, they appear to be driven by the cashback affiliate.

Cashback hijacking is a form of affiliate fraud that distorts campaign performance statistics and exposes advertisers to additional costs. Marketers may be unaware that part of their budget is going to clever intermediaries instead of genuine new customers. This phenomenon can be difficult to detect, as sales appear to grow, but their source is either fake or manipulated through cashback mechanisms.

How Are Clicks and Commissions Hijacked?

There are several common scenarios in which dishonest cashback affiliates hijack traffic:

Impersonating Google Ads (SEM Hijacking):

A fraudster may run their own search engine ads (e.g., Google Ads) using a brand’s keywords. Often, they copy the official ad copy to make the ads look credible. When a user clicks on such an ad, they are redirected via a cashback affiliate link. As a result, the transaction is attributed to the cashback program, not directly to the advertiser—even though the user initially searched for the brand independently. The company ends up paying a commission for traffic it would normally have acquired organically or through its own advertising.

Cashback Plugins That Hijack Visits:

Many cashback programs offer users browser extensions that notify them about available cashback offers. These plugins can detect when a user visits a retailer’s site and display a prompt like “Get X% cashback.” If the user clicks the notification, the extension silently redirects them through an affiliate link, overwriting the original source of the visit with its own cookie. Even if the user originally arrived at the store via organic search, email, or display ad, the final click is attributed to the cashback publisher. In this way, the plugin captures the commission—even though it did not drive the customer to the site.

Cookie Stuffing and Background Redirects:

The most insidious methods don't even require user interaction. A dishonest affiliate may engage in cookie stuffing—secretly injecting affiliate cookies via invisible scripts or pop-ups that automatically send a request to the merchant’s site and place a cookie, without the user clicking anything. If the user later completes a purchase at that store, the fraudster receives the commission, even though there was no real referral. There are also malicious extensions or malware that redirect traffic in the background. The user sees nothing, but the affiliate cookie is set on their computer. These tactics are banned in most affiliate programs (as fraudulent behavior) and have led to major industry scandals.

Cashback: New Traffic or Sales Cannibalization?

Many advertisers knowingly partner with cashback platforms, treating them as another marketing channel (so-called loyalty publishers). However, it’s important to do this with full awareness of their limitations. Cashback partners rarely generate entirely new demand—instead, they often intercept existing demand from customers who were already planning to make a purchase. In simple terms, a user who uses cashback is usually already committed to the transaction and is just looking for an added benefit (cashback). Performance studies confirm this: bottom-of-the-funnel partners like coupons and cashback tend to claim credit for conversions that would have happened anyway.

From the advertiser’s perspective, this means the commission paid to such partners doesn’t always translate into additional sales—it often just reduces profit margin. In extreme cases, it may lead to cannibalization of other channels—for example, a customer who came via SEO or PPC ends up converting through a cashback link, so the marketing budget pays twice for the same transaction (once for acquiring the user, and once for the affiliate commission). Experts recommend measuring the so-called incrementality of affiliates—whether they actually drive additional sales. If you work with cashback partners, you should do so intentionally: set lower commission rates for this type of traffic or limit cooperation to trusted programs that follow ethical guidelines.

It’s worth noting that cashback partnerships can also be a strategic decision—they may help retain customers and prevent them from switching to competitors. For some consumers, the lack of a cashback offer may be a deal-breaker. Therefore, it’s not about avoiding the channel altogether, but managing it in a way that ensures benefits (increased sales, retention) outweigh the commission costs.

Unfair Practices: From Click Hijacking to “Cookie Stuffing”

The greatest risks arise when cashback publishers cross ethical lines and violate affiliate program rules. Here are two key deceptive techniques worth knowing:

Cookie Stuffing:

As mentioned earlier, this involves secretly placing an affiliate cookie on a user’s device without their knowledge. A publisher can do this by embedding an invisible 1×1 pixel on their site that links to the advertiser’s page with the affiliate’s ID. Cookie stuffing allows the fraudster to "tag" many users as referrals, even if those users never saw the affiliate’s offer. This tactic is clearly classified as fraud by affiliate networks and advertisers. A notable case involved top eBay affiliates over a decade ago—two leading partners were convicted for massive cookie stuffing, fraudulently collecting commissions on sales worth tens of millions of dollars.

Malicious Extensions and Background Redirects:

With advancing technology, more sophisticated commission-hijacking methods have emerged. For example, certain browser extensions that market themselves as shopping “helpers” (like coupon finders) were found to intercept affiliate commissions belonging to others. In the U.S., there is an ongoing lawsuit against the Capital One Shopping extension—content creators accused it of simulating fake referral clicks and overwriting cookies to steal influencer commissions. Similar accusations have been made against other tools: PayPal faced backlash over its Honey extension, which allegedly stole affiliate payouts—leading to the loss of millions of users. Microsoft also quietly pulled its built-in coupon feature from its browser after it was accused of replacing affiliate links with its own. These cases highlight how thin the line can be between “smart marketing” and fraud—and that even large corporations can be held accountable if their tools harm partners.

How to Protect Your Affiliate Program from Hijacking

An effective defense against cashback ad hijacking requires a combination of clearly defined rules and monitoring tools. Here are recommended steps for advertisers:

Clear Rules for Publishers:

Include clauses in your affiliate program terms that explicitly ban fraudulent practices. Prohibit brand bidding (PPC ads on brand keywords by affiliates), unauthorized widgets and extensions, cookie stuffing, or modifying links in the background. Define penalties for violations—from forfeiting commissions to program expulsion—and enforce them consistently.

Choose Cashback Partners Carefully:

Not all cashback platforms operate the same way. Work only with transparent and reputable platforms. A good practice is to check whether a publisher has fraud-prevention mechanisms in place (e.g. transaction verification, suspicious activity reporting). Avoid anonymous operators posing as “cashback” who may be generating fake traffic. It’s better to work with a few trusted cashback sites than dozens of unvetted sub-affiliates using questionable methods.

Monitor and Analyze Traffic:

Regularly audit your conversion sources. Watch for sudden sales spikes from cashback affiliates—especially if accompanied by drops in other channels (e.g., fewer SEO/SEM conversions). Check where cashback users came from—did they click a Google ad, or only appear at the final purchase stage? Monitoring tools (such as affiliate platforms or anti-fraud solutions) can help detect cases where the same user clicked a PPC ad and was then redirected through cashback (suggesting traffic hijacking).

Test Incrementality:

To assess whether a publisher truly adds value, run controlled tests. For example, temporarily pause a campaign with a specific cashback partner and observe whether sales decline or simply shift to other channels. In many cases, sales remain stable while costs drop—indicating the partner’s impact was negligible. Such data can help you manage commission rates and cashback presence wisely.

Track Trends and React:

The affiliate industry is constantly evolving, and fraudsters are always looking for new loopholes. Stay informed via industry blogs and fraud reports, and share information with fellow advertisers. When a new form of abuse emerges (e.g. a new hijacking plugin), quick action—such as blocking its ID—can minimize losses. Even tech giants have had to tighten policies (e.g. Google banned Chrome extensions from altering affiliate links without clear user benefit), showing the scale of the problem. Stay one step ahead of dishonest tactics before they drain your affiliate budget.

Summary

Cashback ad hijacking is a serious challenge for e-commerce and affiliate professionals. It involves cashback partners—whether platforms or browser extensions—capturing the final click and associated commission, often without adding any real value in terms of new customers. On one hand, cashback can be a legitimate loyalty tool; on the other, abuses like cookie stuffing and aggressive plugins are real threats. The key is intentional affiliate program management: understanding how cashback mechanisms work, choosing reliable partners, and maintaining constant monitoring. This approach helps avoid budget leakage to clever intermediaries while leveraging cashback where it genuinely boosts sales and customer satisfaction.