10 Comments

The Affiliate Industry must take a stand against Phishing

Jan 25, 2007
by

In the wake of the suit by Myspace against several affiliate networks (and apparently high-volume affiliates themselves), it’s becoming more apparent that affiliate marketing has some cleaning up to do. I had a phone call yesterday with my buddy Joe, who is in the process of developing his new network, Adfinity, and he remarked that he’s not even sure what his ad network needs to do to avoid such litigation.

Myspace’s actions are obviously the result of a pair realities that are facing that company. For one, it’s in their interest to make sure that they control the advertising on their own network (at least to an extent). It’s been a well-known fact amongst best-practices marketers that Myspace does not allow affiliate links in any communication on their network, including profiles, bulletins, forums, etc. Myspace earns their income from advertising sales, and if they allow affiliates and other adnetworks to profit from their system, they lose out on revenue opportunities.

The second reality that is facing Myspace, and in truth every social network is that phishing is only a problem when there’s an incentive for the “phisher”. As social networking becomes a larger part of our web (dare I say Web 2.0?) culture, phishing and virtual identity theft must be addressed, and it’s up to us as affiliate marketers on all sides of the issue to take action.

How we as a community can responsibly address this issue is not entirely clear to me. One suggestion that I provided my colleague was to deny affiliate commissions generated from a myspace.com domain referral. But that’s a band-aid to a problem that requires major surgery. Jeff Molander has been on the front lines of defining the perils facing the affiliate industry in the near future, and phishing combined with increased prevalence of social networks needs to be opposed by every affiliate network, and affiliates themselves need to respond in kind by agreeing that phishing is not an acceptable marketing practice, and publicly oppose the practice.

Unfortunately, I wasn’t able to attend this year’s ASW (I’m sure you were all heartbroken!), but I hope Myspace’s suit (which I can’t imagine was timed accidentally to coincide with ASW) will spark conversations within the Direct Track development team, Kowabunga’s team, and the leaders of the major networks (yes, I’m talking to you CJ, Linkshare, OneNetwork, and SAS) to invent some sort of mechanism to detect affiliates that are participating in phishing scams, and to prosecute those individuals to the full extent the law allows. Simply slapping affiliates on the wrist and letting them wander to the next “open” network is not a responsible answer to the problem, and will continue to increase the distrust between affiliates, networks, and the consumers that we are all trying to serve.

I encourage everyone to provide their thoughts on this topic on their own blogs and sites, so that we as an industry can confront this issue before it does further issue to our collective reputations as “affiliate marketers”. I’ll be covering more of this issue in the coming weeks at my new blog, which you can find at Evoke Media Group.

Filed under: Online Marketing
  • http://www.affiliatesummit.com Shawn Collins

    Hey Dave –

    I found your title to be interesting – I can't imagine anybody besides phishers is in support of phishing.

    Slightly off topic – MySpace stated in their press release that Scott Richter allegedly violated CAN-SPAM and California's anti-spam statute.

    From what I've been reading on this issue, it's all about the use of the MySpace bulletin functionality.

    I use MySpace regularly and have never received an e-mail as a result of a bulletin post by a MySpace "friend."

    I haven't read the CAN-SPAM law in depth, but I thought it was all about e-mail.

  • http://www.evokemg.com/ Dave Cole

    Shawn,

    I don't propose that most affiliate managers or networks are in support of phishing. However, many affiliate networks right now aren't making their phishing policies a high priority. A phished click pays just as much as a legitimate one, to both publisher and network alike.

    There's no commerce going on within Myspace. Nobody's credit card, personal info, or social security numbers are at risk (which is the issue for mainstream phishing schemes centered around paypal, online banks, and credit card companies). But the greater threat is that phishers put the strength of open social networks at risk. I've watched literally dozens of my "friends" on myspace have their accounts phished, and the affiliate channel is the primary benefactor of this "lite" version of identity theft.

  • http://www.shareasale.com Brian Littleton

    Dave,

    Nice to read your blog, sorry that we didn't get to catch up at ASWest, but hope you get down to the next one.

    On your blog above, however :) , I am not following you… what is it that you are calling the networks to do in this case? Prosecute phishers who have phished accounts other than ours on a site that we don't own? I'm not even sure that is doable… ?

  • http://www.amazing-bargains.com Michael Coley

    Phishing? How about taking a stand against SPAMMING? The way I read it, that's what the lawsuit is about. Most CPA Networks, especially, take a very relaxed view when it comes to spam. As long as it complies with the CAN-SPAM law, they typically have no problem with it. Just because it's legal doesn't make it right. Spam gives the whole industry a black eye.

  • http://www.evokemg.com Dave Cole

    Brian,

    Yeah, wish I could've made it out to ASW, hopefully I'll see you in Miami. Back to the point at hand, truthfully, I don't know what the networks can and should do to eliminate the phishing threat. What I do know is that the phishing that is done on social networks is almost entirely done by rogue affiliates that are looking to cheat their way to commissions (through, to Michael's point, spamming practices).

    For instance, I just glanced through the ShareASale TOS, and phishing is not specifically mentioned as a form of fraud (or spam). I think adding that caveat in to the TOS might be worth something, if at least to represent that companies will not tolerate phishing. Furthermore, I think affiliate networks should pro-actively reach out to leading social network platforms to discover if there's a way to spot phishers and partner together to stop them.

  • http://www.cumbrowski.com Carsten Cumbrowski

    Putting something about phishing in the TOS of a network does not make sense. Using the same logic would they have to add stuff like don't steal a computer and use it to go online.

    The act of phishing is a separate issue and learning how to prevent it or minimize the risk is something every website owner who is dealing with personal customer information should spend time and resources on.

    Now if they use the data (emails) for spam, then I agree with Michael. In this case does it not matter how they got the emails addresses, phishing or any other dirty way.

    What networks could do is educate social networks about how to identify affiliate links in their network (if they prohibit such links, like myspace) and who to contact to get the affiliate account disabled and also commission reversed.

    Networks should also check if affiliate traffic is coming from a site where it should never come from, but that only works if the affiliate uses the networks tracking links directly without doing some tricky redirects to disguise the referrers origin.

  • http://www.evokemg.com Dave Cole

    Carsten,

    I agree with you that putting an anti-phishing clause in an affiliate network TOS may sound like putting the cart before the horse, but realistically, affiliates and affiliate networks are the primary benefactors of social network identity theft. Therefore, the less the affiliate industry does about it, the more it puts the burden on the social networks and makes the networks appear to be in silent support of these phishing activities.

  • Jonathan (Trust)

    What Carsten and others have said. It's a criminal activity, don't think you need to put that in the TOS, it's common sense type stuff. This isn't any type of grey area stuff. And it's been around for awhile and most of it has nothing to do with the affiliate industry. Action is taking place against those who phish, fines, jail time. Bill introduced like the Anti-Phishing Act of 2005. And try not to listen to too much of the doom and gloom stuff, affiliate marketing is losing it's popularity. It's not.

  • Marcie Cambliago

    Well I find it odd, that this whole talk of Adfinity dealing with Myspace spam when they actively promote it. I have been in the affiliate game for a long time and know of several people who have went to adfinity because they take no stance against Myspace spamming. Today I even browsed around in myspace and all you see is Adfinity and Copeac. Looks as if Copeac is letting other networks do the dirty work for them. Thats some good information you got from your buddy Joe.

  • http://www.evokemg.com Dave Cole

    Marcie,

    Thanks very much for your concerns. I haven't edited your comments here because I very much want to address this issue before rumors like this swirl around the net.

    First off, a moment of disclosure, I do work with and for Adfinity. I did not when I made this post (I was simply a friend and advisor to them).

    Regarding the issue of Spam and phishing, here's teh reality. Adfinity.com is, as far as I know, the ONLY network to include a no Phishing clause in their affiliate terms of service. This is directly a result of his and my discussions about how an ad network can establish a responsible approach towards phishers and spammers. Of course, spam has been a considerable issue within the industry since its inception, and Adfinity equally takes a no-tolerance stance on the issue.

    Here is the problem, in a nutshell. Adfinity's offers and in fact the entire network is designed to appeal to affiliates targeting the 18-30 year old US Domestic demographic. That means, yes, Myspace-style traffic. Our focus in this area has made us one of the fastest growing networks in the last quarter, because there is a high demand for a network catering to that audience. Further adding to our challenges is that affiliates in Adfinity are eligible for weekly payouts. For honest affiliates, this is a great feature of the network.

    Unfortunately, the issue resides in policing the base of affiliates. There is no surefire way to prohibit affiliates from spamming or phishing because an affiliates marketing practices are their proprietary information. That's what a publisher is in business for – and it's not appropriate nor is it possible for us to monitor the marketing methods of each and every affiliate. In most instances, as an affiliate network, we are required to be incredibly reactive.

    In this regard, I want to make it very clear. Adfinity does not, in any way shape or form, condone or support spammers and phishers, of myspace traffic or otherwise. Any affiliate found spamming or phishing is immediately removed from the network, and all payments due or owed are forfeited by the affiliate. To date, Adfinity has removed EVERY SINGLE affiliate who has been found to be spamming or phishing, on myspace or otherwise. Furthermore, Adfinity does not support and will never support downloads, parasites, adware, or install products.

    I know that simply making this statement does not mean anything. However, please rest assured that Adfinity will continue to develop better ways to eliminate spammers and phishers from their network. I welcome you to post any further discussion here, or to email me directly at Dave@Adfinity.com.