Ad Hijacking: Are Companies Being Scammed? You decide.


Take a look at this list of great companies. What do they all have in common? I believe each of these companies (and yours too) is being swindled- and I’ll show you how. A lot of people don’t think there is anything wrong with the practice I will show you. That is, they don’t think it is a scam. You decide.


companies with ad problems

Here’s the downloadable list

..There are many more companies, but I have to stop somewhere. What these companies all have in common is that they do business over the internet, use ppc advertising, and are part of at least one affiliate network.

Though, perhaps that describes most companies.


The scam involves the display URL in your pay per click ads. I am arguing that this ad should direct traffic to


Regular ppc ad. When you click it, what site do you expect to go to?

It doesn’t necessarily.

I can publish an ad right now that replaces it and sends the traffic to my site. I can “highjack”  Amazon’s traffic and send it to my site. That is happening to all of these companies, or at least it has happened to them in the past–I have proof, though I won’t publish it here.  I doubt all of these companies know about ad hijacking.


The Background
Every one of those companies is involved in e-commerce: they are companies that do business over the internet. These types of companies usually participate in affiliate marketing. It just so happens, each of these 170+ companies do.* Affiliates usually get paid a percentage of the total sale for each customer you refer to a site. For example, if I was an Amazon affiliate, you could click on this Amazon link, then go purchase something, and then I get 10% of the total.

So far no problems.
Most internet companies also use pay-per-click advertising to advertise their product. Google, Yahoo and Bing are the big ones. Every-time you search for a “blue t-shirt”, or “mobile phone”, etc, I can pay a couple bucks per click to show my ad in the search results for any keyword search. You can clearly see the company that is advertising…that is called the display URL. You can’t see is the destination URL- the page on the site that the ad is going to.


Regular PPC ad. Display Ad identified.


Everyone should recognize ads like this. You probably don’t know the vocabulary. Depending on your job title you probably don’t need to. However, to understand the scam you will.


The Scam- Ad High-jacking
In the ad above you expect to visit after you click the ad, right? Of course. The problem is, there is no certainty that this is an Amazon ad. Watch, I’ll “steal” Amazon’s traffic right now. Here is the Google Ad Editor interface:


Pic of Google Editor: Note different Diplay and Destination URL



Pretty easy, right? will now get traffic for whatever keyword I bid on. I just have to press “upload”. Note that my display URL is and the destination URL is In other words, I am writing an ad saying that I am Amazon, but sending you to my site. The display URL can only appear in the search results once, so there is a 50% chance that my ad will show- thus sending traffic to, and a 50% chance that Amazon’s ad will show sending traffic to*

In other words, anyone can write an ad in the search engines saying that they are your company.

It troubles me that I can do this. Only Amazon should be able to decide who writes an ad for them. I am the type of person that likes to control what my ads say. That is why I hire someone qualified to write ads rather than allowing my 13-year-old neighbor to write ads for my company. That alone, should allow me to have control over my company’s display URL.

Google does not agree with me. I have talked to them about it. They consider this a feature! Their argument is that they are protecting the affiliates. Something about the searcher’s experience. (Which I think is made worse.) In any case, Google has known about this hack for years and has no intention of changing it. If you feel it things should change, call your account exec. I’ll discuss what specifically should change in the conclusion. (Interestingly, it is hurting Google’s bottom line—which might not be apparent to them– so it is even a more bizarre policy.)*

I encourage the reader to stop here if you can foresee the implications of having your traffic diverted to another site—even an affiliate. Traffic can be diverted from your site, and it can be monetized, and you will make less money. But there is a lot of minutiae involved.
And I am very thorough! 🙂


How To Monetize Ad High-jacking
Thus far in the scam, I am just diverting traffic. I suppose I have to prove to you that it is possible for me to monetize this traffic to the detriment of Amazon’s bottom line.
Right now I am paying for Amazon’s traffic. They have a bigger wallet then me. Good thing I signed up to be an affiliate! Now on, I’ll put a link to Amazon. When people click-through to shop on Amazon, I get 10% of their sales. Now I will make money. If I bid on the right keywords, I’ll make more than I spend.


Surely, customers will feel something is fishy when they don’t go to Amazon right?
I think so, but enough people will purchase to make this scam worthwhile. There are even ways around this. I will redirect customers instantly from to to…the customers won’t even see that they were ever on my site.  It will take a millisecond longer for the customer to go from Google to, and I get 10% of all sales for 30 days. Regardless, once someone is on my site, I can put an affiliate cookie on their computer.
Why don’t I just look at the affiliate ID, and just kick those affiliates out of the program?
You should. But it is a hassle to monitor.  My company has thousands of affiliates. Also, there are ways for the affiliates to hide their IDs.


How can I tell if I am being scammed?
First, if you don’t participate in an affiliate program, there is nothing to look for. Secondly, do a search for your company name in Google and see if you recognize the ad. Click the ad, and see if there is a redirect*.  Make sure you recognize all your referrel traffic in your analytic package!
What keywords do the affiliates bid on?
Always your company name. E.g, I would do “Amazon”, “”, “Amazon coupons”, “Amazns jewelry”, etc. Never “Canada Goose jackets”. Too expensive.


I don’t see any fake ads. You’re wrong. It didn’t happen to me.
Just because you don’t see an ad doesn’t mean you are safe. In order to hide my scam from Amazon, I just need to make sure no one at corporate sees these shenanigans. So, I will not put up my suspicious ads in Washington…that is where Amazon corporate is. To be super safe, I could always just run my ads only at night, or only on mobile devices.


Aren’t I just attributing traffic/revenue to the affiliate channel rather than the ppc channel? Does that really matter? I am still making a sale.
Yes, it really matters. The primary reason this is a “scam” and not an “inconvenience” is that you end up paying your affiliates a greater commission than you normally pay for PPC costs. If the amount you are paying to your affiliates from these ads is greater than the amount you spend on clicks from that traffic, you are losing money. And of course it is! If it wasn’t, the affiliates would not have the money to do it. There are other financial implications I don’t have space for.


How do you know that those specific companies were targeted?
I won’t say that here. Obviously, you could just do a search for their company name and see if there are redirects and phony ads.


You’re making a big deal out of this. This isn’t a big deal.


So you’re admitting you’re stealing from Amazon? Why is it okay for you to do it?
It was a literary device to try to simply the explanation. I am not stealing from Amazon. Perhaps I should have made it simpler.


Is there anything that can distinguish a real ad from a fake ad?
As far as I can tell, there are a couple things. In Google, you might see a map, or product pics or product rankings. I don’t think those can be faked. The problem is that not everyone has those or is able to implement those. Anyways, these legit ads can still be over-ridden with a bogus ad.

In Yahoo/MSN there is a special “Official Site” designation sometimes.

So this happens in Yahoo/MSN too?

You just caused us a lot more work! You’re making this scam public! You’re costing us money!
A)The affiliates already know about this, you should too. B) Is that what you tell your IT guys when they find a hole in your security? C) This is fixable.


Obviously Amazon wouldn’t have this problem. They’d just call Google and Google would fix it for them, right?
I don’t know. Sears, Kohl’s, Kmart, Mattel etc are having this problem. They are pretty big companies.


Are all redirects between google and the destination site a sign that something is fishy?
No, your ppc company might be using some sort of tracking mechanism that uses redirects. Most are fishy.


Are you saying all affiliates are evil?
No. Many are affiliates are great. All scammer-affiliates are evil.


What can I do?

I want to emphasize the purpose of this post. I want this problem fixed. It can cause a lot of lost man- hours and financial loss. The search engine companies are aware of this problem, though they consider it a feature not a bug… Perhaps if other companies see what is happening they will complain and the search engines will change.

Google, Bing, Yahoo could fix this in an hour. There are a couple ways. The best solution is to only allow one PPC account to use one display URL.* A company should be able to have an official adwords account. Google requires you to verify your Google Plus account, your webmaster account, your analytics account, your google places account… but for some reason not your Adwords account? That’s the only one that really matters.

Perhaps there is an even more elegant solution. We need to recognize that it is a problem first. Write your google account rep if this concerns you.
In the meantime you could monitor your affiliates, and kick them out when they violate this policy. Also, there is a company that can check all of this stuff for you, so you don’t have to hunt down the scammers. It is They are expensive, but they work. (no-I am not an affiliate). The search engines should offer this service for free though, for all the billions they make.


I still have questions.
Write me.


This is really long.
That’s not a question.



*I was going to say “stolen from”, “scammed”, but I’ll let you decide what word is most appropriate. Maybe neither.
*maybe I got one wrong, probably not.
*Okay, technically not 50/50, but I am trying to write this for executives, so work with me.
*If anyone at Google wants to talk about how this hurts your bottom line, I am here.
*linked accounts count as one.