Audience Hijacking: How to Prevent Your Online Customers From Being Shoplifted
Ensuring your website visitors have a positive experience is absolutely crucial for turning shoppers into buyers. But increasingly, the online customer journey is disrupted by pop-up ads, browser plug-ins and extensions designed to redirect shoppers away from your site. More than just distracting, “audience hijacking” can take a real bite out of sales, significantly impacting your bottom line. By some estimates, audience hijacking is costing retailers billions in revenue. Yet, because it’s occurring within the browser, retailers may not even be aware it’s occurring.
A Common, Complex Problem
How common is audience hijacking? One estimate suggests that between 10 percent and 20 percent of retailers’ shoppers are lured away by competitive offers — or, worse yet, by fraudulent offers. Audience hijacking can take several forms, most commonly injected ads or coupon codes. One concerning trend is the increase in affiliate fraud, where a third party “hijacks” credit for affiliate sales they didn't make. In addition, there's also the risk that your customers could be lured away to a phishing site designed to steal their credit card number or other personal financial data. And those attacks can go undetected for weeks or months.
So why not simply block all third-party ads, extensions and scripts and eliminate the “threat surface”? The fact is not all third-party elements are problematic — and some may actually be beneficial. Customers are increasingly using third-party shopping apps and tools to find the products they want. You don’t want to miss out on those opportunities. In addition, allowing authorized affiliates to piggyback on your online presence may actually result in sales that you otherwise might not get. Therefore, a total ban may not be good for business.
Limitations of Current Methods
So how can you combat audience hijacking? Current methods tend to rely on a variety of manual techniques. Web marketing teams can perform their own testing, loading third-party extensions and then seeing what happens when they navigate to their web pages. They could employ tools, such as a tag manager, to analyze transactions and see where they failed, indicating possible hijacking. To research affiliate fraud, security teams can manually audit affiliate commissions to see if any payments went to unauthorized parties.
All of these techniques have the same problems: They're extremely time- and labor-intensive, and are limited in their effectiveness. Audience hijacking is an extremely dynamic phenomenon, with perpetrators constantly changing their tactics. Trying to assess the situation for a specific moment in time just provides a snapshot that can miss a threat that occurs on another day with a different vector. And even if you do spot something suspicious, you're now in reactive mode, taking action after the fact when the damage is done.
Automated Visibility is the Key
To effectively monitor for audience hijacking, you need to gain visibility into in-browser behaviors in real time, over time. That requires a technology solution at the network edge, where these interactions occur. Sophisticated, edge-based tools are available that use machine learning to automate detection, providing a comprehensive view of all in-browser interactions, presented in a visual format. This provides a clear view of third-party activity, enabling you to quickly identify vulnerabilities and detect and mitigate distracting and malicious behaviors. Armed with this insight, you can create policies to proactively block unwanted ads, pop-ups, affiliate fraud and other attempts to hijack your audience.
Using advanced technology at the network edge to assess in-browser behavior enables retailers to intelligently curate the customer experience — allowing benign, third-party behavior while preventing audience hijacking. That helps keeps your customers happy while ensuring you get all the revenue you deserve.
In his 12 years at Akamai, Patrick Sullivan has held a number of leadership positions including leading the Enterprise Security Architect team. Sullivan and his team work with customers when they come under attack and designs security architectures to protect them from threats. In the course of helping to fend off attacks, he has gained visibility into attacks targeting many of the top Enterprises. With his ability to see Security issues as a critical component of a client’s business strategy, Sullivan often speaks at security events and with clients around the world. Prior to Akamai, Sullivan held various leadership positions at DISA, AT&T, Savvis, and Cable and Wireless.