Affiliates Click Phishing in Twitter

The convergence of affiliate marketing and social media is upon us! Social media is no longer just an exploratory channel, and the affiliates who are normally the first ones to the niche marketing exploration party are using social media to drive traffic and clicks for programs they market in droves. Affiliates are driving clicks to their own web presences through social media, and other affiliates are direct linking through their affiliate tracking URL’s directly to the merchant’s website using power cloakers or redirects with shortened URLs.

Affiliates Click Phishing in Twitter

The issue of power cloakers is one issue I see with social media that is a little concerning when it comes to affiliates. Affiliates need to shorten their tracking URLs for direct linking purposes in social media channels such as Twitter which has a character limit for each ”tweet”. Many affiliates use linkbrander, or are creating their own redirects, which can be difficult for affiliate managers to monitor, especially when the affiliate is not using branded terms within the post that can be filtered and tracked by social media monitoring tools such as,, or Why is this concerning? Imagine an affiliate signing up your company on Twitter without your knowledge, and telling the world that you are giving away free merchandise just to gain the consumer click on the power cloaked URL to set the affiliates cookie. Scary, huh? This is called click phishing.

Merchants who do not have a strong foothold in the social media space are leaving their brands wide open to affiliate marketers who establish a presence within the social media applications.

Example Click Phishing in Twitter

Here’s an example of social media click phishing using a third party affiliate power cloaker. (This is an example we found, and we mean no offense to House of Brides)


An affiliate has taken over the House of Brides brand on Twitter. The web address for this twitter account is a shortened affiliate link via use of the power cloaker Link Brander.

Example Continued:

1. When a consumer clicks on the affiliates power cloaked Link brander link from Twitter,they are cookied by the affiliate.

2. The website is pulled into link brander’s frames even through the consumer’s navigation of the site; proper brand URL’s are not displayed, which could cause confusion to the consumer and loss of brand recall or a poor brand experience.

3. Using a debugging application we can see that the affiliate’s id is there.

4. LinkBrander even allows either the top or footer frame to host ANY type of advertising that the affiliate wishes to publish.

The Twitter posts within this affiliate’s Twitter account are all sporting the following brand issues (per image below). All post links go to the same URL. Bogus press releases naming known news entities in misguided attempts to “phish” for a click are seen including FREE Dress giveaways..

There were many additional instances of other brands I found that had affiliates taking over their brand identities within Twitter and other social media channels. This example stood out because the click phishing text within the Twitter account was so obviously attempting to phish for clicks. The takeaway here is that merchants need to seriously consider the impact of monitoring social media as well as ensuring that they are first to the space before affiliate partners have a chance to intercept it.

There are remedies such as networks including the shorten URL function so that affiliates do not need to use third party power cloakers or create their own redirects for use in the social media space. I would like to congratulate for being the first affiliate network that I know of that has now included the shorten URL function for affiliates in their network, making it easier for the network to monitor the referring URL traffic from that affiliate, as well as allowing affiliates to use the shorten URL function to enter the social media space safely.

Monitoring affiliates can be a large undertaking; if you do not have in-house staff to manage your affiliate relationships consider the assistance from an agency that has experience in monitoring and managing affiliate relationships. If you are interested in finding robust tools for monitoring affiliates see my Top Ten List of Affiliate Monitoring Tools

Happy Tweeting!

About Heather Paulson

Heather Paulson is the President of which provides Affiliate Management, Paid Search Management, Search Engine Optimization, Social Media Management and affiliate video production and affiliate recruiting services.

Heather was appointed to the Affiliate Summit advisory board in 2006. In 2007 Ms. Paulson was appointed to the advisory board for Affiliate Classroom. In 2007 Ms. Paulson was elected as’s education manager. in 2008 Ms Paulson was nominated as a FAB member of the Performance Marketing Association and is an honorary recipient of the ACC Certified Affiliate Managers Course. in 2008 Heather Paulson was invited to become a member of The Internet Oldtimers Foundation. She has passed the Google professionals certification twice. Heather also blogs at Paulson Management Group Blog. You can follow Heather on Twitter: @Heatherpaulsons.

8 Responses to Affiliates Click Phishing in Twitter

  1. I would never hit a shortened URL unless it was TinyURL as I know and use it myself.

    The main thing I would advise anyone clicking on shortened URLs is to keep the "Preview Feature" turned on. This means that if I hit a TinyURL shortened web-address, I am directed straight to the TinyURL web-site where I am instantly informed as to where that URL will take me. If I don't know or trust the web-site, I do not proceed to that URL.

  2. Hello,

    Great suggestion you have concerning the preview. Thanks for participating in the discussion. 🙂


  3. Sarah says:

    Although this is something common, not many people aware of how to detect affiliate links especially when the url is shortened and this really helps to educate people about affiliate links.

  4. SUNSSS says:

    Most URL shortening services do not have preview feature.

    And i just worry click on a site that has virus.

  5. Hi Wayne!!

    Twishing it shall be then! Have a great weekend!

    Heather Paulson

  6. Wayne Porter says:

    Hi Heather!

    The odd thing was Chris Boyd and researched and wrote about this over two years ago. (Couldn't find anything so we dubbed it Twishing- I guess we could have said "Pheeting" The mainstream press totally ignored it.

    The Japanese press where all over it very next day. Maybe it was a sign on how far ahead Japan is with digital culture. e.g. mobile,2000056024

  7. […] I guess the solution/question here is how does a brand validate themselves as the legitimate account on twitter, or any social networking platform for that matter? If this all sounds like I’m getting ahead of myself and that this is something that’s not already going to happen then think again. […]