Get All Access for $5/mo

4 Signs Your Site Traffic Is Being Hijacked by a New Type of Malware Client-side injected malware is an awkward name for an insidious and growing ecommerce threat.

By Chemi Katz Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.


Your company lives or dies by your business website. Even if you're not in ecommerce, your website is almost always the first layer between you and a lead. It's about your brand, your credibility and your sales.

It's no wonder that companies spend billions every year in server-side protections, making sure that hackers and malware don't compromise their sites. Everyone from the small, citywide retail chain to giants like Amazon and Macy's deal with the same digital threats against their online footprint.

However, a new malware threat is increasingly hitting online businesses and many have no idea it's happening. It's called Client-Side Injected Malware. Server-side protections won't save you because it's not hitting your server in the first place. It's living in the browsers and computers of your online shoppers where you, the company, have no jurisdiction.

CSIM (which includes spyware, fake injected ads and bloatware) is malware that consumers unknowingly download, usually in bundled apps or browser extensions. They might download a video player appand, without realizing it, also download malware that will quietly live on their computer and begin to alter how they view websites online. CSIM is getting increasingly sophisticated and can live for years on someone's computer without being detected.

Related:'Venom' Vulnerability: Serious Computer Bug Shatters Cloud Security

How is that? Take a look at the screenshot below (red outline added).

Click to Enlarge+
Net-a-porter sceenshot

That's a product page for Net-A-Porter, a top-tier ecommerce site, as viewed from a CSIM infected browser. Not only does the injected ad fit neatly within the authentic website, but it's giving smart recommendations that look and feel very native to the Net-A-Porter experience. Your consumer clicks on it, makes their purchase on a competitor's website, and you're none the wiser.

Anywhere from15 percent to 30 percent of a typical website's traffic is being hijacked by CSIM just like this, every day. Until recently, because the problem lives locally on a consumer's device, brands have had no control over the problem. We've developed a technology that helps companies combat against it.

Here are four tips for spotting the early signs of CSIM stealing your traffic.

1. Third party services on your site don't showing any results.

If you've installed a third party service like the popular Hello Bar subscription toolbar or a special discount code popup, but aren't seeing significant results, there's a good chance CSIM is causing the problem. Your visitors aren't even seeing the bar or popups because they're being obstructed by an overlaid, injected ad.

2. Traffic and conversion numbers don't add up.

Your marketing funnel is healthy and you're spending good money to bring traffic to your site, but for some reason the conversions just aren't following. In bigger companies, the issue may be even further clouded by the fact that the CMO who buys the media isn't properly communicating with the head of ecommerce who is monitoring conversions.

You can tweak the funnel, but checking for CSIM should be your first stop. Otherwise you'll be throwing money into the fire and playing with metrics that may have nothing to do with the real problem.

Related: More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware

3. Customer complaints about competitor ads and suspicious surveys.

This may seem obvious but don't ignore these phone calls and messages. For every one customer whotakes the time to report the issue, there are a hundred more whosimply gave up and took their business elsewhere.

Injust the past six months we've seen a 40 percent increase in new malware that injects a fake survey into the website experience. It's alarmingly effective at getting users off your site.

Click to Enlarge+
Macy's sceenshot

It doesn't take much to lose a customer's interest online. Even if your site merely looks "off,'' they'll simply assume it's a security issue on your end. Now you've lost a customer and brand integrity.

4. Bounce rate rises while conversion rates drop.

High bounce rates can point to a few things, but when coupled with low conversion rates on your checkout page, then Client-Side Malware is very likely the culprit. CSIM can break secure https checkout pages by injecting non-https elements into the page (which is exactly what happened with the Lenovo Superfish scandal recently.) Even a security certificate can't fully protect you.

If your site metrics go against common sense, Client-Side Injected Malware may be the root cause. The threat is growing, but smart brands and publishers can stop it before it becomes a costly problem.

Related: 5 Ways You Can Be Swindled by Click Fraud

Chemi Katz

Co-founder and CEO of Namogoo

Namogoo is the Digital Journey Continuity platform — clearing the path to purchase and driving journeys forward. Digital Journey Continuity blocks all competitors' injected ads and delivers the exact personalized promotion each customer needs to continue their journey. By incorporating hundreds of business and behavioral data points, Namogoo autonomously adapts every journey to each individual customer. Over 250 leading global ecommerce brands trust Namogoo to keep their digital journeys moving forward in full force and their business on the path to growth. To learn more, visit

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

I Left the Corporate World to Start a Chicken Coop Business — Here Are 3 Valuable Lessons I Learned Along the Way

Board meetings were traded for barnyards as a thriving new venture hatched.

Business News

'Passing By Wide Margins': Elon Musk Celebrates His 'Guaranteed Win' of the Highest Pay Package in U.S. Corporate History

Musk's Tesla pay package is almost 140 times higher than the annual pay of other high-performing CEOs.

Business News

Joey Chestnut Is Going From Nathan's to Netflix for a Competition 15 Years in the Making

Chestnut was banned from this year's Nathan's Hot Dog Eating Contest due to a "rival" contract. Now, he'll compete in a Netflix special instead.


Are Your Business's Local Listings Accurate and Up-to-Date? Here Are the Consequences You Could Face If Not.

Why accurate local listings are crucial for business success — and how to avoid the pitfalls of outdated information.

Money & Finance

Day Traders Often Ignore This One Topic At Their Peril

Boring things — like taxes — can sometimes be highly profitable.

Growing a Business

He Immigrated to the U.S. and Got a Job at McDonald's — Then His Aversion to Being 'Too Comfortable' Led to a Fast-Growing Company That's Hard to Miss

Voyo Popovic launched his moving and storage company in 2018 — and he's been innovating in the industry ever since.