I run AdCrime. We operate a scanner network that watches Google Ads for affiliates bidding on brand keywords they have no authorization to bid on — the specific, expensive, well-documented fraud that happens when one of your affiliates decides your brand name is a free keyword they can rent from Google.
In our pre-launch and early-access scans of active affiliate programs, the pattern was impossible to ignore: every qualifying program surfaced confirmed or likely-unauthorized brand-bidding activity. That is the number. Not an exaggeration for marketing purposes — the number.
The version I needed did not exist.
A year ago I sat down to figure out how bad this problem actually was. I wanted a single document that explained the mechanics of the fraud, the economics of why it happens, how to detect it, how to claw back commissions, and what the legal landscape actually looks like in 2026 versus what the networks pretend it looks like.
That document did not exist. The closest things were scattered blog posts from vendors trying to sell you software, academic papers buried inside paywalled journals, and a few YouTube investigations. So I wrote it myself, and then I built the tool I needed to put the theory into practice.
What I saw when I started looking.
I set up a scanning rig across nine regions — North America, Europe, Asia, Oceania — and started running keyword sweeps against public brand lists. I did not expect what I found.
Every qualifying program had violators. Direct brand-term bidding on exact-match keywords. Typosquat domains registered sixty days ago with privacy-protected WHOIS. Coupon sites that didn't even have coupons, just a button that quietly fired an affiliate cookie and sent the user to the real brand. Browser extensions overwriting last-click attribution on checkout. Cloaked landing pages that showed one version to Google's reviewer and a different version to the consumer in Bangkok at 9pm.
Some of these are well documented. CHEQ puts the cost of affiliate fraud at $3.4B a year in the U.S. alone. BforeAI finds that roughly one in three affiliate programs has at least one live brand-bidding violation at any given moment. I had the same instinct you probably have reading those numbers — vendor research, take it with salt. But my own scans kept confirming the trend direction, over and over.
Why the networks don't catch it.
Every major affiliate network is paid as a percentage of commission volume. Every fraudulent commission that flows through the platform is also a commission the network takes its cut on. Detection costs money. Letting the commission through costs nothing and generates revenue.
This is not a conspiracy theory. It is just how the incentives are pointed. Ben Edelman — the Harvard researcher who has studied affiliate compliance longer than anyone — documented a case where nine out of a client's top ten affiliates were breaking program rules, and the network had not flagged any of them. Nine out of ten. Top ten by volume.
That is not a detection failure. That is a detection refusal. It is also the reason this is a problem somebody outside the networks has to solve.
“Every qualifying program in our scans has surfaced violators. The only questions worth asking are how much it is costing you, and how long it has been happening.”
Why this is forensics, not monitoring.
Most tools in this space are dashboards. They show you a graph trending up and to the right and call it a product. That doesn't help you. A graph cannot be enforced against. A graph cannot be emailed to Awin's compliance team.
What you need is evidence. A timestamp. A screenshot of the ad on the SERP. The full redirect chain from ad click to your checkout page. The affiliate publisher ID pulled out of the tracking parameters. The coupon codes the violator is using. The region it was served in.
That is what AdCrime produces. Not graphs. Dossiers. The kind of artifact your network manager can forward to Awin or Impact or CJ with a note that says “terminate this publisher,” and they do — because the evidence is already assembled.
What I promise every brand that signs up.
Three things. The first scan is free. If I find nothing, you walk away with nothing lost — and that has never once happened, but the offer still stands. If I find violators (I will), you sign up, and if at any point in the next thirty days you want out — for any reason, including no reason — you reply with the word refund and every dollar comes back. No call. No form. No “let's hop on a quick sync.”
And the third: the evidence is yours either way. Forever. Even if you refund. You paid us to look, we looked, the evidence exists — it belongs to you.
Why rural Estonia.
I live outside a small town in rural Estonia. AdCrime is a company registered in the EU — Staromeda OÜ — run by me and a small team of engineers I've worked with before. No venture capital. No sales org. No roadmap dictated by a board that wants us to add an AI feature before Q3.
The upside of not having those things is that the product can stay honest. I don't need to invent features to justify a funding round. I don't need to gate the best evidence behind a “premium” tier. I don't need to hide the fact that the first scan is free and the thirty-day refund is no-questions-asked.
The only thing I'm optimising for is one fewer fraudster getting away with it. That is the whole company.
If you want to see what's running against your brand right now, the scan is at the bottom of the homepage. If you'd rather read the full research before you decide, the Playbook is free and ungated — fifteen thousand words on detection, recovery, and prevention, no email required.
Either way — you know where to find me.
— Mario Vaher
Founder, AdCrime
Staromeda OÜ · Rural Estonia
April 2026