You’ve finally done it. Through countless hours and funds dedicated to planning, designing, testing, and implementing the perfect online customer journey, the job is complete. It took tremendous collaboration between organizational departments and third-party providers, but now you truly understand your customers’ path to purchase and have provided an effortless, engaging, and delightful experience throughout. How do you know this? Because you can see it with your own two eyes. From the landing page to check out, you have carefully examined every step of the online sales cycle, identifying strengths and weakness, and tailoring the journey accordingly.

But what about the part of the journey you can’t see? Never before has there been so much honest competition in the e-commerce space from competing retailers and online publishers that you are keenly aware of. And now there’s a new form of competition–the type that lurks in the shadows, visible only to your most prized possession–potential customers.

Just weeks ago, these hidden thieves were thrust into the public eye as Amazon filed a lawsuit over malicious advertisements that are misrepresenting the company by a means known as malvertising. This direct attack on hard-earned revenue derives from bad actors using malicious code to override the processes of websites. When carried out, the code enables fraudulent advertisements to appear on a user’s screen, far from an e-commerce organization’s servers, directing shoppers to competing sights or online forms, where personal information can be compromised. In the e-commerce space, this activity is known as Online Journey Hijacking, and a new report sheds light on its prevalence in the industry.

It Happens More than You Think

Through analyzing hundreds of millions of websites beginning in Q4 2017 and continuing through Q2 2018, it has been determined that 15% to 25% (and up to 30% during the peak holiday season) of online shoppers are victims of Online Journey Hijacking. These shoppers are encountering unauthorized, malware-driven advertisements when shopping online–including product and banner ads, pop-ups and other injected content, disrupting the seamless customer experience brands strive to deliver.

Even more concerning than the frequency of this newly identified phenomenon that cripples conversion rates and steals hard-earned revenue, is the percentage of occurrences where these unauthorized ads steer consumers to direct competition of the website they are browsing –this happens during a staggering 40% to 70% of hijacked sessions. To put it in perspective, Online Journey Hijacking is estimated to cost businesses between 2% to 5% in annual revenue.

It’s All About the Dollars

Business is about maximizing revenue, plain and simple. This truth is no different in the business of Online Journey Hijacking, and the statistics prove it. Although mobile usage increases daily around the world, the majority of conversions are made via good ol’ desktop. In fact, recent reports show that conversion rates via desktop vs. mobile are roughly twice as high. Since the business model of malware creators is based on affiliation commission, it comes as no surprise that most of their activities target desktop-specific browser extensions and other web services.

During the measured time period, the highest infection rate was found on U.S. desktops in Q4 2017–peak holiday season–at 23.81%. The highest infection rate for EU users during the measured time period came in Q2 2018, reaching 22.56%. Overall, desktop infection rates were slightly higher in the U.S. than in the EU throughout the entire measurement cycle, but the issue is clearly a global problem.

With regard to mobile infection rates, the peak period again came in Q4 2017 for U.S. users at 18.21%, while the highest EU infection rate period occurred in Q2 2018, at 17.30%.

They Hit When it Hurts the Most

When examining the entire measurement period from Q4 2017 to Q2 2018, it is apparent that these bad actors have identified the most opportune time to strike. While looking at every stage of the online sales funnel to determine where in the user journey visitors are most interrupted by injected ads, a leading 31.56% of infected users were most exposed to unsanctioned promotions when visiting product pages. This high figure comes as no surprise due to the fact malware-driven injections tailor advertisements based on the product category the user is visiting.

The second highest rate of infection during the online journey came at the all-important checkout stage, where 28.74% of users were impacted. To round out additional stages of the online journey where users encountered unauthorized ads, 23.82% were impacted during a search, 21.04% during cart and 16.36% were targeted upon entry to an e-commerce site’s homepage–not exactly the best first impression of your site experience.

The Big Picture

It’s downright disturbing to think that an issue costing the average online business 2% to 5% in annual revenue can fly more or less under the radar, but that is exactly the case throughout the entire industry. To provide a look into the equal opportunity mindset of malware running on users’ computers resulting in unauthorized advertisements–in Q2 2018 for desktop users across verticals, those browsing subscription-based services were most infected at 22.01%, followed closely by apparel at 21.60%, and home goods at 21.04%. These figures increase dramatically during the peak retail season, with the highest infection rate during Q4 of last year coming at 28.51% with eyewear.

As pervasive as the issue is throughout the e-commerce landscape, it has only recently come to light. It’s evident from the figures presented that these unauthorized advertisements are not exclusive to any one industry, geographic region or phase of the online journey. It is very hard to defend what you can’t see, but hopefully, this exploration of Online Journey Hijacking has brought the revenue thief into plain sight.