How to Prevent Clickjacking and Protect Your Customers on Cyber Monday

November 9, 2019 - Ensighten

Cyber Monday has become one of the biggest shopping days of the year. More than $7.8 billion was spent in 2018 on Cyber Monday.  When you add in the days from Thanksgiving through Cyber Monday, that number grows to $22.5 billion. Over the entire holiday shopping season, total retail spending fell just short of a trillion dollars in the U.S. ($998 billion) and is expected to top a trillion dollars in 2019.

It’s not just the thousands of ecommerce and retail sites with “ship to your front porch” gifts – the holiday shopping season includes cars, vacations, hotel and airline reservations along with other high-end items.       

During the holiday season, every type of company with a retail presence on the web boost their budgets considerably for advertising campaigns to attract as many new and returning customers as possible. Unfortunately, “malvertising” is working just as hard to steal your hard-earned customers.

Customer journey hijacking or ad injection is the use of digital malware which is activated within a site visitor’s browser or mobile device, and since server-side security solutions lack visibility over the problem, Digital Marketing and Security teams usually don’t even know the problem exists.

The alarming fact is that 15-25 percent of all ecommerce customer sessions are exposed to unauthorized ads while browsing ecommerce sites, and that number increases to 20-30 percent of all sessions during busy shopping periods such as Black Friday and Cyber Monday and continues all the way to New Year’s Day. Moreover, 80% of displayed ads during peak season are competitive product ads.

A site visitor is not aware that it is happening since the injected ads look like a native component of a website, so a potential customer is most likely to click on these ads.  The alarming fact is that these visitors are usually the highest converting customers.


The impact of customer journey hijacking

Since these threats originate on the site visitors’ browsers, website owners have no idea of the scale this issue has on their conversions, sales or customers’ journeys. Customers successfully hijacked from a site will be captured in analytics as bounced visitors or cart abandonments so a digital marketing team will never even know how much revenue is being lost or why.

Companies may be losing 1 out of every 4 customers that visit their site and miss out on as much as 5 percent of annual revenue. In 2018 that equaled $2 billion in lost sales. When infected users had the injected ads removed, their conversion rates were almost three times higher than average visitors.

Injected ads also appear at the most inopportune times:

  • 32% when visiting product pages
  • 29% during checkout
  • 24% during a search
  • 21% on the shopping cart page
  • 16% on the ecommerce site home page


How customer journey hijacking is perpetrated

Consumers become infected, unknowingly, by downloading extensions that come bundled with drivers, applications, browsers and other free apps. It can also occur when accepting terms on a public Wi-Fi or a “brute force” attack.  This is when a router is hacked and a server offers up injected ads that don’t even need the support of downloaded malware.

The attention span of an average online shopper is about five seconds so any injected ad can cost a conversion.

An injected ad can manifest as:

  • Price comparisons: Price comparison browser extensions clutter product pages with deals from other sites and affiliates
  • Competitor ads: Some browser widgets and apps can also start displaying ads promoting deals from a competitor
  • Visual depiction: Change of content of a page so a customer mistakenly clicks on an ad that isn’t yours
  • Pop-ups: Intrusive pop-ups – for example: “You have won a new Superphone 12!”


While competitors may be using this tactic to steal your traffic and your sales, the Personally Identifiable Information (PII) of your customers may be siphoned away as well.

Browsers such as Firefox are trying to combat the issue with varying success, but the fact is 22% of US desktops and 2% of EU desktops may be infected at any one time. Tens of millions of users globally are affected by ad injections. According to a recent study conducted by Google on the ad injectors ecosystem, more than 5% of people visiting Google sites have at least one ad injector installed. Of these, 34% of Chrome extensions were defined as outright malware.


Protect your sales and your customers

Customer journey hijacking and ad injection takes place on the client side and can be invisible to marketing teams but is often the cause of traffic and conversion loss.

Ensighten’s MarSec™ solution combats ad injection by reviewing the content that passes into and out of every page from the client side. If a script, image, iFrame or pixel isn’t on a company’s approved allowlist, the script is blocked so an injected ad cannot appear. Our solution is unique as it can also protect a customer’s PII from being leaked from unapproved fourth and fifth-party website supply chain vendors, protect against cross-site scripting (XSS) and Magecart attacks. Get in contact to learn more.




Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Ad injection guide

Learn more about malvertising and how you can protect your website to ensure you are not losing revenue to cybercriminals

Read Now

Journey hijacking blog

Learn about customer journey hijacking and how to protect your brand and your customers from injected ads

Read Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against malvertising

Book Now