A type of affiliate marketing fraud, cookie stuffing or cookie dropping is the practice of surreptitiously attaching multiple third-party cookies to a user after they visit a website or click on a link. The additional cookies are tied to websites that are unrelated to the website/link originally visited by the user. If the user ends up visiting these websites and converting, tracked by the cookie, the bad actor gets the credit.
The reason why cookie stuffing is considered illegitimate is that the bad actor who had no role in encouraging the user to visit the website gets credit for the conversion while the legitimate source loses attribution.
Source: TrafficGuard Glossary