Uncovering Fraud- IP & Device Spoofing
Since the pandemic began in 2020, advancements in technology, increased connectivity, and globalization sparked countless conversations in the market research industry and beyond. While these trends are helping to lead our industry towards more informed decision-making and optimization, there has been one fundamental drawback associated with recent shifts: an increase in fraudulent survey respondents. At its peak in early 2023, we experienced a 5-fold increase in fraud from pre-pandemic levels as did most of the sample industry.
Validation processes and innovative approaches are more essential than ever to combat fraud as existing tools proved ineffective in blocking most of the fraud. In this blog, we explain the best methods for tackling IP and device spoofing fraud specifically. Digital fingerprinting is a method used by researchers to track survey respondents based on the type of device they use, their choice of internet browser, and more. When looking at data collected from each session, each device is unique allowing for the creation of a digital fingerprint to track it across distinct sessions. Below, we break down the various types of fraud related to IP and device spoofing and how each can be prevented:
- Device Spoofing- There are now free browser plugins and smartphone applications that rotate device settings creating a unique digital fingerprint for each session. Because of this, digital fingerprinting as a method for blocking fraud is essentially ineffective and dead. Digital fingerprinting is effective in stopping duplication of valid panelists who unintentionally may attempt the same survey twice if they are a member of multiple panels. So, it’s still helpful to have, especially when buyers are sourcing from multiple panels, but no longer stops fraudulent participants.
- IP Address Spoofing- Hackers can also manipulate or hide their IP address with VPN, TOR and proxy networks. To combat this type of spoofing, your validation system should also include IP Geo Validation to ensure IP address locations are consistent with the physical location it is tied to and not just the country and VPN, TOR and Proxy connections should be denied. Geographic IP Validation should be precise to a 100 mile or less radius from the stated postal code provided by the panelist at registration. Acquiring a valid IP in a country is not that difficult, but acquiring a valid IP in the city for one of many fraudulent accounts is much more difficult.
- Java Script Blocking – In the past 6 months we found a new trend where rather than spoofing devices and IP addresses, hackers simply blocked java script from running in their browsers. Blocking java script stops digital fingerprinting tools from running and for a time, our systems were viewing this as a timeout of our providers’ system and allowing the session to proceed. In instances where digital fingerprint or other security systems are not allowed to run, the session should be ended. This post is sponsored by our partners.
- Automated Bots- Many fraud networks are now using automated bots to complete surveys on a large scale. Bots are now able to pass bot tests such as ReCaptcha, create fake digital fingerprints to appear as unique users and can even answer open-ended responses with varying levels of relevancy leveraging large language models like ChatGPT. Open-ended responses from ChatGPT are, as of now, still easy to spot. They are typically much longer than valid responses and formulaic with common knowledge responses that yield little to no insight. Most fraud groups and their bots tend to target higher CPI surveys to earn maximum rewards so it’s important to boost validation measures on these projects with behavioral profiling and red herring questions which will be discussed in a future blog.
At Precision Sample, we incorporate several different cyber security tools into our validation system to complement our proprietary quality process, Quality Sentinel. For example, we utilize a threat detection solution called IPQualityScore which uses methods such as digital fingerprinting, IP scoring, and threat signals from their network of over 10,000 ‘honeypot websites’. These are fake sites designed to lure in fraudulent users and feeds from top-tier websites representing billions of sessions per day. This is a major shift from most industry standard tools which are reactive instead of proactive. Most industry solutions rely on panelist IPs and devices exhibiting fraudulent behavior in a survey before blocking future attempts. Through our partnership with IPQualityScore, we are proactively identifying and blocking most fraudulent participants before they are able to participate in surveys. The result has been a full 70% reduction in returned survey responses since its implementation.
No validation system is completely foolproof, but by utilizing a combination of tools, consistently monitoring data, and implementing extensive quality control measures, we can all do our part in mitigating the level of fraud in our industry.
Next up in this series, we will discuss identifying fraudulent respondents via behavioral profiling and red herring questions.