Referral Fraud

Referral fraud is when people find exploitative ways to take advantage of referral marketing programs. It generally consists of an affiliate company sending junk traffic to a website, or a fraudster making duplicate accounts to refer to a marketplace in order to rack up referral rewards quickly.

Referral abuse is detrimental to any company that uses a referral marketing strategy. But it’s particularly devastating to online stores and marketplaces, which tend to rely heavily on referrals to grow their customer bases.

‍

Here are some ways in which referral fraud is bad for business.

‍

• Skewed attribution metrics: A business’s marketing campaigns can look like they’re attracting more customers than they actually are, because a lot of those users are fake.
• Lost revenue: Fake accounts used for referral fraud repeatedly claim free rewards or buy products at discounted prices, damaging a brand’s pricing integrity while not offering it sustained business.
• Wasted time: Not preventing referral fraud means a company’s Trust and Safety team has to spend extra time finding and shutting down abusable promotion codes or fake user accounts.
• Damaged image: A marketplace can quickly lose the trust of its customers if word gets out that it’s allowing fraudsters to operate on it, such as if purchases using stolen financial information are resulting in a high number of chargebacks on the marketplace.
• Regulatory trouble: Failure to stop referral fraud can also result in a marketplace being fined by financial regulators for not adhering to KYC and AML standards.

‍

So how does referral fraud actually work? We’ll explain in the next section.

Most referral fraud is accomplished through duplicate accounts. This could be a series of accounts controlled by the same person, but made to look like different individuals. Or it could be “bots” – a collection of programs meant to act and be recognized as if they were unique users.

‍

This is how a basic referral fraud scheme works:

‍

1. A fraudster identifies a marketplace with a referral program or code they wish to exploit.
2. The fraudster creates a main account with the marketplace that will be the recipient of the fraudulent referral bonuses.
3. The fraudster creates duplicate accounts, then uses their main account to send the referral information to those accounts.
4. The fraudster programs their “referred” duplicate accounts to sign up for the marketplace and, if necessary, make purchases with stolen financial information.
5. The fraudster gets illegitimate referral bonuses on their main account, which they will then often try to cash out as quickly as possible before their fraud is discovered.

‍

Additionally, if the fraudster used stolen payment information to make purchases with their duplicate accounts, the marketplace will likely have to resolve chargebacks filed by the legitimate cardholders. So the marketplace loses out twice.

‍

Another common type of referral abuse that doesn’t require duplicate accounts is referral code broadcasting. This is where a fraudster exploits referral codes that offer a discount to the recipient in addition to rewards for the sender, and that can be used more than once.

‍

So instead of sending their code privately to close associates (which is the intent of the referral program), a fraudster posts their referral code in a public place, or mass-distributes it via e-mail or a messaging app. This attracts anyone looking to get a discount on the marketplace, without them necessarily realizing that they’re unfairly benefiting a fraudster.

‍

An infamous example of this happened in 2014 when an Uber user modified his referral code so it was more easily found by search engines. He then sent the code to all of his e-mail contacts and posted it on the social network Reddit.

‍

Not only did his friends sign up for the ride-sharing service with his code, but so did many random strangers who found his code while doing web searches for Uber discounts. This led to him amassing over $50,000 in free ride credits before he was caught.

‍

Incidents like these are why many marketplaces now have rules against mass distribution of referral codes. In addition, they may place limits on how many times a referral code can be used, or how many times a single user can redeem referral rewards.

Many types of referral fraud are perpetrated by opportunistic lone actors, or small groups of them. Others are pulled off by fraud rings or even crooked affiliate marketing companies. Here are some common types of referral scams.

‍

‍

Self-referring duplicate accounts

A fraudster creates a main account on a marketplace, then makes several duplicate accounts to be referred to the marketplace by their main account. When the duplicate accounts sign up for the marketplace (and, if necessary, make purchases with stolen payment information), the fraudster’s main account gets credited with bonuses from the fake referrals.

‍

‍

Account cycling

This is an extension of the self-referring duplicate account trick. Once a fraudster has taken advantage of referral bonuses on a marketplace using their duplicate accounts, they will delete those accounts. Then they will create new duplicate accounts using slightly modified credentials, and use their main account on the marketplace to refer these new accounts to the marketplace.

‍

Repeating this process over and over allows them to continually take advantage.

‍

‍

Return abuse

This type of fraud referral is typically perpetrated by a fraud ring. A fraudster refers another fraudster to a marketplace, where the second fraudster makes a purchase. After the first fraudster redeems their referral bonus, the second fraudster returns their purchase for a refund. This results in a business giving out referral rewards without actually making new sales.

‍

‍

Repeat referrals

Some referral programs don’t stipulate who is eligible or how many times a person can participate. Fraudsters can take advantage of this by continually referring each other to a marketplace (perhaps by reusing referral codes) to gain referral bonuses multiple times.

‍

‍

Discount broadcasting

This is where a person receives (or can guess) a referral code for a marketplace, then publicly posts that code on another website. This lets them get referral bonuses when random strangers – as opposed to people they’re actually connected with – sign up for the marketplace or make purchases.

‍

‍

Affiliate fraud

Third parties that get commissions for referring traffic, leads, or purchases to a marketplace can use duplicate accounts or bots to defraud that marketplace in several ways. These include:

‍

• Automatically registering for accounts, signing up for newsletters, etc.
• Automatically making purchases with stolen payment information
• Using malware and other malicious tools to force users to open affiliate links
• Layering advertisements and faking traffic to artificially inflate ad impression counts

Referral marketing fraud prevention involves a combination of designing a campaign with built-in anti-fraud defenses and having the tools necessary to block or take action against fraudulent activity. Here are some examples of effective strategies.

‍

‍

Referral program terms & conditions enforcement

One of the most basic ways to prevent referral fraud is to set up a referral campaign with appropriate limits. These could include how long promo codes remain valid for, the value of the rewards, or the number of people a single user is allowed to refer.

‍

A marketplace may also want to have a delay period between a conversion and the awarding of corresponding referral bonuses. This allows its Trust and Safety team to review transactions for indicators of fraud manually, and to protect against return abuse. The marketplace may also want to track any issued promo codes and request that they be removed from any deal-finding websites.

‍

Finally, the marketplace should regularly review its referral campaign’s terms and conditions to ensure that they don’t contain any exploitable loopholes. It should also threaten disciplinary action against any fraudsters it catches, and follow through on these threats if necessary.

‍

‍

Link analysis

As many cases of referral fraud rely on a fraudster having duplicate accounts, a good tool for referral fraud detection is link analysis. This involves creating visualizations of accounts and their associated information to look for suspicious connections.

‍

For example, a marketplace may find that several accounts were created using the same device or IP address. Or they were created using IP addresses known to be tied to a VPN, which may be being used to mask a fraudster’s true identity and location.

‍

‍

Velocity checks

A velocity check measures how often a user (or group of users) performs a type of transaction (or specific types of transactions) on a marketplace within a certain time frame. For instance, if a number of accounts with suspiciously similar identifying features are created within an unusually short time window, it could be the work of a fraudster.

‍

‍

Bot mitigation and detection

Another good referral fraud prevention technique is to invest in tools that catch and prevent unwanted automated activity on a marketplace. These could include CAPTCHAs, web application firewalls (WAFs), and fraud detection software tuned to block web activity with specific suspicious attributes (such as the use of VPNs or emulators).

‍

‍

Vetting affiliate marketing partners

If a marketplace relies on third parties to drive affiliate conversions, it should subject each of these partners to strict KYB checks to verify their operating credentials. As part of this, it should also check how often – and how soon – transactions through these partners result in chargebacks. On the other hand, suspiciously high conversion rates can also point to an affiliate trying to push through several fraudulent transactions in short order.

‍

‍

‍

Keep Referral Fraudsters Out of Your Marketplace with Unit21

Part of stopping referral fraud is to design referral campaigns properly, in order to minimize the number of loopholes fraudsters could take advantage of. But it’s also essential to have tools for taking action against those who try to exploit any vulnerabilities that remain.

‍

Unit21’s platform equips Trust and Safety teams with the capabilities to detect and prevent all manner of marketplace abuses. That includes those that make referral fraud possible. To learn more about how we can protect your marketplace, schedule a demo with us today.

‍

‍