Location spoofing is now becoming a standard technique used by fraudsters. With access to off-the-shelf tools, fraudsters can now easily spoof their location and defeat legacy fraud detection systems using simplistic location models based on GPS and IP addresses.
Why do fraudsters spoof their location?
The most important reason for location spoofing is that fraudsters do not want to reveal their true location to avoid the risk of being caught. Most legacy fraud prevention systems leverage the IP address or GPS location as part of their risk decisioning. By spoofing IP and GPS locations, fraudsters can fool the risk decisioning engine.
Shawn Colpitts explains here how instrumental accurate location can be in identifying and stopping fraudsters:
Depending on the app they're using, location spoofing can also be directly involved in the types of fraud they're committing. For instance, on a food delivery app, location spoofing might be a way for fraudsters to claim payment for orders they never delivered by spoofing their location to appear at the customer's address.
Location spoofing is also linked to higher rates of incomplete or late deliveries, as Eduardo Pires explains here:
Here is a rundown of the five most common techniques used for location spoofing:
1. VPNs and Proxies
Proxies and VPNs hide the user's IP address through a connection with a remote computer. A critical difference between a proxy and VPN is that a proxy runs at the application level, while a VPN runs at the operating system level. Most fraud prevention technologies use the IP address to locate the user's device, but the use of VPNs and proxies can easily fool these types of fraud detection systems and thereby conceal the user’s true location.
2. GPS spoofing apps
After the boom of ride-sharing Apps and location-based massively multiplayer online role-playing games (MMORPGs), GPS spoofing applications have become widely available and used. These Apps not only enable gamers to fake their position to take advantage in a game but have also been adopted by fraudsters to mock their location to fool fraud detection systems.
Most fraud prevention technologies use the GPS location to locate the user's device, but GPS spoofing Apps can now fool these systems. Fraudsters don't even need to root their devices or have super admin privileges to make use of spoofing apps, they just need to configure their devices in developer mode to activate GPS spoofing.
[banner_1]
3. Emulators
Emulators are a standard tool used by developers to test mobile Apps from a computer without deploying the App into a mobile device. Emulators are also used by fraudsters to commit fraud using the emulator’s powerful capabilities to manipulate the App’s data. One of the data points that are easily manipulated via a mobile emulator is geolocation information.
4. Instrumentation tools
Tools such as Frida, a dynamic code instrumentation toolkit, are primarily used by testers and developers. Fraudsters use the tool to mimic a device, and spoof location to fool fraud prevention systems.
5. App tampering
App tampering is the process of modifying the compiled code of the application. By inserting custom code into the original application, fraudsters can report fake locations.
Location spoofing isn't going to go away any time soon, so it's up to us as fraud fighters to adapt and fight back.
Given the easy access to location spoofing techniques and the increasing usage of fintech and m-commerce apps, it’s time for companies to upgrade fraud detection based on GPS or IP location. Fraudsters are routinely fooling fraud detection systems relying only on GPS or IP addresses for location-based risk assessments.
Incognia is a location identity for mobile that uses network signals, including Wi-Fi and Bluetooth, and motion sensors to provide highly accurate location behavior intelligence that is extremely difficult to spoof. Innovative solutions like this are how we stay one step ahead of fraudsters and other bad actors.
To learn more about Incognia's approach to detecting location behavior read more here>>