How do bad actors find opportunities for scalable fraud? They run tests. We found an example to show you how they do it.
View in browser
The Signal by Incognia
Fraudster-Playbook-How-They-Find-Scalable-Exploit-Points (1)

Fraudster Playbook: How they find vulnerabilities to exploit

 

How do fraudsters find their exploit points? 


Looking to forums and chat groups tells us—they test.


To help you picture how this happens behind the scenes, we found a real example of this kind of testing in an online forum.


Step 1: Test
First, the screenshot below shows a user in the forum asking someone to help them test a promo abuse method for a popular meal delivery service:

 

Intel Post-1

Step 2: Scale

Apparently their test was successful, because we also found a later post from that same user advertising this promo abuse Fraud-as-a-Service to other forum members.

 

Here’s a screenshot of the landing page they had set up for their service:

Screenshot 2024-07-02 at 12.40.24 PM

On our side, we often only see the finished product—the fraud that actually works.

 

But on the fraudster’s side, they might test out many different schemes that fail before they land on the one that succeeds and can be scaled. 

 

How can you prevent this type of testing?

Multi-accounting and ban evasion are safety nets that allow fraudsters to keep testing and iterating their fraud schemes without fear of being blocked permanently.

 

If you can prevent these two methods, testing becomes harder.

 

A strong device ID that makes it hard for fraudsters to run tests across multiple accounts could go a long way toward stopping fraud schemes before they ever start wreaking havoc on your platform. 

 

If they don’t have a repeatable way to test different ideas, they might never get to the abuse stage at all.

div_5
The-Ban-Evasion-Toolkit1
Incognia Logo

Incognia is the innovator of next-generation identity solutions that enable secure and seamless digital experiences. With its persistent device fingerprint solution, Incognia combines best-in-class device recognition signals, location analysis and tamper detection for frictionless user verification and fraud prevention. Incognia’s customizable risk assessment and actionable insights empower companies in food delivery, ride-hailing, marketplace, and financial services to protect their reputation, retention and revenue. For more information, visit Incognia.com.

Sign up for a demo →
LinkedIn
YouTube

Incognia, 333 West San Carlos Street Suite 600, San Jose, CA 95110, USA

Unsubscribe Manage preferences