AISecurius
Sign InSign Up Free
blog
This Fraud Ring Has Been Caught! Mainly Boosted Online Influencers by Fake Orders and Assembled Internet Water Armies

During the Double 11 Shopping Festival, while consumers enjoy shopping, they also face potential fraud risks. In live-streaming rooms, screens are often flooded with positive reviews and likes that can easily attract buyers. However, when consumers place orders based on high sales and five-star reviews, they often find that the actual products fall far short of expectations. Behind this phenomenon are often various "Internet Water Army" groups that create fake orders and control reviews to fabricate false sales data and positive reviews for merchants. 2024102401.png Recently, the Neijiang Police in Sichuan Province uncovered a major case involving a "network water army." Over the past two years, this gang provided fake order and review control services to over 1,000 merchants on multiple online platforms, with a total involvement of 100 million yuan. This group not only boosted “popularity” in live-stream rooms but also participated in fake interactive comments and used “empty packages” to create fake orders.

This behavior not only disrupts normal market order but also severely affects consumers' shopping experience.

Both an Internet Water Army and an E-Commerce Fake Order Scheme

The police investigation revealed that this “network water army” gang targeted live streaming and offered three types of services: Rank Boosting, Interaction, and Marketplace Exposure. 2024102402.png

  • Rank Boosting: The water army increases the number of viewers in a live-streaming room by appearing as named viewers, directly affecting the room's popularity without interacting. The primary purpose is to boost superficial popularity.

  • Interaction: Besides rank boosting, the water army also participates in interactions within live streams, including commenting and answering viewer questions. Merchants provide discussion topics, and sometimes the water army improvises to create a realistic interactive atmosphere. This service charges 4 yuan per person.

  • Marketplace Exposure: The water army enters live-stream rooms via the marketplace page, further increasing the product's exposure rate. This service charges 5 yuan per person, helping merchants attract more potential customers.

Apart from acting as an “internet water army,” this gang also engages in advanced fraud schemes involving fake orders. Live-stream merchants use the water army to buy specified products to boost sales data, then ask them to report the order numbers. By mailing “empty packages,” they create fake orders. After receiving the empty package, the water army gives five-star reviews and false comments as instructed, earning commissions based on the product price.

2024102403.png

  • Fake Ordering: Merchants instruct the water army to purchase specific products to inflate sales figures. The water army then provides the order numbers back to the merchant.

  • Sending Empty Packages: Merchants send empty packages to the water army, who does not receive actual products but instead follows instructions to leave five-star reviews and comments. This effectively creates fake orders and builds a false impression of high sales.

  • Commission Settlement: The water army earns commissions based on product prices, incentivizing continued participation in fake order activities. Commission payments are typically tied to the purchased product price.

New members joining this gang are required to pay a membership fee ranging from 199 yuan to 2,999 yuan. Depending on the fee amount, members receive titles such as Founder, Director, or Trainee and are assigned different roles like sales, shills, or customer support. Since March 2022, the gang has manipulated reviews and fake orders for more than 1,000 merchants across multiple platforms. By recruiting new members and charging referral fees, they have illegally profited from their schemes, with a total amount involved reaching 100 million yuan. The main suspects are currently under criminal detention in accordance with the law.

Technical Measures to Prevent Water Army and Fake Orders

This criminal group reached a scale of over 100,000 people, with each member account operated by a real person and different IP addresses, making it difficult for regulatory authorities to identify "network water armies." Analysis reveals that water army accounts may exhibit high activity shortly after registration or at specific times, while showing little to no activity at other times. Additionally, water army accounts often have lower user levels and credit scores, which differ significantly from those of real users in terms of level and permissions.

To effectively curb these illegal activities, platforms need to leverage technical means to identify and prevent suspicious behaviors, improving their ability to detect water army accounts and suspicious activities.

1. Identifying Abnormal IP Addresses and GPS Locations

By monitoring IP addresses and GPS information, platforms can detect unusual login behavior. For example, if an account is accessed from multiple geographic locations in a short time, or if the IP address does not match the registered information, the system can flag the account as suspicious. Additionally, IP address whitelist and blacklist management can effectively filter known sources of water army activity, reducing potential risks.

2. Detecting Client Device Fingerprinting

Detecting the legitimacy of client device fingerprinting is another important method to prevent water armies. By collecting data on device operating system versions, hardware information, user behavior, and CPU instructions, the platform can identify risks like emulators, hijacking, or injection. Emulators typically cannot fully replicate carrier information and other system characteristics, making it easier to detect cheating.

Dingxiang Device Fingerprinting records and compares fingerprints to distinguish legitimate users from potential fraudsters. It assigns a unique identifier to each device, detecting maliciously manipulated devices, such as virtual machines, proxy servers, and emulators. It analyzes devices for multiple account logins, frequent IP address changes, and modifications to device properties, helping track and identify fraudulent activities.

3. Monitoring Abnormal User Behavior and Patterns

Once a platform has accumulated sufficient online data, it can model user registration, login, order, and purchasing behaviors through risk control and operational data. Using machine learning and data analysis, unusual behavior patterns—such as frequent registration or ordering—can be identified. The output of these models provides effective support for risk control strategies, allowing for timely detection and response to abnormal activities.

4. Identifying Abnormal Accounts

Quickly identifying suspicious accounts is key to preventing fake orders. Platforms can monitor several types of suspicious behaviors, such as repeated activations on the same device, associations between one device and multiple IP addresses, a high concentration of logins from the same IP in a short time, and unusual ratios of old device models or operating systems within a particular channel. Maintaining a dynamic whitelist and blacklist can help the platform continuously update and manage data, such as user IDs, phone numbers, and device information, blocking suspicious accounts in a timely manner.

Dingxiang Dinsight assists businesses with risk assessment, fraud detection, and real-time monitoring to enhance the efficiency and accuracy of risk control. Dinsight’s average processing speed for daily risk control strategies is under 100 milliseconds. It supports multi-source data configuration and integration, using well-developed indicators, strategies, and model experience, as well as deep learning techniques. This enables real-time self-monitoring and self-iteration. In conjunction with Xintell’s intelligent modeling platform, known risks can be automatically optimized. Based on risk control logs and data mining, potential risks can be identified and configured with a single click to support risk control strategies in various scenarios. With deep learning technology, Xintell standardizes complex processes, providing one-stop modeling services from data processing and feature engineering to model building and deployment.

5. Strengthening Mechanisms to Block Abnormal Accounts

To improve prevention effectiveness, platforms need to intercept abnormal accounts by increasing the difficulty of verification elements, such as frequently updating the verification image library to raise the operational cost for water armies and fake order participants. Additionally, comparing verification environment information with normal user behavior helps quickly detect anomalies, further securing the platform.

Dingxiang atbCAPTCHA, based on AIGC technology, can prevent threats from AI brute-force cracking, automated attacks, and phishing, effectively blocking unauthorized access, account theft, and malicious operations, thus protecting system stability. It integrates 13 verification methods and multiple risk control strategies, combining 4,380 risk policies, 112 categories of threat intelligence, and covers 24 industries with 118 types of risks. Its detection accuracy reaches 99.9%, and it quickly transforms threats into actionable intelligence. With real-time response capabilities reduced to 60 seconds, it also enhances the convenience and efficiency of digital login services for genuine users.

2024-11-04
Go back to blog
blog
Detailed explanation of core algorithm of device fingerprinting
how do you make sure your identity is established and that you can't be easily stolen or copied?
2023-03-02
blog
AISecurius: From promotion positioning to risk control and anti-fraud! The 5th generation of device fingerprinting has been released
In the PC Internet era, the normal way to access websites is through browser on PC, and Internet companies use cookies and IP addresses to identify user devices. Cookie first appeared in the 1990s.
2023-03-03
blog
Hook technology for offensive and defensive confrontation
For example, in the offensive and defensive confrontation of device fingerprinting, the black and gray industry must "disguise" itself in order to bypass the device fingerprint to carry out attacks.
2023-03-21
Products
Developers
Company
Legal
    facebookgithubreddit
Copyright © 2024 AISECURIUS, Inc. All rights reserved
Hi! We are glad to have you here! Before you start visiting our Site, please note that for the best user experience, we use Cookies. By continuing to browse our Site, you consent to the collection, use, and storage of cookies on your device for us and our partners. You can revoke your consent any time in your device browsing settings. Click “Cookies Policy” to check how you can control them through your device.