This year's "618" results are impressive. Data shows that mainstream e-commerce platforms have achieved remarkable performances, reflecting not only consumers' trust and support for these platforms but also their comprehensive upgrades in marketing strategies, supply chain management, and logistics. Livestream e-commerce, as a bridge connecting consumers with brands and products, has increasingly highlighted its role, making information exchange between market supply and demand more transparent and efficient.

With the rapid development of the e-commerce industry, issues related to illicit and gray practices are becoming increasingly prominent. During large-scale promotional events like "618," e-commerce platforms have had to relax risk control rules moderately to ensure user experience and system stability, inadvertently providing opportunities for illicit activities. Exploiting new technologies and methods, illicit actors launch attacks in more covert and sophisticated ways, posing significant challenges to both e-commerce platforms and consumers.

Facing these challenges, e-commerce platforms and regulatory authorities need to take more effective measures. On one hand, e-commerce platforms need to strengthen technical defenses, enhance risk control capabilities, and promptly detect and intercept fraudulent activities. On the other hand, regulatory authorities need to intensify efforts against illicit practices, enforce laws to punish illegal behaviors, and maintain market order.

Woolfarming Hidden in Livestream Rooms

During a liquor e-commerce livestream on May 20th, the host achieved sales exceeding 100 million yuan in just 43 minutes, selling 30,000 bottles of liquor. However, these "flash sale" special-priced goods have become channels for some "woolfarmers" to mass purchase. They infiltrate livestream rooms, use illegal plug-in software to snatch "flash sale" and "limited purchase" products, and then resell them at inflated prices, profiting immensely.

These "flash sale" special-priced goods have become channels for some "woolfarmers" to mass purchase. They infiltrate livestream rooms, use illegal plug-in software to snatch "flash sale" and "limited purchase" products, and then resell them at inflated prices, profiting immensely. "Woolfarmers" in e-commerce livestream rooms illegally profit through technical means, causing significant losses not only to e-commerce platforms but also disrupting the shopping experiences of ordinary consumers.

During shopping festivals, countless consumers eagerly anticipate purchasing items, yet many discounted or special-priced products always appear as "sold out" or "temporarily out of stock." What's the reason behind this? It turns out many popular, limited-supply, or high-value-for-money items are snatched away by woolfarmers.

Woolfarmers engaging in activities like grabbing coupons and snatching special-priced goods not only harm the legitimate interests of consumers but also cause major economic losses to consumers, merchants, and e-commerce platforms. Statistics show that 70% to 80% of e-commerce enterprises' marketing expenses are consumed by woolfarmers, resulting in annual losses amounting to hundreds of billions of yuan.

Merchant Order Fakery Misleading Consumers

"If you fake orders, the worst that could happen is getting caught and banned by the platform; however, if you don't fake orders, you'll likely be starved to death by other fake order sellers or major sellers on the platform, or even starved to death on the platform," said a merchant on a livestreaming platform.

Based on the rules of livestream e-commerce platforms, when buyers search for a product using keywords on the platform, the e-commerce platform calculates the weight of all pages related to that product and presents them to the buyer in order of relevance. The higher a product ranks, the higher its exposure and click-through rates, leading to higher potential orders. Conversely, products that rank lower are rarely seen by buyers and thus have minimal chances of making sales.

There are hundreds, even thousands of indicators that affect the ranking of a product, with the three most important indicators being sales volume, conversion rate, and positive review rate. While this algorithm saves buyers a lot of time in choosing and comparing products, it has triggered a vicious cycle among merchants where "products ranking higher sell better, while products ranking lower sell worse." Therefore, to improve product rankings, many merchants have started focusing on these three indicators, giving rise to the practice of "faking orders."

Analysis by Dingxiang Defense Cloud Business Security Intelligence Center has found that e-commerce order fakery mainly occurs through software-based and human-based methods. Those involved in executing order fakery tasks in the gray market can earn commissions from merchants and profit from selling order faking cheating software.

Software-based fakery involves account manipulation;

gray market entities have a large number of e-commerce platform accounts. These accounts are obtained through mass registration on one hand and through illegal means such as the dark web or illegal methods like database breaches or brute-force attacks on already registered user accounts.

Upon receiving orders from merchants, gray market entities use cheating software to fake orders. This software can handle all operations from registration to purchase, including mass registration, intelligent account management, bulk linking of delivery addresses, bulk linking of credit cards, enabling two-step verification, direct reviews, leaving reviews, liking, adding to wish lists, adding to cart, and clearing cart, etc. Depending on the merchant's requirements, cheating software can simulate human behaviors to the maximum extent possible by randomly setting browsing paths, clicking on advertisements, answering questions, clicking on images, etc.

Cheating software from the gray market supports multiple accounts logging into a single device, isolates cookie data, modifies browser fingerprints, and assigns a foreign proxy IP address based on the logged-in account, ensuring each faked order account operates within a virtual "independent environment."

Human-based crowdsourcing involves mobilizing real accounts to fake orders,

with accounts not controlled by the gray market but operated by real individuals.

After a merchant issues an order fakery request, gray market entities immediately send product links in "order faking groups" and arrange batches of accounts to buy the merchant's products. In the process of faking orders, specific operational standards are set for order faking accounts to circumvent e-commerce platform risk control monitoring. For example, they search for keywords provided by the merchant on the e-commerce platform, randomly browse any product for 3 to 5 minutes, then find the target store's product needed for the faked order based on the merchant's information. After opening the designated product page provided by the merchant, they continue to browse the product details for 3 to 5 minutes before proceeding to place the order. These operations make the faked order appear as if it were a genuine customer's actual purchase behavior of "comparing products from three stores."

According to the merchant's requirements for shopping reviews and confirmation, the merchant must pay a certain percentage of "commission" to the gray market and provide "rebates" to the faked order account. There are various ways to provide rebates. Some gray market entities require merchants to directly "refund" to the faked order account after confirming the order.

Merchant Order Fakery Misleading Consumers

Software-based fakery involves account manipulation; gray market entities have a large number of e-commerce platform accounts. These accounts are obtained through mass registration on one hand and through illegal means such as the dark web or illegal methods like database breaches or brute-force attacks on already registered user accounts.

Human-based crowdsourcing involves mobilizing real accounts to fake orders, with accounts not controlled by the gray market but operated by real individuals.

Preventing Various Types of Fraud on Platforms

Based on the cheating and fraud in livestream rooms, Dingxiang Defense Cloud Business Security Intelligence Center recommends integrating multiple product combinations on the business side for further control to ensure the normal order of livestream platforms.

Ensuring Client-Side Security. Dingxiang's Adaptive App Shielding, based on graph neural network technology, deeply analyzes and extracts code features. It automatically selects suitable methods for obfuscation based on the characteristics of different code blocks, significantly increasing the difficulty of reverse analysis and effectively reducing computational performance consumption by 50%. Through encryption and obfuscation engines, it enhances the security of App code, effectively preventing attacks such as cracking, copying, and repackaging by attackers.

Identification of Fraudulent Accounts. Dingxiang atbCAPTCHA, powered by AIGC technology, prevents AI brute-force cracking, automated attacks, phishing attacks, and other threats. It effectively prevents unauthorized access, account hijacking, and malicious operations, thereby protecting system stability. It integrates 13 verification methods and multiple control strategies, aggregating 4380 risk policies, 112 risk categories, covering 24 industries and 118 risk types. Its precision in risk control reaches up to 99.9%, with rapid transformation from risk to intelligence. It supports seamless authentication for secure users and achieves real-time response and disposal within 60 seconds, further enhancing user login service experience in terms of convenience and efficiency.

Identification of Fraudulent Devices. Dingxiang Device Fingerprinting integrates internal information of multi-platform devices to generate unified and unique Device Fingerprinting for each device. It builds multidimensional identification strategy models based on device, environment, and behavior to detect risks such as virtual machines, proxy servers, and emulators manipulated maliciously. It analyzes anomalies such as multiple account logins, frequent IP address changes, and device attribute changes that do not align with user habits, tracks and identifies fraudulent activities, and helps enterprises achieve unified operation of the same ID across all scenarios and channels, facilitating cross-channel risk identification and control.

Uncovering Potential Fraud Threats. Dingxiang Dinsight assists enterprises in risk assessment, anti-fraud analysis, and real-time monitoring, enhancing the efficiency and accuracy of risk control. Dinsight processes daily risk control strategy at an average speed of less than 100 milliseconds, supporting configurable access and sedimentation of multi-party data. It leverages mature indicators, strategies, and model experience reserves, as well as deep learning technology, to achieve self-monitoring and self-iteration mechanisms for risk control. Paired with the Xintell intelligent model platform, it optimizes security strategies automatically for known risks and configures support for risk control strategies across different scenarios based on risk control logs and data mining of potential risks. It standardizes complex processes of data processing, mining, and machine learning based on associative networks and deep learning technology, providing a one-stop modeling service from data processing, feature derivation, model construction to final model deployment.