Residential proxy networks are proliferating, enabling fraudsters to hide their device’s true IP address and location. This allows them to evade e-commerce security rules, bypass geographic content restrictions and gain access to free trials and other services.
Detecting residential proxies used for fraud attacks and identifying suspicious activity is an important part of a fraud prevention strategy. Using a combination of anti-fraud techniques, such as CAPTCHA, device behavior analysis, bot detection, VPN identification and anomaly detection, businesses can create robust barriers against criminal attacks.
The proliferation of residential proxies is causing significant damage to legitimate online shoppers and brand reputations. The ability to easily mask an authenticated user’s device address means that ad fraud, credit card fraud, account takeover and other cyberattacks are far more likely to be successful.
How to Detect Residential Proxies Used for Fraud Attacks
Fraudsters can leverage these networks to bypass standard fraud prevention measures, including device identification, IP verification and VPN detection, by creating multiple connections to a website through different residential IP addresses. This makes it difficult to recognize a fraudulent pattern. And, when blocked, a bad actor can simply switch to a different residential proxy.
The recent discovery of the Camaro Dragon malware, an Android threat that enrolls devices in a network of residential proxies, highlights the need for greater transparency around how these networks are created and procured. This would enable users to make informed decisions about the mobile applications and browser extensions they download, and would also ensure that residential proxies are used in a lawful and ethical manner.