Five Ways Fraudsters Spoof Location Featured Image

Five Ways Fraudsters Spoof Location

Location spoofing now routinely evades fraud detection systems based on GPS and IP addresses

Location spoofing is now becoming a standard technique used by fraudsters. With access to off-the-shelf tools, fraudsters can now easily spoof their location and defeat legacy fraud detection systems using simplistic location models based on GPS and IP addresses.

Why do fraudsters spoof their location? 

The most important reason for location spoofing is that fraudsters do not want to reveal their true location to avoid the risk of being caught. Most legacy fraud prevention systems leverage the IP address or GPS location as part of their risk decisioning. By spoofing IP and GPS locations, fraudsters can fool the risk decisioning engine.

Here is a rundown of the five most common techniques used for location spoofing:


1. VPNs and Proxies

Proxies and VPNs hide the user's IP address through a connection with a remote computer. A critical difference between a proxy and VPN is that a proxy runs at the application level, while a VPN runs at the operating system level. Most fraud prevention technologies use the IP address to locate the user's device, but the use of VPNs and proxies can easily fool these types of fraud detection systems and thereby conceal the user’s true location.


2. GPS spoofing apps

After the boom of ride-sharing Apps and location-based massively multiplayer online role-playing games (MMORPGs), GPS spoofing applications have become widely available and used. These Apps not only enable gamers to fake their position to take advantage in a game but have also been adopted by fraudsters to mock their location to fool fraud detection systems.

Most fraud prevention technologies use the GPS location to locate the user's device, but GPS spoofing Apps can now fool these systems. Fraudsters don't even need to root their devices or have super admin privileges to make use of spoofing apps, they just need to configure their devices in developer mode to activate GPS spoofing.



3. Emulators

Emulators are a standard tool used by developers to test mobile Apps from a computer without deploying the App into a mobile device. Emulators are also used by fraudsters to commit fraud using the emulator’s powerful capabilities to manipulate the App’s data. One of the data points that are easily manipulated via a mobile emulator is geolocation information.


4. Instrumentation tools

Tools such as Frida, a dynamic code instrumentation toolkit, are primarily used by testers and developers. Fraudsters use the tool to mimic a device, and spoof location to fool fraud prevention systems.


5. App tampering

App tampering is the process of modifying the compiled code of the application. By inserting custom code into the original application, fraudsters can report fake locations.

Given the easy access to location spoofing techniques and the increasing usage of fintech and m-commerce apps, it’s time for companies to upgrade fraud detection based on GPS or IP location. Fraudsters are routinely fooling fraud detection systems relying only on GPS or IP addresses for location-based risk assessments.

Incognia is a location identity for mobile that uses network signals, including Wi-Fi and Bluetooth, and motion sensors to provide highly accurate location behavior intelligence that is extremely difficult to spoof.

To learn more about Incognia's approach to detecting location behavior read more here>>