Skip to main content

How do I mitigate bogus (fraudulent) signups?

Lisa Wong
  • Updated

Whenever you publish an input form on the Internet such as a survey, there is the possibility of receiving low-quality information from pranksters, bots, or simply people in a hurry. Alida surveys are not immune to this type of activity unfortunately. While it's impossible to detect every bogus signup and it's understandable if you miss a few, following the recommendations in this article will go a long way in protecting you from bad data, increasing consumer confidence among members, and minimizing revenue loss due to incentives fraud.

What are spambots?

Spambots (or bots) are automated computer programs that are built to find signup form code or surveys on your website or blog and submit fake information to your list. They can even click links inside emails.

Although a few of these signups aren't harmful, your data can be negatively impacted by a large amount of fake/bogus information. Bogus information skews the accuracy of your data, which makes it difficult to know who your typical member is or to tailor relevant content to targeted audiences.

How can I tell if a signup is bogus?

If you have a lot of addresses in your database, it can be hard to tell which ones might be fraudulent. Look for these characteristics that are typical of bogus signups:
  • The email address is a name, but doesn't look like a real name. This can be hard to determine, but sometimes addresses just look fake. 
  • Survey responses from similar-looking emails, that occurred quickly in succession within minutes of each other, and that sped through the survey are most likely from bots or bad actors. In a survey report, add Email as a profile variable and export the results. Look for a group of emails like the example below:
    • frankjonson@gmail.com
    • frank.jonson@gmail.com
    • fr.ankjonson@gmail.com
    • franjonsson22@gmail.com
    • frankjonsson@hotmail.com
  • First and last name fields are filled, but don't match the name in the email address. Spambots don't always match list data to the email address. If the email address is a name, and the first and last names provided don't match the email address, it could be a bogus signup. 

How can I mitigate bogus signups during recruitment?

Do not combine anonymous public links with advertised incentives. 

Not ever. There are no tools that will protect you if this is your model. All the tools we list will help a bit, but only a bit.

Use appended variable links instead of anonymous links when recruiting.

Ideally, use an unique ID that exists in an external system, store the unique ID in the application as an Identity profile variable, and then append it to the recruitment link. This will also allow you to map member records between systems.

Examples of unique IDs include:

  • Loyalty card number
  • Customer ID
  • Account number

Scrutinize where and how you use recruitment links.

Public recruitment links let you recruit from alternative channels outside of email such as events, one-on-one conversations, and marketing materials. However, the combination of high incentives usage, public links, and high-traffic public domains can draw unwanted attention from bots and fraudulent signups.

To mitigate this: 

  • Close open links immediately after use. Recruitment links should have a short lifespan.
  • Analyze your results after each recruitment to look for fraudulent activity or bots.
  • When you locate bogus signups, use the recruitmentsource system variable to identify the recruitment source. Apply extra precautions or stop using that recruitment channel in the future. 

Intercept from behind a gated experience.

If you recruit from a digital channel that requires a login (for example, your website or member hub) and show the intercept only after customers have signed in, you already know these are your customers.

Use Open Ends. 

Bots typically repeat the same answer for Open End questions, making these types of fraudulent responses easier to spot. Consider adding Open End questions to the Welcome Survey, the survey that comes after the Profiling Questionnaire (PQ), as a detection measure. Using Open Ends outside of the PQ ensures PQ completion and join rates are not affected.

Note: This is effective for bot detection only. Bad actors can vary Open End responses.

Use trap questions in your recruitment survey.

Ask one or two similar questions with a few questions in between. Inconsistencies between similar questions may indicate a spambot instead of a real human.

Example

Question 1: How old will you be this year? 30 years old

Question 5: What year were you born? 1989

Example

Question 3: Which province do you live in? British Columbia, CA

Question 7: What is your postal code? V5N 1X3

Include a mathematical question in the survey.

If the answer is incorrect you can prompt the participant to try again (some participants may just be bad at math) or opt to disqualify them immediately. If they get the question wrong a second time though, then disqualify them.

Use "straight-line" checks.

Check data in Grid questions, ensuring that answers provided are different per row. For Power Surveys, there is a script that can be used to check whether participants have straight-lined a question. For more information, see How do I test to see if a participant has "straight-lined" a Grid question? (Power Surveys).

Use required Open Ends, email analysis, and trap questions in subsequent surveys. 

In signup surveys, bad actors typically take more care and attention, making it harder to detect them. However, they tend to relax on subsequent surveys, answering surveys in sequence quickly with no thought to Open Ends. Required Open Ends, email analysis, and trap questions will work much better then.

Focus on intrinsic incentives rather than extrinsic (monetary) incentives.

Financial rewards are the biggest draw for bogus signups. Try to encourage members to want to be there instead of paying them to be there. (And bonus: An intrinsically motivated community is often a healthier, more active community.) 

Use detection solutions.

Examples of detection solutions include: 

  • System integration
    • ID validation: Integrate Alida with your system of record so you can validate in both places using a common identifier like a customer ID.
    • SSO: Integrate with an internal customer SSO so members have to log in with their customer credentials and validate themselves.
  • Speeder detection with scripting
    • Using scripting in surveys, you can time how long it takes for respondents to go from a specific question to another. If the time is a little too quick, it may be a bot. 
  • Fingerprint
    • Fingerprint is a third-party tool that assigns unique IDs to respondents' browsers. This allows you to detect repeat responses from bots or bad actors.
    • Note that this solution does use cookies, so you'll need to ensure it's compliant with your privacy and security policies. 

When all else fails, trust your gut.

It's not always possible to detect a bogus signup before it is too late. However, if a member’s profile details seem odd, you should flag the member for additional follow-up and research instead of leaving it alone. Going through a few additional security steps is admittedly inconvenient for a member, but in the long run this is a wiser approach for everyone involved. Members will ultimately appreciate a company that does its due diligence with handling personally identifiable information and minimizing fraudulent activity.

What can I do about suspicious sign-ups? 

Remove fraudulent members silently.

If you announce you are removing member profiles suspected of fraud, bad actors may redouble their efforts to rejoin and evade detection. 

Purge fraudulent profiles from your community.

Once you have detected suspicious profiles you want to purge, you can look them up and purge them individually, or purge them in bulk. Both purge methods are outlined in this article.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk