As the fraudsters are now
becoming more sophisticated in bypassing the Geo-location
controls by using proxies (Anonymous IPs) to spoof
their IP address, it has become very much necessary to come
up with a means for detecting the proxies so
that the authenticity of the users can be verified. Using a
proxy (web proxy) is the simplest and easiest way to conceal
the IP address of an Internet user and
maintain the online privacy. However proxies are more
widely used by online fraudsters to engage in cyber crimes since it is
the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address.
Following are some of the examples where fraudsters use the proxies to hide their actual IP.
1. Bypass Website Country Restrictions
Some website services are
restricted to users form only a selected list of countries. For example, a paid survey may
be restricted only to countries like United States and Canada. So a user from say China
may use a proxy so as to make his IP appear to have come from U.S. so that he can earn
from participating in the paid survey. Proxy Detection Services So in order to stop such
online frauds, Proxy Detection has become a critical component. Today most
companies, credit card merchants and websites that deal with ecommerce
transactions make use of Proxy Detection Services like MaxMind and FraudLabs
to detect the usage of proxy or spoofed IP from users
participating online. Proxy Detection web
services allow instant detection of anonymous IP addresses. Even though the use of proxy
address by users is not a direct indication of fraudulent behaviour, it can often indicate the
intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and
MSN are forms of proxies and are used by both good and bad consumers.
2. Credit Card Frauds
For example, say a Nigerian
fraudster tries to purchase goods online with a stolen credit card for which the billing
address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other
high risk countries. So in order to bypass this
restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears
to have come from New York. The IP address location appears to be legitimate since it
is in the same city as the billing address. A proxy check would be needed to flag this order.
How Proxy Detection Works?
Proxy detection services
often rely on IP addresses to determine whether or not the IP is a
proxy.
Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their
website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity. The proxy
detection services on the other hand compare this IP against a known list of flagged
IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the
confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy.
These proxy detection services work continuously to grab a list or range of IPs that are
commonly used for proxy services. With this it is possible to tell whether or not a given IP
address is a proxy or spoofed IP.
How to Tell Whether a given IP is Real or a Proxy?
There are a few free sites
that help you determine whether or not a given IP is a proxy. You can use free services
like WhatisMyIPAddress to detect proxy IPs. Just enter
the suspected IP in the field
and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see
the results something as follows.
So for all those who think that they
can escape by using a spoofed IP, this post is the
answer.
0 Comments:
Post a Comment