Gen-AI bots and Human Click Farms

Fraud Monitoring

Gen AI bots and human click-farms are being used to bypass traditional security, often in combination with residential proxies that make detection very difficult for old-school bot detection technology. 

‍

The human click-farms use real devices and will pass all the fingerprint and footprint tests. The click farms can also be set-up to use humans to pass the CAPTCHA’s or other human puzzles and two factor authentication needed to register. This can leave a massive hole in your security defense.

‍

How does VerifiedVisitors protect from Fraud?

VerifiedVisitors examines all the incoming requests, including those labeled as “human’ that are real human visitors, but using real humans and real devices for fraudulent purposes.  At this point, since the fraudsters are using real-devices they won’t be detected as automated bot traffic.

‍

The AI based cohort analysis then uses behavioral analysis to look at the behavior of ‘normal’ users and detect the click-farm fraudulent outliers that are the potentially fraudulent users. 

You can see the VerifiedVisitor cohort below in green. Once you select the VerifiedVisitors you can then start to examine the behavior amongst that cohort.

‍

‍

Behavioral Mode

Switching into behavioral mode shows the trends in normal visitor behavior and allows you to use advanced filters to detect for outliers in behavior. In green in the charts below you can start to see the normal patterns of behavior through the site, and the outliers.

‍

Spotting Fraudulent users

Click farms using real users will leave a variety of tell-tale signs of their behavior. Obviously, these are highly dependent on the nature of the fraud, and the application. However, some of the more common filters we used to detect the fraudulent behavior are shown below:

‍

• Hosts and Referrers - allows you to block traffic from specific sources such as social media links and other spammy links that promote bounties for e.g. survey completion or bulk discount purchases. 

‍

• Path analysis, fraudulent users don’t behave like typical users, and the paths they take to navigate through the site tend to be direct and just involve the pages or sections of the site where the fraud takes place. Often there is a noticeable difference between the normal behavior and the fraudulent outliers.

‍

• Each visitor has a unique visitor ID tag, that allows you to track and trace individual user journeys, and look for excessive usage from the same clients. This is typically one of the best tell-tales. The real users don’t have the luxury of swapping out virtual machines, so they tend to use the same device, or use a very limited set of devices which becomes detectable. 

‍

• The other signals such as IP, ASN and user agent can also be useful to pick up signs of abnormal behavior, the presence of click farms from one region or mobile gateway, that’s unusual. 

‍

‍

Case Study - using GEN AI to automate marketing Survey Completion

Most marketing surveys have some incentives for completion. This is particularly true of niche marketing areas, where professionals with industry experience are needed with very precise knowledge of markets or technologies. The completion bounty, may be small, but can quickly add up-to meaningful amounts of money with the use of automated bots to auto-complete thousands of marketing surveys. Bot completed surveys used to be fairly easy to spot, as they would be programmed with the same responses to the questions. 

‍

The advent of Gen-AI bots means that the new bots can write unique human-like responses that are very hard to detect as automated. In fact, no-one to date has provided a reliable way of detecting gen AI text generated responses using language models alone. 

‍

These bots will typically bypass the normal defenses, complete the surveys using Gen AI, and collect the bounties or cash for the form completion.  This is when the VerifiedVisitors cohort analysis comes into its own. The tell-tale signs of the fraudsters are picked up, and custom rules can be put in place to ensure the fraudsters are blocked, challenged or now allowed to complete the form.