What Is IP Masking and What Does It Mean for Ad Fraud?
In the classic bank robbery scenario, the criminals robbing the bank typically all wore masks. Why? To hide their identities from the authorities so they’d have a chance to get away and actually spend the money they stole.
While things have changed and bank robberies are much rarer now (in 2020, there were 1,500 bank robberies compared to 7,465 robberies in 2003), criminals still seek ways to make a quick buck at someone else’s expense while hiding their identities.
One way that modern crooks try to hide their identities is by using IP masking techniques when they’re committing their fraud schemes. What is IP masking? How does it relate to ad fraud? More importantly, how can you stop fraudsters who hide their identities by using IP masking techniques?
What Is IP Masking?
IP masking is the practice of hiding your IP address from others and replacing it with a different IP address. This is often used to preserve your anonymity on the internet and make it harder to identify your true location or associate certain web activities with you.
This practice has legitimate uses. For example, consumers us IP masking solutions all the time to get away from malicious or intrusive ads, get around geoblocks for popular streaming content, and more.
However, it’s also often abused by fraudsters who want to hide their illicit activity and identities so they can steal money or commit other crimes and get away with it. It’s the same motivation as the bank robbers who wear masks and gloves—by covering up their identities, they make it harder for authorities to find them or for their victims to recognize them.
5 Ways Fraudsters Can Hide Their IP Addresses
Masking IP addresses is easy—and there are a lot of ways to do it. This is both good and bad. It’s good because it gives consumers a lot of options for protecting their identities online. But it can be bad since it gives fraudsters plenty of ways to hide themselves and take advantage of unsuspecting victims.
Here are a few of the ways that fraudsters might hide their IP address from others online:
1. Using Residential Proxy Networks
Many fraudsters employ residential proxy networks—a service that routs their traffic through an intermediary server—typically a home network serviced by an internet service provider (ISP) that is registered to serve consumers instead of businesses.
In many cases, the IP addresses in the network are all from users of a free proxy software. These internet users sign up for what they think is a free proxy service, only to get their own IP address used by others when they download the software.
Residential proxy networks can be a nightmare to deal with when it comes to ad fraud. This is because the IP addresses being presented to you are all real ones from people who could potentially become customers—so blocking the IP address outright isn’t always a good solution.
In fact, if one IP address does get blocked, the fraudster can simply connect to a different proxy in the network in just a few seconds—so they won’t be slowed down anyways.
2. Commercial Proxies/VPNs
Some businesses offer access to one or more data centers for consumers to use as a proxy for connecting with the wider internet. These centralized commercial proxies and virtual private network (VPN) services help mask IP addresses by having their customers connect with their data center or server before connecting with other web resources.
Fraudsters can route their traffic through the VPN provider’s service, which helps keep their IP address hidden from your view.
In many cases, VPNs are part of a paid service with a monthly or annual subscription fee. They may also include a variety of additional services, such as data encryption to protect their user’s web activity from scrutiny.
Some VPNs offer a “free” service. But there’s always a cost. For example, Tech Crunch reports that:
“Like any service that costs nothing, VPNs are often supported by ads. That means taking your internet traffic and selling it to the highest bidder to serve you targeted ads while you’re connected to the VPN. Other free VPNs have been accused of injecting ads into the websites that you visit.”
In other words, with a free VPN, users might not be paying money, but they are paying a price—just in their private data. Worse yet, some less scrupulous companies might sell data that fraudsters could use to commit lead generation fraud. This includes data such as names, phone numbers, addresses, and email information.
3. The Onion Router (TOR) and Other Anonymous Browsers
If you’re familiar with the concept of the Dark Web (that infamous sector of the internet that is hidden from regular web browsers), then odds are that you know about Tor and other anonymizing web browsers. Tor is not too dissimilar from the concept of a proxy network. However, in this case, the proxy network is built into the browser itself.
As noted by Comparitech, “When you connect to Tor, your internet traffic is encrypted and routed through a random sequence of these volunteer ‘nodes,’ which are sort of like proxy servers. Websites can only see the IP address of the last server in the sequence, called the exit node.”
One of the big drawbacks to using Tor is that it results in significant slowdown. So, it isn’t suitable for streaming and other activities that require high bandwidth. In some cases, the significant lag can actually be used as a way to identify someone using a Tor browser.
This is because traffic on a Tor browser is being routed through so many different nodes—many of which aren’t rated to handle high traffic loads.
While not all web traffic from a Tor browser is fraud, there is a stigma of the browser being associated with criminal activity since it’s such a common way to browse the dark web for illegal services.
4. Using Dynamic IP Address Settings
If a website visitor wants to ensure that their activity is harder to track back to a single IP address, one thing they can do is use a dynamic IP address from their ISP. A dynamic IP address is a temporary one assigned by an ISP that may change randomly whenever a given device connects to a network.
Many residential IP addresses are dynamic in nature. In fact, TechTarget reports that “they are the default IP address type provided by internet service providers.” So, if you were to block a dynamic IP address to stop a fraudster, all they would have to do to get around the block is disconnect and reconnect their device. Then, they’d have a fresh new IP to commit fraud under.
However, in this case, the IP address would still be known to the ISP and they could be used to help track the fraudster down.
Many fraudsters hide their personal IP addresses by working through botnets—large collections of devices infected with zombie bot malware that allows the bot controller to remotely operate them.
Since the traffic coming to your ads is from a botnet, the IP addresses are all from the individual compromised devices and not from the actual fraudster. Instead, they’re hiding safely behind a wall of zombie bots without ever having to directly interface with your website or ads. In a way, this is similar to a proxy network. It’s just that the fraudster controls the devices directly instead of simply routing their traffic through the device.
The ease with which fraudsters can acquire premade botnets (or make their own, if they have the skills), makes this an incredibly common strategy for conducting ad fraud. If you try to block one IP address, the fraudster has literally thousands more they can leverage.
How to Stop IP Masked Ad Fraud
So, how can you stop ad fraud that uses IP masking software and other solutions to hide the source of the fraud? By not relying on IP addresses alone as an identification method for fraud. Relying on IP addresses alone to identify fraudsters after the fact would be like the police looking for a guy still wearing a mask weeks after a robbery!
Instead, you need to leverage other identifiers—much like the police do after a robbery. Where cops collect descriptions of the robbers’ physical characteristics (height, build, weight, etc.), mannerisms, and voice to try to identify a crook who wore a disguise, you need to have access to plenty of data about your website visitors to positively identify fraudsters.
This is where an ad fraud solution can help.
Anura captures hundreds of data points about every website visitor you get—not just their IP address—to positively identify fraudulent traffic. With Anura, you won’t be throwing out good leads with the bad and you’ll be able to stop fraudsters even when they try to hide behind IP masking techniques!
When Anura spots fraudulent activity in your ad campaigns, you aren’t just notified of the fraud. A report is assembled with all of the information you need to confront the fraudster. This helps you protect your company and lets you know exactly why a given interaction was flagged as fraud.
Why wait? Start protecting your ad campaigns from fraud now!