Welcome back for another entry in our series, “The top ten phrases in the fraud industry ( and what they really mean!)”. Today we are talking about Proxy Server Detection.
Entering the cyber underworld
Before I worked at Signifyd and knew anything about fraud, I was acquainted with the use of proxy servers back in my college days. Like many college students with too much free time on their hands, I decided to invest that time wisely by watching an absurd amount of B-rate movies like ‘Machete’ or ‘The Wolfman’. The difficulty though was that I was poor, and paying for Netflix was generally not an option. As it happened, my roommate was a computer science genius who downloaded films all the time off the web. Deciding to join in his thievery, I too decided that I would download a film (or two).
Just a few days later, our apartment complex received a letter from Comcast with line items of the above mentioned films and stated that any further illegal downloading would result in our internet being turned off. After being chastised by my roommates for not only threatening their internet but for jeopardizing our web access with such a poor choice of films, I had to ask my roommate what he was doing that allowed him to get away with this for so long while my first dip in the underbelly of the internet was immediately exposed.
This was my introduction to the world of proxy servers. He informed me that all these downloads from Comcast’s perspective were being initiated from a small town in the middle of the Australian desert called ‘Alice Springs’ and was in fact not traceable to us because of the proxy server that resided in between Comcast’s servers and his laptop. But how exactly does a proxy server work?
What exactly is a Proxy Server?
If there is one positive thing that anyone could say about all those infamous Nigerian email scams that have been sent out over the years, it’s at least they were mostly honest about their true location. Now days, concealing one’s location is a critical part in online fraudery, and cyber criminals are increasingly using what is called ‘proxy servers’ to mask their real residence. If you do a quick Google search on ‘proxy server’, a whole list of links appear that let users surf the web anonymously. But for those still unaware as to what exactly a proxy server is, the following is a definition according to webopedia. A proxy server is “A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.” In effect what this does to the real server is to give the appearance that the location of the proxy server is in fact the location of the web browser (a/k/a the real person)
Probably a poor choice to use for a proxy server location
Same game, different technologies
The fraud world is a cat and mouse game of new technologies to fight criminals and their constant battle to beat that technology. A proxy server can be used by anyone anywhere, and in a quick example, someone through a proxy server could show that their IP address is in Maine, when in fact they are ordering from Miami. In a fictional example, let’s say that Joe Smith lives in Washington, DC and he is a master fraudster. Joe Smith has been caught a few times and has learned that stealing a credit card number and its information is not enough. He now knows that pretending to order from the IP address of the identity that he has stolen will most likely grant him a successful order, while ordering from his house without masking his IP address would raise a flag in internal fraud units as to why this person is ordering online so far from their billing address. So Joe uses a proxy server to pretend that he is purchasing from the billing address, thus raising no internal flags as the IP address matches his victims’ billing and shipping.
Joe also believes wearing gloves will prevent device fingerprinting. He’s arrested 2 days later
How can we beat Proxy Servers?
A common method of detection is comparing the IP address for an HTTP vs HTTPS request as many proxies do not check for HTTPS. We can check how many ‘hops’ it took between a client and one of our customers servers as well as looking at the IP address of an individual themselves and looking to see if the url differs from a normal request. With our multiple data integrations over the world, we can easily tell a customer in real time the exact true location of any request made to their system so as to possibly prevent my younger self from succeeding in his download attempts.
Pin-pointing the true location of a user is a critical element in fighting online fraud. With more websites than ever offering even the least technical among us the ability to appear to be elsewhere in the globe, understanding how to beat a proxy is a critical piece of any fraud prevention platform. If you run a subscription service and are having difficulties with proxy servers, want to learn more about proxy server detection or just fraud in general, please reach out to us at firstname.lastname@example.org or at email@example.com . Thanks for reading!