Marketing campaigns in which users can win prizes often attract participants who try to engage in dishonest or fraudulent practices. Online voting contests or promotions that offer direct prizes, such as a Prize Wheel, are the types of campaigns that tend to accumulate the most fraud attempts. Thanks to the accumulated experience managing digital promotions, Easypromos has designed and maintains a comprehensive security system that detects and blocks the main malicious practices of participants. The success of your campaign begins with its security.

In this tutorial we explain in detail how the Easypromos platform's fraud control system works to protect your promotions from fraud attempts.

The tutorial is organized as follows:

1. Main threats

2. Preventive security mechanisms

   • 2.1. Email control mechanisms

   • 2.2. Phone numbers control mechanisms

   • 2.3. IP control mechanisms

   • 2.4. Anti-robot control mechanisms

   • 2.5. Multiple login systems

3. Security Center

   • 3.1. Security level indicator

   • 3.2. Blocked actions

   • 3.3. IP analysis tool

   • 3.4. Domain Analysis Tool

4. User blocking

5. Security in online games

6. Security in purchase receipts

7. Easypromos Security Team

1. Main threats

When users are given the chance to win prizes and are in a digital environment, the likelihood of them attempting fraudulent practices increases. The types of digital promotions that have the highest level of fraud are:

• Voting contests: users will try to register fake votes to be the most voted.
• Promotions that deliver direct prizes: users try to register with false information to get the prize. It is common in prize wheels or Scratch and Win type promotions.
• Online games based on skills: players want to reach the top of the ranking, and will try to manipulate the game itself.
• Promotions conditional on proof of purchase: users will try to falsify proof of purchase to have more chances of winning a prize.

Thus, the main threats in a promotion due to bad user practices are the following:

1. Registration with fake emails: users participate in the promotion using invented emails in order to have more opportunities to participate in the promotion and thus be eligible for a prize.
2. Temporary email registration: temporary emails are tools that can be found online and that allow you to have an email account without having to set a password or register or create an account, just by inventing any email address. They are disposable emails as they are automatically deleted after a few hours.
3. Registration of fake and temporary phones: likewise, there are online tools that allow users to create fake and temporary phone numbers.
4. Use of VPNs and proxies: use of computer programs or bot systems to automate registration.
5. Manipulation of counters in online games: use programs to manipulate and alter the time counters of the games and the scores achieved.
6. Promotions conditional on proof of purchase: upload duplicates or false purchase receipts.
7. Redeeming Duplicate Coupons: trying to redeem a prize twice or duplicate coupons won in a promotion.

2. Preventive security mechanisms

Easypromos has designed and maintains a comprehensive security system that detects and blocks the main malicious practices of participants with the aim of helping administrators organize safe promotions. Below, we list the main controls of the Easypromos Security system against participant fraud.

2.1. Email control mechanisms

The first of the preventive security measures of the Security system is related to the control of the email used by users who participate in the promotion with the aim of preventing users from participating with fake emails or addresses that do not belong to them. To this end, the Easypromos Security system carries out the following preventive measures as part of the control of participants' emails:

Temporary email database

Easypromos maintains a database of temporary and prohibited email domains to prevent the registration of fake users, improving the quality of registrations. In this way, the system is able to detect if a user participates with a temporary email, and if they try, the user will see the "Unauthorized access" message on the screen.

Control of emails written incorrectly

If the system detects that the user writes the email domain incorrectly (for example, writing "gmai" instead of "gmail" or "hotmai" instead of "hotmail") the system does not allow the user to register.

Email alias control

Easypromos does not allow users to use email aliases (for example, writing the + symbol in the email: username+1@gmail.com).

Email verification

Easypromos allows, in all its promotions, to enable the email verification, so that after registering, the user will receive an email that must be validated before being able to participate, thus guaranteeing that users participate with a valid email, in use, and of their property. To configure email verification, you must check the following option, which appears next to the selected Login method:

Blacklist of emails from the account

Easypromos allows administrators to add users who engage in fraudulent practices to an account blacklist, in order to exclude them from the giveaways and prevent them from participating in the different campaigns organized. This blacklist is maintained and managed at the account level, so it applies to all campaigns organized from the same account. To manage this email blacklist, you must access the Configuration > Utilities > Blacklist menu:

Restrict participation to a group of emails

The administrator can restrict the participation and decide which email domains can participate in the promotion, through the following two options:

1. Allowed emails or domains: allows you to limit registration to an email or set of emails, or to a specific email domain.
2. Prohibited emails or domains: Allows you to enter an email or a set of emails, or a domain or a set of domains that will NOT be able to register in the promotion.

You can find these two options in the Editor of your promotion >Restrictions > under the Email Addresses tab:

2.2. Telephone number control mechanisms

This preventive security measure aims to control the telephone number used by users participating in the promotion with the aim of preventing users from participating with false telephone numbers or lines that do not belong to them. To this end, the Easypromos Security system carries out the following preventive measures as part of the control of the participants' phone numbers:

Temporary phone database

Easypromos maintains a database of temporary and prohibited phone numbers to prevent the registration of fake users, improving the quality of registrations.

In this way, the system is able to detect if a user participates with a temporary phone number, and if they try, the user will see an "Unauthorized access" message on their screen.

Two-factor authentication (2FA) via SMS

Allows you to enable double authentication factor with the sending of a verification code by SMS, which guarantees that the user participates with a real phone number and that they own the line.

2.3. IP control mechanisms

The Security system also controls the IP address used by users participating in the promotion, through the following preventive measures:

IP address database

Easypromos maintains an up-to-date database of IP addresses with a history of malicious activity, allowing any fraudulent access attempts to be preemptively blocked.

Blacklist of malicious IPs

In addition, the promotion administrator has the possibility to add fraudulent IP addresses to an internal blacklist, in order to block malicious actions carried out by users from these IP addresses.

IP geolocation

Allows the administrator to restrict participation and access to the promotion to one or more specific countries. In this way, the system detects the IP of the user trying to access the promotion and if it does not comply with the configuration established by the administrator, the user will be denied access to the promotion.

You can find this option by accessing the Editor > Restrictions > under the Countries tab:

IP frequency control

This security allows you to limit the number of registrations and the frequency of connections by IP address, in order to control the number of times users can register and how often from the same IP address. You can configure this option by accessing the Editor > Login and registration > Security options section:

2.4. Anti-robot system

All promotions have a system to detect and block automated access from computer programs and scripts. This includes the following tools:

ReCaptcha system

This is a security control to minimize the impact of bots and spam systems on promotions, and thus increase the quality of users registered in the promotion. Specifically, the version of reCAPTCHA with Checkbox is used, where the participating user must click on the "I am not a robot" button.

Note: Check out this article where we explain step by step how to enable the ReCAPTCHA system.

CSRF Tokens

CSRF (Cross-Site Request Forgery) tokens are safely used in the promotion participant registration form, to prevent CSRF attacks. In this context, CSRF implies that an attacker engages the user's browser to carry out desired actions on a website where the user is authenticated. To avoid this, developers generate unique CSRF tokens associated with the user's session and include them in the forms as hidden fields. When the user sends the form, the token is sent and checked on the server to ensure that it coincides with the associated token.

Masking of parameters

All data sent during the registration and participation of a user in the promotion are encrypted to guarantee their integrity and confidentiality. Furthermore, the entry parameters are masked to hinder the malicious actions of users who intend to abuse the data register.

2.5. Multiple login mechanisms

The Easypromos registration system allows you to enable multiple identification methods. This way, apart from being able to configure the Login with Email or phone number, the administrator may decide to:

Limit participation to social network users

You can limit users' participation in the promotion to the following social networks: Facebook, Google, Linkedin or Twitch.

Integration with authentication systems and external user registration (SSO)

Easypromos has 2 different solutions to integrate with a brand's SSO: Autologin API and connection via Open ID Connect. Users will participate in the promotions with their brand credentials.

Note: Consult the tutorial where we explain in detail the different identification methods for users.

3. Security Center

The Security Center is a console for the promotion administrator which includes all the security registers and events detected and blocked in a promotion.

It also offers advice on analyzing IP directions and email domains used to register in the promotion, with options for blocking users and maintaining black lists.

The Security Center is available for any Easypromos promotion using the Login system and can be found in the lateral menu of the promotion management page:

When entering the section, the administrator will find the following tools, to help take the necessary measures and maintain the security of the promotion:

3.1. Security level indicator

Indicates the current security level of the promotion's identification and registration system (Low, Medium or High). To calculate the security level of the promotion, the system takes into account the configuration of the promotion, so that on this screen the administrator can review the security points that we recommend to enable in the promotion to achieve a safe identification and registration process.

Upon accessing this screen, the administrator can quickly see the recommended settings that are already been enabled in the promotion, as well as the points that the system recommends to also enable to increase security in the promotion.

Specifically, the security measures that appear on this screen are the following:

• Enable email verification.
• Enable registration limit control by Browser/IP.
• Enable IP address frequency of registration control.
• Enable restriction by connection country.
• Enable the anti-bot system (reCaptcha).

Whenever possible, we always recommend to have the security level of the promotion at the highest level.

Note: these security measures are recommended for most promotions, which use Easypromos' own login and registration system. However, these measures do not apply in the following cases: (1) When the promotion takes place in a closed environment (such as, for example, when user registration is carried out at a fair or event, from the same device), (2) When the Anonymous mode is enabled, with no registration, or (3) When external user registration and authentication systems (SSO) are used.

3.2. Blocked actions

This tool allows you to view a list of user actions blocked by the security system. Having this list of actions blocked by the system preventively can help the administrator analyze user activity based on the alerts generated, in order to detect other fraudulent actions and block users who carry out fraudulent practices.

Thus, for each of the actions blocked by the promotion's security system, the administrator can consult the details of the user who generated the alert, as well as their IP address. The blocked actions can be the following:

Disposable

What is it? A user has attempted to register for the promotion with a temporary or disposable email address. A temporary email is an address used on an ephemeral and disposable basis, often in order to bypass restrictions such as email verification control. This bad practice is common in voting contests and promotions that distribute direct prizes.

Recommendation: the administrator can click the IP address of the blocked action to analyze it for further fraudulent activity. If you see users with suspicious emails, we recommend blocking the IP address.

Phone blacklist

What is it? A user has attempted to register with a temporary phone number. There are websites that provide a temporary phone number and an SMS mailbox. They are used so that users do not have to enter their real phone number to receive a validation SMS. This bad practice is common in voting contests and promotions that distribute direct prizes.

Recommendation: We recommend clicking on the IP address of the blocked action to analyze it for further malicious activity. You can block the IP so that it cannot participate again.

reCaptcha

What is it? A user has tried to register but has not passed the Anti-Bots control based on the reCaptcha system.

Recommendation: If you have multiple security alerts, and you believe they are false positives because the users are legitimate but couldn't pass the reCaptcha security, lower the sensitivity of the control. For example, from strict level to medium level, or from medium level to low level.

IP blacklist

What is it? A user has tried to access the promotion with an IP address that you have on your blacklist.

Recommendation: the user will not be able to access from this IP address, but do not let your guard down, because users can use programs to change their IP address. Periodically review the information in the security center so that you don't miss any relevant information.

Invalid game

What is it? A user has been blocked from participating in a game due to anomalous activity, such as using computer programs and techniques to manipulate game timers or scores.

Recommendation: this alert may be a false positive. We recommend clicking on the user to analyze their activity in details. If the user has more than 3 invalid game actions, we recommend that you block the user, so that they cannot participate again as fraudulent attempts are likely.

3.3. IP address analysis

This tool presents a list of the 50 IP addresses with the most registered users.

For each IP, a unified view of all registered users, participations and blocked actions performed by the system is displayed. In this way, the administrator can identify fraudulent patterns, with the possibility to block the IP and all its users, so that they cannot continue participating in the promotion. Additionally, when blocking an IP, it will be added to the account's IP blacklist.

3.4. Email domain analysis

This tool allows you to see in one click the list of all email domains used by users. Only those domains that should be reviewed by the administrator are displayed. Generic domains (gmail.com, hotmail.com, etc...) and other domains that Easypromos has marked as valid are not shown. The objective of this tool is to be able to detect newly created temporary domains, which may not yet be in the database of temporary and malicious emails, and presents the option of blocking domains that the administrator considers to be fraudulent.

Learn more about the threat of newly created temporary emails.

4. Blocking users

This set of tools allows the administrator to have information to review the activity registered in the promotion and detect any fraudulent or malicious practices by users participating in the promotion.

In this way, if users who engage in bad practices are detected, the administrator can block them to prevent their participation in the promotion from being valid. Specifically, users can be blocked individually from two different sections:

1. From the IP Analysis tools

To do this, click on the IP address, which will open the list of users who have connected from that IP, and for each user, the administrator will find the option to "Block user":

2. From the Email Domain Analysis tool

To do this, click on the email domain, which will open the list of users who have used that email domain, and for each user, you will find the option to "Block user":

When blocking a user, the system performs the following actions:

1. The user is marked with a red dot in the "Users" section of the promotion.

2. The user will not be able to continue participating in the promotion.

3. All entries made by the user will be rejected. Example: If the user casted a vote, said vote will be marked as fraudulent and will not be counted.

4. The administrator may add the user to the account's blacklist to prevent him from participating in any future promotion organized.

5. Security in online games

Easypromos has implemented a system aimed at identifying participants' attempts to manipulate the time counters and points in skill games (Puzzle, memory, word search, etc...).

It is common for users with basic computer and programming knowledge to try to abuse the system using computer techniques. A common practice, for instance, is to use developer tools included in browsers and other extensions or plugins to stop timers or game animations for their own benefit. For example, in a puzzle or word search, a user can easily stop the game from running from the browser's developer tools and then analyze the moves to complete it without any time pressure.

In order to prevent these practices, Easypromos has systems to detect manipulation of time counters and scoring by the user. If this occurs, the game is invalidated and a security event is generated in the promotion administrator's security center. This allows you to review user activity, including their IP address, and block them if deemed necessary.

6. Security in purchase receipts

In promotions organized by a single store or brand where the generated purchase receipts include a unique invoice number that uses a unique format, we recommend the organizer to increment security and ensure that customers do not try to participate multiple times by uploading different photos of the same purchase receipt by confirming the invoice number.

To achieve this, in addition to uploading the image of the receipt, the customer will be asked to enter the number of their invoice, which help prevent fraud in purchase receipts. The user will not be able to participate again with the same receipt, since the invoice code will have been previously validated.

See here more about how to configure the promotion correctly to prevent users from uploading the same purchase receipt.

7. Easypromos Security Team

Easypromos has a specialized (human) team that supervises the activity of the contests and the various security indicators. The team works proactively to block fraudulent practices and improve the security system. On a daily basis, the team reviews all relevant security events, such as games invalidated by fraud attempts, use of temporary emails or phone numbers, as well as access attempts from malicious IP addresses. From these events, the team examines related activity in the campaign to detect possible malicious patterns. If malicious practices are evident, the security team will proceed to block IP addresses and participating users.