Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

The Case of the Spoofed Reviews

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:


When a company’s reputation and revenue is based on reviews from real users, phony ones from nonexistent people are more than annoying. Like termites, bit by bit, these lies eat away at a company’s brand, credibility and, ultimately its bottom line.

One company, whose business is collecting reviews and opinions about destinations and accommodations, and using this data to rate them for travelers, found itself inundated with fake reviews and phony reviewers. Individuals using made-up identities created a host of IDs and accounts, then utilized them to leave multiple phony reviews about hotels, bed and breakfasts, specialty lodging, vacation rentals, and restaurants.

As you might guess, the reasons for creating these reviews are either to make your business look better or defame your competition. Either way, fake reviews threatened the online company, whose visitors depended on it for making informed travel decisions.

Would you believe the fake review business is so strong an entire cottage industry supports it.  As proof, just go to Craigslist and check out writing/editing in the help wanted section. Even on a bad day, you’re bound to find ads looking for people to write reviews about businesses.

The online travel company being targeted was well aware of the fabricated postings. However, because different IDs were being used, it just didn’t have a way to stop them.

That’s when the travel company turned to ThreatMetrix™ and  ThreatMetrix’s TrustDefender™ Cloud which was implemented by placing ThreatMetrix tags on the company’s account origination and posting pages.

Here’s how it worked:

• During account origination, the targeted company used ThreatMetrix™ SmartID to establish the device identity. Rather than using cookies to determine unique devices, ThreatMetrix uses its proprietary ThreatMetrix SmartID technology, which can identify unique visitors that have wiped their cookies, used private browsing and changed IP  addresses. This provides a more accurate number of unique devices and enables customers to better measure which devices and activity may be considered suspicious and require additional screening. The company then checked to see if the device was already associated with any other user accounts. If so, it informed the user that only one account was allowed per device.

• To prevent the use of botnets, ThreatMetrix SmartID was checked during postings to ensure they matched a device in the user’s profile. And, a small number of new devices were allowed over a specific time period. However, if the number of new devices exceeded the allotted amount, the posting was refused.

• Additionally during postings, the device ID as identified by ThreatMetrix SmartID was used as an index to a specific device profile where data was kept regarding that unique device. Velocity checks were performed, and if the threshold for the allowed number of postings within a given timeframe was exceeded, the posting was also disallowed.

After the ThreatMetrix solution was implemented, people making fake posts had to re-image their device or find another device each time they wanted to create a new posting. This was so tedious, labor-intensive and time-consuming that the practice of placing fake reviews on the travel company’s website has almost entirely disappeared. In addition, the quality of reviews has been vastly improved.

By ThreatMetrix Posted