The Case of the Spoofed Reviews

Feb 26 The Case of the Spoofed Reviews


When a company’s reputation and revenue is based on reviews from real users, phony ones from nonexistent people are more than annoying. Like termites, bit by bit, these lies eat away at a company’s brand, credibility and, ultimately its bottom line.

One company, whose business is collecting reviews and opinions about destinations and accommodations, and using this data to rate them for travelers, found itself inundated with fake reviews and phony reviewers. Individuals using made-up identities created a host of IDs and accounts, then utilized them to leave multiple phony reviews about hotels, bed and breakfasts, specialty lodging, vacation rentals, and restaurants.

As you might guess, the reasons for creating these reviews are either to make your business look better or defame your competition. Either way, fake reviews threatened the online company, whose visitors depended on it for making informed travel decisions.

Would you believe the fake review business is so strong an entire cottage industry supports it.  As proof, just go to Craigslist and check out writing/editing in the help wanted section. Even on a bad day, you’re bound to find ads looking for people to write reviews about businesses.

The online travel company being targeted was well aware of the fabricated postings. However, because different IDs were being used, it just didn’t have a way to stop them.

That’s when the travel company turned to ThreatMetrix™ and  ThreatMetrix’s TrustDefender™ Cloud which was implemented by placing ThreatMetrix tags on the company’s account origination and posting pages.

Here’s how it worked:

• During account origination, the targeted company used ThreatMetrix™ SmartID to establish the device identity. Rather than using cookies to determine unique devices, ThreatMetrix uses its proprietary ThreatMetrix SmartID technology, which can identify unique visitors that have wiped their cookies, used private browsing and changed IP  addresses. This provides a more accurate number of unique devices and enables customers to better measure which devices and activity may be considered suspicious and require additional screening. The company then checked to see if the device was already associated with any other user accounts. If so, it informed the user that only one account was allowed per device.

• To prevent the use of botnets, ThreatMetrix SmartID was checked during postings to ensure they matched a device in the user’s profile. And, a small number of new devices were allowed over a specific time period. However, if the number of new devices exceeded the allotted amount, the posting was refused.

• Additionally during postings, the device ID as identified by ThreatMetrix SmartID was used as an index to a specific device profile where data was kept regarding that unique device. Velocity checks were performed, and if the threshold for the allowed number of postings within a given timeframe was exceeded, the posting was also disallowed.

After the ThreatMetrix solution was implemented, people making fake posts had to re-image their device or find another device each time they wanted to create a new posting. This was so tedious, labor-intensive and time-consuming that the practice of placing fake reviews on the travel company’s website has almost entirely disappeared. In addition, the quality of reviews has been vastly improved.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Leave a Reply

Your email address will not be published. Required fields are marked *