arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

GPS Spoofing

What is GPS Spoofing?

GPS spoofing is a technique used to fake the GPS location of a device. GPS spoofing is also referred to as location spoofing. This technique is used primarily on mobile phones, although some tablets feature built-in GPS. A fraudster may spoof the location of a device with a GPS spoofing app or by hacking the device directly.

What Should Organizations Know About GPS Spoofing?

Location is no longer a good indicator when it comes to assessing risk and fraud because there are now tools available that make GPS location easy to fake. Most GPS spoofing apps emulate a location by changing the latitude and longitude of the device. In many cases, changing only the latitude and longitude is enough to commit numerous types of fraud. 

For example, e-commerce websites often use location as part of a risk assessment when processing an order because some countries pose a higher risk of fraud than others. However, fraudsters in these countries can easily fake their location using a GPS spoofing app. A scammer in China could place an order on an e-commerce site like Amazon or Walmart but spoof their location so that it looks like they are in the U.S. The scammer could also pay for the order with a credit card obtained using a stolen or synthetic identity, and then use GPS spoofing to fake their location so that the location matches the identity of the card. 

Some GPS spoofing apps are sophisticated, changing not only the latitude and longitude of the device but also the altitude, speed, and accuracy. Changing these five variables allows a scammer to not only spoof location but also simulate movement. Simulating movement allows fraudsters to commit promo abuse fraud on ridesharing marketplaces like Uber and Lyft. Promo abuse fraud on a ridesharing marketplace usually involves a fraudster faking trips so that they earn multiple driver bonuses. A fraudster creates a fake rider account that is used to call rides from a fraudulent driver account. The rider account typically uses a stolen credit card to pay for the rides. A GPS spoofing app is used to simulate multiple fake rides requested from the fake rider account. Once the fraudster earns the driver bonus, they cash it out. 

Using location—alone, or as a primary factor— to assess risk is not effective; numerous attributes must be evaluated to assess risk and detect fraud effectively.

DataVisor Detects Fraud Involving GPS Spoofing

GPS Spoofing is one of the many techniques modern fraudsters use to impersonate legitimacy. Today’s online criminals have become worrisomely adept at cloaking their malicious actions, and as their ability to behave like normal users increases, it becomes ever more difficult to accurately identify their actions as fraudulent. Only through comprehensive and holistic data analysis can organizations hope to expose the bad actors behind these frauds. It is no longer viable to rely on single signals for detection—fraud management solutions must be able to correlate complex arrays of signals to unearth revealing patterns that indicate malicious activity. DataVisor products like dVector and dCube are specifically designed to analyze data holistically, and to apply contextual detection to the data, to accurately determine who is and isn’t a legitimate user.

Additional References

Blog: Are Mobile Devices the Leading Target for Fraudsters?

Solution: Gaming, Fight the Fake

Solution: Marketplaces, Trust Maintained

Solution: Financial Services, AI Empowered

E-Book: Guarding Your Online Marketplace Against Fraud, A DataVisor Fraud Prevention E-Book

Source: How to Protect Against In-App Spoofing, Impact

Source: Advanced Technologies for Detecting and Preventing Fraud at Uber, Uber Engineering