Fraudsters and cybercriminals use Proxies and SOCKS to mask their identity, spoof their location, and engage in fraud online.
The Guide to Different Types of Proxies Used for Abuse & Fraud
Proxies are a type of web connection that can change the IP address of a user. Their utility can range greatly, sometimes for legitimate web surfing to provide anonymity, but usually Proxies are used to engage in nefarious and abusive behavior. Proxies allow the user to tunnel a connection between another server, which makes web requests on their behalf. A server receiving the connection would only be able to see the Proxy Address and not the user's real IP address, providing a useful layer of security and privacy.
Unfortunately, identity spoofing services like Proxies, Virtual Private Networks, SOCKS, etc. are used over 95% of the time when fraudulent behavior is exhibited online.
Therefore, all businesses should be knowledgeable about the different types of these services, to be able to better detect anonymizers and prevent abuse from these types of connections. Using an IP reputation lookup service can provide deep insight into IP address quality. By estimating user intent, issues such as account creation fraud can be easily mitigated.
In this article, we'll be looking at the different types of proxies, how fraudsters are utilizing them, and more importantly how you'll be able to fight against them. It's also incredible easily to detect proxies with the right tools, which we'll explain further below.
Transparent Proxies
There are a few types of proxies that enable partial or total anonymity. These are the types that are most often used by fraudsters to protect their identity and surf anonymously. They excel at bypassing firewalls and allowing the user easy access to an IP address in another country.
While there are many benefits for Transparent Proxies, they are the weakest of the three main proxy types that are used to provide anonymity. When using a transparent proxy, a user's true IP Address is revealed and leaves a very obvious signature that a proxy connection is being used to tunnel the connection.
Transparent Proxies are very easy to detect, however the most advanced fraudsters use stealthier types of Proxies which make them harder for businesses and online sites to identify.
Anonymous Proxies
Anonymous Proxies are slightly harder to detect than transparent proxies. These connection types may declare that they are a proxy through their connection signature, however the real IP Address of the user will not be passed through header details.
This provides a partial level of anonymity for users, but can still be detected and traced by certain websites. Anonymous Proxies are also useful for surfing the internet without leaving a trace online, but they can also be easily used by fraudsters to create fake accounts and pretend to be a unique user.
Elite Proxies
Elite Proxies are the only type of HTTP Proxies that provide full anonymity to its users. These connections do not reveal themselves as proxies through headers or other types of connection signatures, so naturally they are favored by fraudsters. Having the ability to appear as a unique user without being easily detected is the dream for every user attempting to engage in fraudulent behavior. These connections can frequently support SSL connections as well.
SOCKS4/SOCKS5
SOCKS Proxies can support HTTP and HTTPs protocols and are generally considered the most secure and advanced proxy type. These connections are also extremely difficult to identify on their own as they do not exhibit a very strong signature that would differentiate them from a legitimate user on a residential internet connection.
SOCKS Proxies do not send the real IP Address of its users and also obfuscate their signature to make it more difficult for businesses to isolate these connections. So similar to Elite Proxies, SOCKS are a favorite of cybercriminals and abusive users.
Residential Proxies
Lower footprint proxies such as SOCKS4/SOCKS5 and elite proxies often overlap with residential proxies, which are favored by sophisticated cyber criminals. Residential proxies allow high risk users to tunnel into perfectly clean connections in healthy IP address ranges, which are commonly used by consumers as their personal internet connection. Since these ranges routinely service legitimate consumers online, it makes fraud detection a much more difficult process for merchants and website operators to accurately detect these types of proxy connections. In a previous article, we discuss how residential proxies enable fraud in more depth.
How Fraudsters Are Utilizing Them
Because of the complete and partial anonymity that proxies can provide, fraudsters will use them to protect their identity before attempting fraudulent actions. They can also appear to be a completely different user, in a unique location with a unique, but often fake email address. By appearing to be a different user each time, cybercriminals can commit fraud without it easily being detected.
Common types of fraud associated with Proxy Connections include chargebacks, account fraud, click fraud, content spam, and more. Since their true identity is mixed and generally hidden from website owners, they can freely perform abusive tasks. These users attempt to mix in their abusive behavior with natural traffic to stay under the radar.
Fighting Back Against Proxies/VPNs
Luckily, if you're a business or website owner, there's an accurate and efficient way to detect and block these identity spoofing services. IPQualityScore offers the most accurate Proxy and VPN Detection. This service will easily allow you detect poor quality connections from Proxies and immediately lower your fraud, chargeback, and reversal rates. Simply passing an IP address to our API will provide an instant result of how risky the IP address is and how likely it is to be an anonymized connection.
