Dregs

Referral Fraud

If you're running any sort of referral or affiliate program, you know all about the fraud that comes with it.

Someone sets up a referral link, clicks it themselves from a different browser tab, signs up with a disposable email, and collects the bonus on both sides. Then they do it again and again and again. Referral fraud is one of the easiest abuse patterns to execute and one of the hardest to catch with conventional tools.

Dregs gives you the upper hand.

The Referral Abuse Dilemma

Referral and affiliate programs can be a powerful growth channel. When they work, your happiest users bring you more users just like them. But they also create a strong financial incentive for fraud — and fraudsters notice.

A typical referral abuser creates fake accounts using free or disposable emails, refers themselves, and collects the bonus from both the referrer and referred side. Some do this once or twice. Others operate at scale, cycling through dozens or hundreds of fake referrals with automated workflows. To your system, each referred signup looks like a legitimate new user arriving through your best acquisition channel.

The standard web application defenses don't hold up well against determined referral abusers.

Email verification Disposable email services pass verification just fine, and even real email addresses are free
Unique referral codes The codes work exactly as designed, the problem is just that the "referred" users are fake
Payout delays Waiting periods can buy you time, but often just mean the fraudster waits a bit longer to collect
Manual review Doesn't scale to large numbers of affiliate referrals, or when reviewers can't spot a pattern
IP restrictions VPNs, mobile networks, and coffee shop Wi-Fi make IP-based detection trivial to bypass

Referral fraudsters present as legitimate signups. Each individual account passes standard form validation. The abuse only becomes visible when you can connect the referrer to the accounts they're referring to themselves, and most systems can't do that automatically.

What Referral Fraud Costs Your Business

Unlike some forms of abuse where the damage is more abstract, referral fraud hits your bottom line directly. It also compounds far beyond the amount taken by fraud, because it erodes this otherwise powerful growth channel from the inside while wasting budget on fake users who will never generate real value.

Direct financial loss

Obviously, every fake referral pays out a bonus to someone who gamed the system. Referral credits, cash bonuses, free months, account upgrades — you're giving them to a fraudster and their puppet accounts.

Program credibility

When fraudsters dilute your referral program, legitimate referrers lose trust. Payout thresholds get raised, verification gets stricter, and the people who actually bring you good users get punished for the behavior of bad actors.

Distorted metrics

Your referral channel will look like it's performing well, with new signups flowing in. But the users are worthless. Product decisions based on inflated referral numbers could lead you to overinvest in bad marketing channel.

How Dregs Detects Referral Fraud

Dregs analyzes referral fraud from multiple angles simultaneously with its pipeline of AI-assisted analyzers. A fraudster might disguise one signal, but disguising all of them at once — device details, identity relationships, profile quality, and behavior — is substantially harder.

Low Uniqueness score showing the referrer and referred account share the same device

Uniqueness Score

The scammer and their fake referral accounts are often using the same device. Dregs looks for shared device fingerprints immediately, even with different browsers, incognito sessions, and cleared cookies. The Uniqueness score drops for both the referrer and the referred account the moment the second signup happens. A low Uniqueness score is a strong indicator of device sharing.

Related identities showing a web of fake referrals linked by shared device and IP overlap

Related Identities

Dregs automatically maps the web of connected accounts based on shared devices, IP addresses, sessions, and other attributes. When a fraudster creates their third fake referral, you don't just see three suspicious accounts — you can see the entire cluster connected back to the original referrer. The relationship graph makes the scheme obvious at a glance so you can take action.

Low Authenticity score flagging a disposable email and minimal profile data on a referred account

Authenticity Score

Fake referral accounts are built to claim a bonus, not to look like real users. The Authenticity score catches disposable email domains, names that don't follow natural patterns, and profiles with the bare minimum of data. When every referred account has a throwaway email and a name that looks like it was typed in three seconds, the pattern is clear.

Behavior score observations showing identical onboarding paths across multiple referred accounts

Behavior Score

Fake referrals tend to follow the same script: sign up, do the minimum required to trigger the bonus, and stop. The Behavior score detects these cookie-cutter onboarding paths: same pages visited, same sequence, same timing, same point where activity drops off. Real users behave one way, and fake referrals tend to act quite differently.

Example: Catching a Referral Scheme

Here's what it looks like when someone tries to farm their own referral link:

Monday
User A shares their referral link. A legitimate user with normal scores across the board. Nothing suspicious.
Tuesday
"Lisa M" signs up via the referral link from the same device. Dregs recognizes the shared device fingerprint immediately. The Uniqueness score drops to ~20 on both accounts. A relationship link is created between them.
Wednesday
"Marc B" signs up — with the same device again, disposable email, completes the bare minimum onboarding. Dregs now has three linked accounts. Authenticity sits at ~30 (disposable email, thin profile). Behavior score at ~25 (identical onboarding path as User B).
Seconds later
Dregs slaps a "Referral Fraud" badge on all three identities based on your badge rules. An alert fires to your configured channels. A webhook notifies your application, which automatically freezes all pending referral payouts for the cluster.

No manual investigation was needed... the fake referral ring is identified and flagged within seconds once it meets the defined criteria.

Stopping Referral Fraud

Detection is only half the story. How you respond determines whether the fraudster keeps trying or gives up entirely. Dregs gives you the ability to automate whichever approach fits your program, or the information to take matters into your own hands.

Freeze rewards

Automatically freeze or void referrals where abuse is suspected or the referred account scores below your threshold. The referral doesn't count, the bonus doesn't accrue, and the fraudster gets nothing for their effort. Clean, quick, and decisive.

Restrict fraudsters

Reduce or revoke referral privileges for accounts that show a pattern of fraudulent referrals. The referrer's link automatically stops working or their bonus rate drops to zero. They can still use your product, but the referral abuse vector is shut down.

Require engagement

Only pay referral bonuses after the referred user demonstrates genuine engagement with real usage over time, not just completing a signup checklist. You can even use the scores from Dregs to evaluate which referrals are eligible for rewards!

With Dregs webhooks, any of these responses can be fully automated. Your application receives scores, badges, and relationship data in real time and acts on them without human intervention — freezing suspicious payouts at 2 AM, voiding fake referrals that come in over the weekend, and restricting abusers while your team stays focused on building your product.

Stop referral fraud before it drains your program.

Dregs links self-referrals from the first shared device. Install the tracking script, start scoring, and get control of fake referrals.

Schedule a Demo