Book demo Log in Launch Your Program

Product

Customers

GrowSurf for Startups

GrowSurf for Startups Program

Startups get a 50% discount

If you've raised a Seed or Series A, you're eligible for up to 50% off your first year plus additional usage bonuses.

Learn more β†’
Start your free 14-day trial β†’

By Program Type


By Team Role

By Industry


By Stage

By Integration

Developer Tools

Start your free 14-day trial β†’

Free Tools for Referral Marketing

Explore our free suite of referral marketing tools.

Free Tools for Startups

Explore our free suite of tools built for startups.

GrowSurf Deals

Get $234k+ In Software Savings

Get discounts on top software and services like Notion, Deel, Apollo, and 1Password.

Explore Deals β†’
LoyaltySurf

LoyaltySurf

Reward Your Customers For Their Loyalty

Our free loyalty software lets you reward your customers when they leave reviews, share on social media, and mention your brand.

Get It Free β†’
View all free tools β†’

Learn Referral Marketing

Learn GrowSurf

Startup Growth Tactics Quiz

Can you guess which startups made these growth tactics famous? Test your knowledge of innovative marketing strategies that led to explosive growth.

Play Now β†’
Start your free 14-day trial β†’
← View All Guides
Webhooks logo
Integration Guide

How to Detect Referral Fraud with GrowSurf Webhooks

Build a webhook-based fraud detection system that catches suspicious referral activity in real-time.

Referral fraud β€” fake referrals, self-referrals, and referral rings β€” can drain your program budget and undermine trust. While GrowSurf includes built-in fraud prevention features, a custom webhook-based detection layer gives you additional protection tailored to your business's specific risk patterns.

This guide covers building a real-time fraud detection system that analyzes GrowSurf webhook events for suspicious patterns. You'll learn how to detect common fraud signals, implement scoring-based fraud thresholds, flag suspicious referrals for manual review, and automatically block fraudulent participants.

Integration Steps

Step 1: Identify Common Referral Fraud Patterns

Understand the types of referral fraud you're likely to encounter so you can build detection rules.

  • Self-referral: same person creates multiple accounts to refer themselves
  • Referral rings: small groups of people referring each other in circles
  • Fake accounts: referrals using disposable email addresses or generated identities
  • Velocity abuse: abnormally high referral volume from a single participant
  • Geographic anomalies: referrer and all referred users from the same IP range

Step 2: Build Fraud Detection Rules

Create a rules engine that scores each referral event for fraud risk.

  • Email domain check: flag disposable email domains (mailinator, guerrillamail, etc.)
  • IP address matching: flag when referrer and referred share the same IP
  • Velocity check: flag referrers making more than X referrals per hour/day
  • Name similarity: flag when referred person's name is similar to the referrer's
  • Email pattern matching: flag sequential email addresses (user1@, user2@, user3@)

Step 3: Implement the Fraud Scoring System

Assign risk scores to each referral based on how many fraud signals are present.

  • Each fraud signal adds points to a risk score
  • Disposable email: +30 points
  • Same IP as referrer: +40 points
  • Abnormal velocity: +25 points
  • Similar name patterns: +20 points
  • Set thresholds: 0-30 = low risk (auto-approve), 31-60 = medium (flag for review), 61+ = high (auto-block)

Step 4: Build the Fraud Webhook Handler

Create a webhook handler that runs fraud checks on every new referral event in real-time.

  • Process every PARTICIPANT_REFERRED event through the fraud rules engine
  • Calculate the total risk score
  • Based on score, take action: approve, flag, or block
  • For blocked referrals, use GrowSurf's API to remove the participant
  • For flagged referrals, create a review task for your fraud team

Step 5: Set Up Fraud Monitoring and Alerts

Create dashboards and alerts that help your team monitor fraud patterns over time.

  • Track metrics: total referrals, flagged referrals, blocked referrals, fraud rate
  • Alert when fraud rate exceeds a threshold (e.g., more than 5% of referrals flagged)
  • Create a daily fraud summary report
  • Monitor for new fraud patterns that your rules haven't caught yet

Step 6: Build a Review Queue for Flagged Referrals

Create a system for manually reviewing referrals that scored in the medium-risk range.

  • Build a review interface showing: referral details, fraud signals triggered, referrer history
  • Allow reviewers to approve or reject flagged referrals with one click
  • If rejected, use GrowSurf's API to remove the fraudulent participant and reverse any rewards
  • Track false positive rates to refine your fraud rules over time

Code Snippets

// Referral Fraud Detection Engine
const disposableDomains = require('disposable-email-domains');

const FRAUD_RULES = {
  disposableEmail: { points: 30, check: (data) => {
    const domain = data.participant.email.split('@')[1];
    return disposableDomains.includes(domain);
  }},

  sameIpAsReferrer: { points: 40, check: (data) => {
    return data.participant.ip && data.referrer?.ip &&
      data.participant.ip === data.referrer.ip;
  }},

  highVelocity: { points: 25, check: async (data) => {
    const recentReferrals = await db.referrals.countRecent(
      data.referrer?.id, '1 hour'
    );
    return recentReferrals > 5; // More than 5 referrals in 1 hour
  }},

  similarNames: { points: 20, check: (data) => {
    if (!data.referrer?.firstName || !data.participant.firstName) return false;
    return levenshtein(
      data.referrer.firstName.toLowerCase(),
      data.participant.firstName.toLowerCase()
    ) <= 2;
  }},

  sequentialEmails: { points: 35, check: async (data) => {
    const referrerReferrals = await db.referrals.getByReferrer(data.referrer?.id);
    const emails = referrerReferrals.map(r => r.email).concat(data.participant.email);
    return detectSequentialPattern(emails);
  }}
};

async function calculateFraudScore(webhookData) {
  let score = 0;
  const triggeredRules = [];

  for (const [rule, config] of Object.entries(FRAUD_RULES)) {
    const triggered = await config.check(webhookData);
    if (triggered) {
      score += config.points;
      triggeredRules.push(rule);
    }
  }

  return { score, triggeredRules };
}

app.post('/webhooks/growsurf/fraud', async (req, res) => {
  const { event, participant, referrer } = req.body;

  if (event !== 'PARTICIPANT_REFERRED') {
    return res.status(200).json({ skipped: true });
  }

  const { score, triggeredRules } = await calculateFraudScore(req.body);

  if (score >= 61) {
    // High risk: auto-block
    await removeParticipant(participant.id);
    await db.fraudLog.create({ participantId: participant.id, score, action: 'blocked', rules: triggeredRules });
  } else if (score >= 31) {
    // Medium risk: flag for review
    await db.fraudReview.create({ participantId: participant.id, score, rules: triggeredRules });
    await notifyFraudTeam(participant, score, triggeredRules);
  }
  // Low risk: auto-approve (no action needed)

  res.json({ score, action: score >= 61 ? 'blocked' : score >= 31 ? 'flagged' : 'approved' });
});

Tips

Start Conservative, Then Tighten

Begin with lenient fraud thresholds and tighten them as you collect data. It's better to let a few fraudulent referrals through initially than to block legitimate participants. Monitor your false positive rate and adjust scoring weights based on confirmed fraud cases.

Maintain a Disposable Email Domain Blacklist

Use a well-maintained list of disposable email domains (the npm package disposable-email-domains is a good start). Update this list regularly β€” new disposable email services appear constantly. Also consider flagging very new email domains (registered within the last month).

Log Everything for Pattern Analysis

Log every fraud check, even for low-risk referrals that pass all checks. Over time, this data reveals fraud patterns you hadn't anticipated. Periodically review your fraud logs to identify new signals and refine your detection rules.

FAQ

Does GrowSurf have built-in fraud prevention?

Yes. GrowSurf includes several built-in fraud prevention features: email verification requirements, IP-based deduplication, referral rate limiting, and suspicious activity detection. Custom webhook-based fraud detection adds an additional layer that's specific to your business's risk profile and catches edge cases the built-in features may miss.

How do I handle false positives (legitimate referrals flagged as fraud)?

Send flagged referrals to a review queue rather than auto-blocking them. Your fraud team reviews flagged referrals and approves legitimate ones. Track your false positive rate β€” if it exceeds 10%, loosen your rules. When you approve a false positive, add the participant to an allowlist to prevent future false flags.

Can I retroactively check existing referrals for fraud?

Yes. Use GrowSurf's API to export all participants and run them through your fraud scoring engine in batch. This helps catch fraud that occurred before you implemented detection. Use GET /v2/campaign/{id}/participants to retrieve all participants and process them offline.

Set up your refer a friend program with customer referral and affiliate program software that lowers your acquisition costs, increases customer loyalty, and saves you gobs of time.

Trusted by marketing and product teams at fast-growing B2C, fintech, and SaaS companies

Learn more

Built for startups,
scaled for unicorns

From Seed to Series D, GrowSurf helps product-market fit companies grow faster with referral and affiliate marketing. Explore how our platform can take your growth to the next levelβ€”just choose your industry.

Fill out the form below to receive more information.

Successfully submitted!

Error! Please try again