Referral & promo abuse

Win against incentive abuse

Build an invisible first line of defence against fake referrals and promo hunters.
Start for FreeTalk to an Expert

Referral and promo abuse at a glance

Referral and promo abuse happens when users and fraudsters exploit welcome bonuses, vouchers or referral rewards beyond their intended use.
Step 1

Incentive discovery

Fraudsters identify high-value promotions, referral campaigns and sign-up bonuses, often sharing them in forums or Telegram groups.
Step 2

Multi-account setup

Using disposable emails, virtual phone numbers and device emulators, bad actors create fake signups, referrals and coupon claims that appear legitimate.
Step 3

Exploitation & cash-out

Once trusted, these accounts repeatedly redeem referral bonuses, welcome offers and promo codes, draining marketing budgets and skewing KPIs.
Chat message from Anna saying she is looking for a few people to run a referral play with her offering fast payouts and asking to DM 'INFO' for explanation.
Sign-up form asking for name and email to access a welcome offer with a black sign-up button.
Table showing redeemed referral bonuses with usernames and identical IP address 169.13.118.73 marked with warning icons.

Frictionless protection against referral and promo abuse

Referral and promo abuse, including multi-accounting and incentive gaming, is one of the fastest-growing threats to digital businesses. Trustfull helps you fight back with the power of hundreds of digital signals.

Promo policy protection

Protect the integrity of your customer acquisition programs from fake sign-ups.

Real-time detection

Instantly identify suspicious users and stop welcome bonus abuse before it’s too late.

Frictionless checks

Let legitimate users enjoy a smooth experience while abusers get stopped at the door.

Global coverage

Focus on growing safely across borders with our API’s full international coverage.

Table listing phone numbers with country flags, dates, and disposable status; includes UK, Brazil, France, Germany, Greece, India, and China.

Phone number verification

Verify phone numbers used in referrals and promo redemptions to uncover abuse:
Retrieve porting history and phone-to-name details to spot inconsistencies
Detect lack of connected messaging apps, signalling burner numbers
Flag disposable, virtual and high-risk phone numbers before issuing rewards
Talk to our team
List of connected accounts showing Google, Paypal, LinkedIn, Spotify, and Amazon as connected, and Apple and Facebook as not connected.

Email address analytics

Analyze users’ email addresses for signs of incentive abuse or fake accounts:
Estimate email age based on known data breaches and other open sources
Retrieve a list of online services linked to the email as proof of real usage
Block newly created or placeholder emails at high risk of abuse
Talk to our team
Map of Atlanta with a blue location pin showing a woman's face and a data box displaying country USA.

IP & device intelligence

Use IP and device context to stop referral and promo abuse at scale:
Detect clusters of referrals and sign-ups originating from the same IP or device
Identify privacy red flags like VPN, proxy or TOR usage upon code redemption
Flag high-risk traffic from known click farms and data center IPs
Talk to our team
Graph showing a central high-risk phone number linked to six contacts with names, photos, phone numbers, and email addresses.

Identity network graph

Pinpoint connections and unusual patterns across different accounts:
Detect repeatedly used contact details or IP addresses
Get real-time warning signals on unusual or suspicious patterns
Automaticly feed graph signals into the scoring model for improved accuracy
Talk to our team
Table listing phone numbers with country flags, dates, and disposable status; includes UK, Brazil, France, Germany, Greece, India, and China.
List of connected accounts showing Google, Paypal, LinkedIn, Spotify, and Amazon as connected, and Apple and Facebook as not connected.
Map of Atlanta with a blue location pin showing a woman's face and a data box displaying country USA.
Graph showing a central high-risk phone number linked to six contacts with names, photos, phone numbers, and email addresses.

“At Snaitech we are actively investing in new technology that enables better customer journeys while increasing our defences against bad actors. After very successful testing with Trustfull, we decided to partner with them.”

Alessandro Graziosi

Chief Digital Officer - Snaitech

Snaitech logo
Excited man in red shirt cheering with clenched fists while watching a game with two friends indoors.

Frequently asked questions

What is referral and promo abuse and how does it work?
Referral and promo abuse happens when users or fraudsters exploit marketing incentives, such as referral rewards, welcome bonuses, vouchers or discount codes, in ways that violate a company’s terms. This can include creating fake accounts, self-referrals, using bots to mass-redeem promotions, or coordinating groups to repeatedly exploit the same offers.
What is multi-accounting and how is it related to referral and promo abuse?

Multi-accounting is when a single person or fraud ring controls many different accounts, often using disposable emails, virtual phone numbers and spoofed devices. These accounts are then used to refer each other, unlock “new user” promos multiple times, or stack rewards that should only be earned once per real customer. Multi-accounting is one of the main engines behind referral and promo abuse.

What are the most common signs and red flags of referral and promo abuse?

Common red flags include many referrals coming from the same IP, device or location, a high number of new users sharing similar contact details, and short-lived accounts that redeem a promo and quickly churn. You may also see spikes in referrals right after a campaign launch from unusual geographies, or abnormal patterns where one referrer generates an unrealistic number of “friends” in a short period.

How do fraudsters create fake referrals and abuse promotions at scale?

Fraudsters combine breached or stolen personal data with fabricated identities, disposable emails and virtual phone numbers. They use scripts, emulators and device farms to create and manage large volumes of accounts that appear distinct on the surface. These accounts sign up through referral links, redeem welcome offers and apply promo codes repeatedly, often cashing out bonuses, reselling discounted goods, or converting rewards into money or crypto.

How can businesses detect and prevent referral and promo abuse without adding unnecessary friction?

Effective strategies include analyzing emails and phone numbers, using device and IP intelligence, and linking referrers and referees through OSINT-based checks. Layering data sources, such as phone-to-name, email-to-name and IP clustering, helps flag risky referrals in real time while genuine customers enjoy a smooth, low-friction experience.

Can’t find the answer you’re looking for?

Book a 30-minute consultation with our team of fraud experts and let us know how we can help.
Talk to an Expert

Learn more about Referral & Promo Abuse

How to Prevent Promo Abuse with OSINT
Article

How to Prevent Promo Abuse with OSINT

Discover how OSINT helps detect promo abuse and bonus fraud early using digital signals—without friction or blocking legitimate users.
Learn more
Blog placeholder - 3
Article

Blog placeholder - 3

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas vitae suscipit ante, a porta enim. Integer risus lorem, ultrices tristique sollicitudin sit amet, malesuada a eros.
Learn more
Blog placeholder - 2
Article

Blog placeholder - 2

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas vitae suscipit ante, a porta enim. Integer risus lorem, ultrices tristique sollicitudin sit amet, malesuada a eros.
Learn more
Read all

Let’s stop promo & referral abuse

Contact us today and let’s discuss how Trustfull’s advanced solutions can help you cut losses, strengthen security, and safeguard your customer experience.
TRUSTED BY WORLD‑LEADING COMPANIES
Twilio logoYounited logoNexi logoRefinitiv logoElavon logoCofidis logoAdmiral logolastminute.com logo