Back to Resources

Sneaky Sneakerheads Fake Location to Score Exclusive Nike Shoes, Merchants Struggle to Detect Spoofing

  • Blog
  • Financial Services

Nike SNKRS app users recently spoofed their location to participate in an exclusive Boston launch for the ‘Lemonade’ Off-White x Air Force 1s. In theory, only consumers within a restricted geographical area should’ve been able to order the popular shoes.

With a shoe resale value of up to $3,500, tech-savvy sneakerheads were definitely motivated to game the system. They may have used VPNs or proxies to manipulate their IP address location. More likely, they used other apps that spoof GPS, Wi-Fi or HTML data, so they appeared to be in the correct area of Boston.

To anyone who is not a sneakerhead, the shoe coup may seem unimportant. But this misadventure is symptomatic of a much larger problem: the ease with which bad actors can hide or spoof their true location in order to commit online fraud.

IP Addresses Identify Consumers Where They’re Not – Like Boston

Online retailers and merchants who rely solely on IP addresses for location are opening the doors for bad actors to transact on their platforms. That’s because IP addresses are the easiest location data points to manipulate, rendering them next to useless for detecting potential fraud.

To test the accuracy of IP addresses for location, GeoComply audited the location checks of several major financial services apps. In two instances, the location indicated Houston, Texas, and the other auto-filled the location as California. The true location during the audit was Vancouver, B.C. This blatant inaccuracy creates large security holes that fraudsters are eager to exploit.

Beyond IP – Spoofing Apps for GPS, Wi-Fi and HTML5

Sometimes, a more tech-savvy online retailer will go beyond IP addresses, using GPS, Wi-Fi or HTML5 signals to verify their customers’ location. These methods are much more accurate than IP addresses, but again, they have one fatal flaw: all of them can be spoofed with easy-to-access apps.

Using this kind of location data without checking its validity – that is, whether or not it’s been spoofed – is like building a fortress but forgetting to lock the door.

How to Detect Location Spoofing

Without knowing an end user’s true location, you’re missing a key piece of data to determine if you’re transacting with a legitimate customer or a fraudster.

That’s where modern location intelligence from GeoComply can help. Our unique approach to collecting, verifying and analyzing location data brings a new set of insights for fraud and risk management, so you can:

  • Increase protection against account takeovers, with no user friction.
  • Augment existing risk engines with accurate location data.
  • Amplify your VPN and proxy detection with the industry’s gold-standard IP database.

Download our latest white paper to learn how modern location intelligence helps detect IP spoofing and other types of advanced location spoofing techniques in order unmask bad actors – no matter how sneaky they are.