Prevent Referral Abuse

Protect your referral program from abuse

Referral programs are powerful growth channels — until bad actors create fake accounts to farm referral credits. VerifyWall stops them at signup.

Get API Key Read the Docs

The problem

Referral abuse occurs when users create multiple fake accounts to earn referral bonuses for themselves. The pattern is simple: create a new account with a disposable email, use your own referral code, earn the bonus, repeat. Organized referral fraudsters scale this using automation, creating hundreds of fake "referred" accounts from datacenter IPs. The result: your referral budget is drained by one-sided transactions that generate zero genuine growth.

The cost to your business

Referral abuse directly transfers money from your growth budget to fraudsters. Each fake referral costs you the full referral bonus (typically $5-$50) with zero customer acquisition in return. At scale, referral fraud can consume 30-50% of a program's budget. Beyond the direct cost, it corrupts your referral attribution data, making it impossible to measure which referrers are actually driving real growth. Some companies have shut down successful referral programs entirely due to uncontrolled abuse.

How VerifyWall solves it

VerifyWall validates every referred signup against risk signals that correlate with referral fraud. Disposable email detection catches the throwaway addresses used for fake accounts. IP intelligence identifies when multiple "referred" signups come from the same VPN or datacenter. The risk score helps you set policies: require phone verification for referred signups from suspicious sources, or delay referral credit until the referred user shows genuine engagement.

Detection signals that apply

Disposable Email

Fraudsters create fake referred accounts using throwaway emails

VPN / Tor

Self-referrers use VPNs to make each fake account appear to come from a different location

Free Email Provider

Bulk creation of free email accounts to simulate unique referred users

Datacenter IP

Automated referral fraud scripts running from cloud infrastructure

Integration example

Add VerifyWall to your prevent referral abuse workflow with a single API call:

// When processing a referred signup
$response = Http::withToken($apiKey)
    ->post('https://api.verifywall.com/v1/verify', [
        'email' => $request->email,
        'ip' => $request->ip(),
    ]);

$risk = $response->json('data.attributes');

if ($risk['risk_level'] === 'high') {
    // Create account but don't credit the referrer
    $user = User::create($validated);
    Log::warning('Referral credit withheld: high risk signup', [
        'email' => $request->email,
        'referrer' => $request->referral_code,
    ]);
    return $user;
}

// Credit the referrer
$user = User::create($validated);
$referrer->addReferralCredit($user);

return $user;

Frequently asked questions

Should I block high-risk referral signups entirely?

Not necessarily. A better approach is to create the account but withhold the referral credit until the user demonstrates genuine engagement (e.g., completes onboarding, adds a payment method, or remains active for a set period). This way you don't lose potentially legitimate users while preventing fraud.

How do I detect self-referrals from the same person?

VerifyWall detects the tools self-referrers use: disposable emails for fake accounts, VPNs to mask their IP, and datacenter IPs for automation. While we don't track individual users across accounts, these signals reliably identify the abuse pattern.

Can I delay referral credits based on risk score?

Yes, this is a recommended pattern. You might credit referrals immediately for low-risk signups, delay credits by 7 days for medium-risk, and withhold credits pending manual review for high-risk signups. The VerifyWall risk score gives you the data to implement tiered policies.