Connection manipulation is almost as old as online fraud itself. From the earliest days, fraudsters have experimented with ways to make it appear as though their internet connection was originating from a location other than its actual source.
Today, connection manipulation has become ubiquitous, sophisticated, and — with the latest evolution of account takeover (ATO) — particularly difficult to detect.
How Forter Invests in Connection Manipulation Identification
With Forter’s April 2025 release, device takeover detection within services improved by 20% and the ability to identify connection manipulation methods, such as VPNs and proxies, increased by 15% — representing a significant investment in research, experimentation, and technical work.
However, connection manipulation has been around for a long time, and identifying it has been built into the Forter Trust Platform from the very beginning — so why are we devoting energy to it now? The answer is that fraudsters haven’t stayed still, so we can’t either.
Obfuscation Sophistication is a Growing Threat
There is a significant gap between simple and sophisticated manipulation attempts. The thing is, more and more fraudsters are becoming more sophisticated. Some fraudsters still attempt to use VPNs to conceal their location, making it appear as though they’re somewhere they’re not, and amateur fraudsters are unlikely to disappear. Generally speaking, fraudsters aim to put the minimum amount of effort into achieving their goals, so you can’t ignore this fundamental threat.
Since 2022, sophisticated connection manipulation has become widespread. This increase correlates with the fact that merchants now have the tools to detect simple attempts and the emergence of new fraudsters during the COVID-19 pandemic when many people were stuck at home or learning how to make bread — others went into online crime — and a lot of them didn’t give it up when things went back to normal. As this new population of criminals matures into their nefarious tricks, they’re getting wise to what really works.
Effective connection manipulation is crucial to these crimes because it’s key to successfully concealing your true identity. If it’s evident that your IP address has no connection to the address or account you’re using or that you’re hiding your real IP address, red flags will go up.
The Latest Evolution of ATO
It’s not just connection manipulation that’s becoming more sophisticated. The latest evolution of account takeover (ATO) is sneaky as well — and it’s up 12% over the last six months.
ATO uses device takeover, often via a remote desktop attack, and frequently employs some social engineering trickery. In practice, the fraudster gains remote control of a customer’s device and can make purchases on the sites with which they have accounts via that device.
It’s an ingenious solution to the connection manipulation problem because the digital mask fraudsters use in this attack is so convincing. The more common this kind of attack becomes, the more essential it is that merchants are protected.
Speed is Critical to Catching Fraud
As if that weren’t enough pressure, merchants must also be able to identify this and other types of obfuscation in real-time. Fraudsters use bots and other forms of automation to swap connection appearances and other elements of their identity in milliseconds, and detection efforts must keep pace.
And as AI agents become more prevalent in digital commerce, instantaneous activity will become more common and expected — and therefore, equally fast protection will be needed. For now, understanding the importance of embedding real-time reality checks in fraud protections is a competitive advantage.
Evaluating Identity is More Important than Ever
As always, getting this right requires a confident, accurate understanding of the true identity behind the purchase. It’s not enough to identify that connection manipulation is happening because some legitimate customers prefer to obfuscate their IP address for good reasons, such as privacy concerns, geopolitical situations, etc.
The question is not, “Is this connection manipulation?” but “Is the person behind the screen the person connected legitimately to the account and payment method?”
Technical details are fascinating, and it’s been amazing to see what the Forter team has been exploring to ensure that companies get top-notch protection. But at the end of the day, it’s all about identity. That’s the mindset needed to stop fraud, smooth the way for good customers, and help ensure your business is set up for success.
