Today’s businesses are constantly seeking innovative ways to attract customers. Promotional vouchers, discount codes, and coupons have become a staple strategy in this regard. They not only drive sales but also build customer loyalty. Unfortunately, these strategies also attract a less desirable element: voucher fraudsters. Voucher fraud is a growing concern, with fraudsters discovering ever-more sophisticated ways to exploit these promotional offerings. 

Voucher fraud, in the context of mobile apps, refers to illicit activities where individuals or entities deceive app users or service providers by exploiting promotional vouchers, discount codes, or other similar types of coupons that apps often provide. The fraud can manifest in various ways and can lead to significant financial losses for businesses as well as a degraded experience for legitimate users. Here’s a closer look:

Fraud in obtaining and re-selling vouchers

Creation of multiple accounts

Some users create multiple fake accounts to repeatedly take advantage of first-time user vouchers. For instance, many apps provide discounts or offers for new sign-ups. By creating several accounts, people can continuously reap the benefits of these offers that are only meant for one-off use.

Voucher code generators

Some cybercriminals develop tools that attempt to generate voucher codes by predicting or hacking the sequence in which they are produced by legitimate businesses.

Employee collusion

Insiders within a company might work with external parties to misuse vouchers, either by providing codes meant for specific purposes or by manipulating the system to approve invalid voucher claims.

Phishing/app control to obtain vouchers

Phishing attacks via email, manipulated websites, or manipulated apps allow people to steal vouchers from those who have either free access to vouchers (promotional, such as a reward to a loyalty program) or have bought vouchers.

Account theft

Overlay attacks can allow cybercriminals to steal app credentials and access vouchers the app owner has access to.

Sale of vouchers

In some cases, fraudsters might legitimately obtain vouchers either by bulk-buying during sales or using stolen credit card information, reusing “used/reusable” vouchers, or creating multiple accounts to obtain promotional vouchers by harnessing voucher generators, phishing, working with employee collusion, or account theft, and then sell them on third-party platforms.

Vouchers as bait to conduct other fraud


Scammers might create fake promotional offers or vouchers and send them to users. When users click on these fake offers, they are led to malicious websites where their personal and financial data might be stolen.

App cloning

Cybercriminals can clone a legitimate app and embed malicious code. When users download and use the cloned app, thinking it’s the original, they might be offered fake vouchers, leading them to provide personal information or make fraudulent payments.

Verimatrix XTD powerfully protects against the associated overlay attacks and instances of app cloning. Through specific app integrity protection and monitoring services as well as unique detection technologies, the overlay and cloning can be easily noticed by app manufacturers and thus help prevent the abuse:

  • Overlay attack detection and prevention: Overlay attacks are particularly insidious. Fraudsters superimpose a fake interface over a legitimate app, capturing user input—typically login credentials. With this information, they can gain unauthorized access to users’ accounts and any attached vouchers. Verimatrix XTD’s proactive monitoring detects these attacks, safeguarding user credentials and maintaining the integrity of user accounts.
  • Continuous monitoring for abnormal activity: Constant vigilance is key to combating fraud. Verimatrix XTD’s monitoring capabilities keep an unblinking eye on app activities, ready to flag and act upon any abnormal behavior. This continuous surveillance extends beyond just voucher fraud, providing a comprehensive security solution that adapts to evolving threats.

For more information on Verimatrix XTD, visit here.