E‑commerce Marketing Risk Control: Strategies to Counter Black‑Grey Market Attacks Using Big Data and AI

After the "Double 11" shopping festival, the upcoming "Double 12" brings a surge of transactions, but hidden behind the numbers is a black‑grey market industry worth billions and involving millions of participants, constantly challenging e‑commerce platforms' security.

Guo Jiannan, a Tencent security risk‑control expert with 15 years of experience, shared how Tencent's Tianyu security platform protects major e‑commerce clients (JD, Carrefour, Vipshop, etc.) and retail brands (Mengniu, Dongpeng) from marketing fraud, anti‑scraping, and counterfeit attacks, having blocked over 132 billion malicious requests and saved roughly 9.3 billion CNY in marketing costs.

The attack lifecycle is described in three stages:

1. Preparation – attackers study platform discount rules, discover loopholes, and stock up accounts and cheating materials.

2. Exploiting platform vulnerabilities – they probe both activity‑design flaws (e.g., bulk buying, returning, and refunding to generate coupons) and risk‑control gaps (e.g., abusing spin‑the‑wheel limits).

3. Concentrated monetization – once the rules are clear, they launch mass coupon‑grabbing attacks during the promotion, triggering alerts when user activity spikes are abnormal.

Modern black‑grey market tactics have evolved from using emulators (“fake devices, fake people, fake behavior”) to “real people, real devices, real behavior”. Fraudsters recruit real users (so‑called "real‑person wool‑pullers") through livestreams, short‑video platforms, or organized teams, and employ sophisticated tools such as automated captcha solving, phone‑number pools, massive account farms, and even iOS device rootkits.

Big data collection and AI algorithms now play a crucial role. Machine‑learning models analyze real‑time threat intelligence, user historical behavior, and unsupervised clustering to detect abnormal patterns, differentiate legitimate users from bots, and mitigate attacks that bypass traditional defenses like graphic captchas or SMS verification.

Key defensive recommendations include:

Gather comprehensive threat intelligence using big‑data pipelines for early warning.

Apply AI‑driven user behavior analysis, including unsupervised learning, to spot “meat‑cow” accounts.

Adopt a diversified defense strategy (“release‑then‑differentiate”), targeting attacks from indirect angles rather than confronting every attack point directly.

Partner with professional security vendors to supplement in‑house risk‑control capabilities.

Tencent Tianyu offers an end‑to‑end risk‑control solution: a decision‑engine, risk data layer, and modeling platform that can be integrated via APIs or combined with Tencent Cloud services. It provides fast (≈180 ms) identification of wool‑pullers, multi‑layer protection (login, registration, captcha, cheat‑tool detection), and 24/7 expert response.

Additional services cover DDoS mitigation, content security (detecting illegal, violent, or spam content with 99 % accuracy), and full‑stack protection for network, host, data, and application layers.

The Q&A session highlighted practical concerns such as handling pricing errors, distinguishing real‑person wool‑pullers, preventing address‑based abuse, and the impact of 5G on future fraud detection.