High Risk
ReferralHero is committed to maintaining the integrity of its referral program by preventing fraudulent activities and ensuring that referred subscribers are high quality. This page explains how high-risk subscribers are identified, what happens when they are flagged, and how the approval process affects rewards, automations, and analytics.
Flagging Flow
Subscribers can be flagged in two ways:
Automatically – The system runs auto risk checks
Manually – Admins can enable “Flag all referrals as high risk” from a subscriber profile. To do this, go to the subscriber profile, click the three-dot menu in the top right, and select “Flag all referrals as high risk”

What Happens When a Subscriber Is Marked High Risk
Advocate’s Profile – the same behavior applies whether flagged automatically or manually:
Advocate is immediately marked as Risk
The checkbox “Flag all referrals as high risk” becomes active, and its label changes to “Unflag future referrals as high risk”
Referral stats are still counted

All existing referrals are flagged as risk

All pending rewards are updated to Flagged

Timeline log: “All referrals have been flagged as high risk by admin XXX.” appears if flagged manually

High Risk Page
Advocate appears under High Risk Advocates
All existing referrals appear under Suspicious Referrals
Future Referrals
Automatically flagged as risk
Appear in Suspicious Referrals
All rewards for the advocate are flagged (regardless of delivery method)
Approving High-Risk Subscribers and Referrals
Approving an Individual Suspicious Referral
Go to Subscribers > High Risk > Suspicious Referrals
Use the Approve button at the top to approve multiple referrals at once, or the Approve option in the three-dot menu for an individual referral

Once approved:
Referral is removed from Suspicious Referrals
Referral's risk status is cleared
Referral’s reward is restored to its original status (Pending or Send immediately)
Since advocate's risk status is separate:
Advocate’s “Flag all referrals as high risk” checkbox remains active
Advocate rewards tied to that referral remain flagged
Approving an Advocate
Go to Subscribers > High Risk > High-Risk Advocates
Use the Approve button at the top to approve multiple advocates at once, or the Approve option in the three-dot menu for an individual advocate

Once approved:
Advocate and all referrals are cleared of risk status
The “Flag all referrals as high risk” checkbox within their profile is unchecked
All flagged rewards for both the advocate and their referrals revert to Pending or Send immediately (depending on delivery method)
A timeline log is added: “Advocate approved by admin XXX: All future referrals will no longer be flagged as high risk”
Advocate and referrals are removed from High Risk Advocates and Suspicious Referrals
Future referrals and rewards behave normally
NOTE: Approved advocates are not re-flagged by the automatic risk check, even if their actions would normally trigger a flag. They can only be re-flagged manually by an admin.
Unflagging Future Referrals as High Risk
Admins can manually unflag all future referrals of an advocate without fully approving them:
From the subscriber profile, open the three-dot menu in the top right
Uncheck “Unflag future referrals as high risk”

When unchecked:
A timeline log is added: “High-risk flag removed by admin XXX: This change applies only to future referrals, which will no longer be flagged as high risk”
No change to the advocate's own risk status
Existing flagged referrals and rewards remain flagged
All future referrals are added as normal (not flagged)
Advocate rewards tied to these future unflagged referrals remain flagged, since they depend on the advocate’s own risk status
Referral conversion bonuses (if enabled) will unlock as normal and are not flagged for future referrals
Re-Flagging a Previously Approved Advocate
If an admin manually re-flags a previously approved advocate, the advocate’s profile, referrals, and rewards are all re-flagged
Timeline and UI updates reset to match the initial flagging behavior
Future referrals and rewards are flagged again
Flagging for Rewards
Individual Rewards

When rewards are flagged, there is no option to “Send”
Flagged rewards can only be canceled or deleted
The Send option appears only once rewards are unflagged
Group Rewards
Group Payouts Main Page

If one or more rewards in the group are flagged, the Group Reward status shows as Flagged
There is no option to “Pay” when group rewards are flagged
Group Payout Reward Details Page

Flagged individual rewards within the group are displayed with their Flagged status. This mirrors what is shown in the individual reward view
There is no option to “Pay” when rewards are flagged
High Risk Impact
Rewards
- Rewards earned before flagging (set to unlock immediately) are still sent - All future rewards for the advocate and their referrals are flagged and held
Automations
- Welcome Automations continue - Participation Automations continue - Reward Automations are held, since they only trigger when a reward is actually sent
Analytics / Leaderboards / Positions
Subscribers marked as high risk are still included in analytics, leaderboards, and position rankings
Lifecycle: Flagged vs Approved vs Re-Flagged
Flagged
- Advocate marked as Risk - “Flag all referrals as high risk” checkbox = ON - Timeline shows admin action (if flagged manually)
- All existing referrals flagged - Future referrals automatically flagged
- Pending rewards updated to Flagged - Future rewards flagged and held - Rewards earned before flagging (if immediate) still sent
- Welcome + Participation continue - Reward Automations held
Still counted in all analytics, leaderboard, and position data
Approved
- Risk status cleared - “Flag all referrals as high risk” checkbox = OFF - Timeline shows admin approval
- All referrals cleared of risk - Future referrals behave normally
- All flagged rewards revert to Pending or Send immediately - Future rewards behave normally - Advocate not re-flagged by auto risk check
- All automations run as normal
Still counted in all analytics, leaderboard, and position data
Re-Flagged
- Advocate marked as Risk again - “Flag all referrals as high risk” checkbox = ON - Timeline shows admin action
- All referrals re-flagged - Future referrals again auto-flagged
- Pending rewards updated back to Flagged - Future rewards flagged and held again
- Welcome + Participation continue - Reward Automations held
Still counted in all analytics, leaderboard, and position data
Flagging Logic Across Campaigns and Referral Chains
Flagging Behavior Across Campaigns
When a flagged advocate later joins a new campaign, the flagging mechanism continues to apply
All future referrals and associated individual and group rewards in the new campaign are flagged
The advocate appears only once in the High Risk Advocates section, with their referral count reflecting the sum of referrals across all campaigns
Flagging Behavior Across Referral Chains
1. Within the Same Campaign
Example:
Advocate A refers B → both A and B are auto-flagged.
A is placed in High Risk Advocates.
B is placed in Suspicious Referrals.
B refers C:
B’s reward (as advocate of C) is flagged.
B remains in Suspicious Referrals.
C is not flagged.
C refers D:
No flagging occurs at this level.
NOTE: Referrals listed under Suspicious Referrals can also be escalated to the High Risk Advocates section if they meet auto-flagging criteria.
For example, if B (in Suspicious Referrals) refers multiple suspicious referrals, B will remain in Suspicious Referrals but will also be placed in High Risk Advocates.
2. Across Different Campaigns
Example:
Advocate A refers B in Campaign One → both A and B are auto-flagged.
A is placed in High Risk Advocates.
B is placed in Suspicious Referrals.
A then refers C in Campaign Two:
A’s reward is flagged.
C is also flagged.
Common Risk Cases
ReferralHero tracks several recurring patterns that often indicate suspicious or fraudulent activity. These cases don’t automatically mean abuse has occurred, but they act as warning signs that should be investigated before releasing rewards.
Case 1: Subscriber has referred potentially high-risk referrals
In this scenario, we explore the prospect that a subscriber has referred individuals displaying characteristics or behaviors associated with high risk. This may encompass patterns of suspicious activity or irregular signup information. ReferralHero actively monitors such cases to safeguard the overall integrity of the referral program.
Case 2: Subscriber has been referred by someone with a history of suspicious signups
When a subscriber is referred by an individual with a track record of suspicious signups or fraudulent activities, it raises concerns about the legitimacy of the referral. In this case, ReferralHero's vigilance is essential. We employ advanced tracking mechanisms and analysis tools to identify patterns and correlations, allowing us to assess the risk associated with the referrer.
Case 3. Subscriber's IP address and device match their referrer's
Matching IP addresses and devices between the subscriber and their referrer can indicate a potential risk, especially if it suggests artificial attempts to inflate referral numbers. ReferralHero takes this case seriously and employs sophisticated technology to cross-verify such information. By scrutinizing IP addresses and device details, we can identify and address situations where the referral process might be manipulated. This ensures that the referral program remains secure and trustworthy, protecting both the integrity of the system and the rewards for genuine participants.
Risk Level
Not every flagged subscriber poses the same level of threat. Risk levels provide admins with a framework for deciding how much investigation is needed before making a decision.
Low Risk Subscribers in this category generally show normal activity with only minor irregularities. Their referral patterns look organic, and they may have a history of legitimate engagement. These accounts usually don’t require intervention beyond routine monitoring.
Why it matters: Low-risk users help remind admins that not every flag is critical — sometimes small anomalies are just noise. Over-policing at this stage could harm program trust, so the safest path is “watch and wait”.
Medium Risk Medium-risk subscribers display more noticeable irregularities, such as unusual sign-up timing, mismatched details, or clusters of referrals that don’t look organic. These cases call for manual review, verification steps (like email or phone number confirmation), or a quick check-in with the subscriber.
Why it matters: Medium-risk cases often sit in a gray zone. Some turn out legitimate, while others uncover deliberate manipulation. Giving these accounts a closer look helps prevent both unfair penalties and missed fraud.
High Risk High-risk subscribers show multiple strong signals of abuse — such as repeated suspicious referrals, or a past record of fraudulent attempts. These accounts pose a serious threat to program fairness and rewards integrity. They require immediate and thorough investigation, and in some cases, permanent restriction.
Why it matters: High-risk accounts, if left unchecked, can undermine the credibility of the entire referral program. By isolating and holding them until reviewed, ReferralHero protects both the system and legitimate participants.
Best Practices for Reviewing High-Risk Subscribers
When dealing with flagged subscribers, admins should follow a consistent review process to separate legitimate advocates from abusers.
Review details carefully – Check names, email formats, signup timestamps, and referral patterns. Legitimate referrals tend to look natural, while fraudulent ones often reveal shortcuts (e.g., disposable emails, repeated usernames) Why: A careful scan can catch the majority of abuse without needing heavy investigation
Add verification steps – If something feels suspicious, add additional forms of verification to the campaign, such as confirming an email, phone verification, or even a quick check-in with the subscriber Why: Fraudsters rarely respond to verification, while real participants usually comply quickly
Decide between approving or keeping flagged – Only approve when you’re confident the activity is genuine. Leaving someone flagged doesn’t harm analytics but ensures rewards stay on hold until clarity is reached Why: Erring on the side of caution protects both rewards and trust
Avoid deleting subscribers – Deletion removes valuable historical data that might later help identify patterns. Unless you’re certain an account is malicious and unwanted, it’s safer to leave it flagged rather than erase it Why: Keeping records makes long-term fraud detection more accurate
Document actions taken – Log what you reviewed, why you approved or rejected, and any verification steps Why: Documentation builds consistency across admins and provides backup if disputes arise
General Guidelines
Beyond case-by-case reviews, admins should keep broader principles in mind to maintain program integrity:
Communicate transparently with participants – When possible, clarify issues with subscribers directly. Many false positives can be cleared up with a simple explanation Why: Open communication maintains trust and prevents frustration among legitimate users
Keep thorough records – Save investigation notes and flagged history Why: Having a reliable paper trail ensures decisions are defensible and helps future admins handle similar cases more consistently
Escalate when necessary – If a case continues to look suspicious after initial review, involve higher-level admins Why: Some fraud patterns only become clear at scale. Escalation ensures tough cases are reviewed with the right expertise
Last updated
Was this helpful?