5th layer. If the email has been flagged as potentially fraudulent, we then do a behavioural analysis on similar emails. A behavioural analysis aims to seek a specific set of patterns used by cheaters. For example, cheaters tend to sign up with fake emails over a short period of time. Genuine referrals usually take some time to pile up.