GBC Time
,

How Rocks Partners uncovered a €30,000 Scam Attempt — And Shut It Down in Time

How Rocks Partners uncovered a €30,000 Scam Attempt — And Shut It Down in Time

By Tom, Head of Affiliates at Rocks Partners

February turned into March, and the numbers were climbing — fast. Too fast.

We were in the middle of a serious PPC campaign on DuoSpin. Germany and Canada. €500 per player. No KPIs. Full trust.

The only rule on the table? No fraud. No incentivized traffic. We were so confident that we even agreed to pay for players who might close their accounts later — as long as they were real.

It was one of those deals that only gets greenlit when everyone in the room agrees: this partner is solid, has a track record, and has a “Big traffic network.” They said, “We know how to scale.”

And for the first few weeks? It looked golden.

FTDs were flowing in. Our system was lighting up like Christmas morning. I remember thinking, “Damn, this could be a record month.”

We were already discussing doubling down — giving them the same cap on our second brand, WinHero. When traffic looks that good, you want more of it.

But then I noticed the timing.

Something Was Off

I’ve been in affiliate marketing long enough to know when something’s off. And this was way off.

First red flag? The speed. Almost every player registered and deposited within a 15–20-minute window. I don’t mean one or two cases — I mean 80% of all signups.

Nobody does that. Real users don’t rush like that. They browse, poke around the site, check bonuses, and maybe come back later to make their first deposit.

These ones? They were in, they were out, they were gone.

So I dug in.

The Anatomy of a Scam

Let me walk you through it — exactly how we broke it down.

1. The Numbers Didn’t Add Up

When I opened the deposit logs, I saw numbers like €20.02, €49.76, €99.93.

Cent deposits. All over the place.

This might not mean much to an outsider, but to me? That’s a neon sign that says, “This isn’t real.”

Most commonly, real players deposit round numbers. Twenty, fifty, maybe a hundred. They’re not topping up their casino wallet like it’s a gas station.

This wasn’t human behavior. It was a script.

2. Crypto Everywhere — But The Wrong Kind

Then came the crypto audit.

99% of the deposits were in Bitcoin or Ethereum.

Now, I love crypto — but not in this context. In Canada, maybe 5% of users pay with crypto. In Germany? 10% at best. The rest use Interac, Skrill, local banks, Revolut — standard stuff.

Wanna know why they didn’t use USDT or Litecoin? Because those chains are much easier to trace.

BTC and ETH are a pain in the ass to track. You want to map out a real transaction? Get ready to pay for a forensic chain analysis. It’ll cost you a lot.

So, we didn’t even bother spending thousands of euros to trace the on-chain flow through crypto hashes. Why? Because we already had more than enough to call it what it was: fraud. Plain and simple.

3. GEO Leaks

Here’s the real kicker.

They told us they were targeting Germany and Canada. That’s what our payout model was based on — Tier 1 GEOs.

But the traffic? When we peeled back the layers and checked the raw logs, Australia, Portugal, and France kept popping up.

Shitty proxies. That’s what got them caught.

Low-budget proxies always leak. They can spoof browser location, maybe even language settings, but they can’t hide true IP metadata. Not from our systems.

One user signs up from Australia, plays from France, and cashes out from Germany. That’s not user behavior — that’s a circus act scripted through bad proxies.

And they thought we wouldn’t notice.

4. Zero Bonus Claims. Zero Gameplay.

I went deeper. If these were real players, they’d at least play, right?

Nope.

92% of users never touched the welcome bonus.

67% were using desktop — in a vertical where mobile is king.

52% still had untouched balances on their accounts.

It gets worse.

61% of the “players” from Germany were routed through the same VPN, all logging in from the same IP, all making a second deposit within 20 minutes.

You know how I know they weren’t real? They didn’t even try to fake activity. No clicks. No games launched. Just deposit → leave.

They didn’t even install browser motion emulation. No mouse movement. No scroll.

Lazy.

The Showdown

We confronted them.

I didn’t go in hot — not at first. I gave them the benefit of the doubt. Shared some light data points.

We even offered to place the payout on hold — just to monitor how the players would behave over the next few days. There was still a sliver of hope that they were real.

But you won’t believe what happened next.

Right after that call, a chunk of those “players” made a second deposit. Same IPs. Same behavior. No gameplay.

Come on. That’s not just suspicious — it’s laughable.

And what did they do?

They turned it around on us. Said we were scamming them. Accused us of making up numbers.

So I cut them off.

That’s when they panicked. Tried to go over my head and started messaging Andrew, our CEO, like they were victims.

I don’t think they realized who they were dealing with.

Our CEO has deep roots in gambling — we’re not talking surface-level experience here. When I showed him just a handful of the red flags, his reaction was swift and clear: full stop. Cut them off.

But he didn’t disappear into the background. No. He stepped into the conversation himself and sent them a detailed, grounded statement on the situation — laying out the facts, point by point.

And their response?

“This is just your opinion.”

“The screenshots aren’t evidence, just assumptions.”

And of course — the classic move — they called us scammers.

I still tried to keep things civil. I offered them an exit, a quiet one. But my boss looked at me and said:

“Don’t waste another second. Not your time. Not your energy.”

So I did what any pro would do. I thanked them for the collaboration — however dishonest it was — and wished them luck.

Luck avoiding their next investigation.

We Could Have Lost Everything

This campaign wasn’t going to bury us — we’re built to handle large volumes of high-quality traffic. But what we won’t do — ever — is tolerate tactics like this from bad-faith players in the industry.

We were paying €500 per player — an amount reserved only for clean, high-quality traffic. They saw an open gate and tried to flood it with garbage. 

With no caps in place, one lousy month at those rates could’ve wrecked a lesser team. But not us. Every department at Rocks Partners is run by professionals who’ve seen it all. We operate like a tight machine. And with us, stunts like this don’t slip through.

We caught it early. We had the systems, the data, and the experience.

The Aftermath

We won’t name names here. Not yet. This isn’t drama for clicks. This is about drawing a line.

We built Rocks Partners from the ground up to reward affiliates who know how to scale right. We take care of our own. But what about anyone who tries to game the system?

You’ll be met with the same thing these guys got.

Locked accounts. Blocked payouts. A permanent blacklist.

And let’s be honest — a reputation that’ll follow you in every corner of this industry. iGaming is a small world. Word travels fast. So, before you push fraud traffic, ask yourself if that short-term win is worth long-term damage.

Maybe I am blunt. But when you’ve built something from scratch and someone tries to game it — yeah, it hits differently. Thanks for understanding.

Read More: What is media buying?

GBC Time