Bot Attacks and Fraudulent Responses in Online Survey Research

Online researchers often experience bot infiltration – automated computer programs capable of independent functioning and the ability to emulate human responses – or counterfeit participants who provide unreliable responses. These “bad actors” can infiltrate online research using multiple email accounts or online profiles hoping to collect incentives and skew research results.

Investigators should incorporate multiple strategies to protect against online survey fraud in each stage of study design.

Recruitment

• Posting a survey link in a public forum (e.g., a recruitment flyer, social media page) allowing for direct access to study participation can attract bots.
• To avoid this, perform a spam check prior to consent (e.g., interested participants must contact the study team to obtain a code, unique link, or password to access the consent/survey). The filtering process takes place before data is collected.
• ResearchMatch or Prolific provide access to pools of verified users.

Software

• Qualtrics is approved for use as a survey host for Ohio State faculty, staff and students. Learn more about Qualtrics, including access and use, as well as fraud detection guidance.
• REDCap is another university-approved web-based application for building and managing online surveys and data collection forms. Learn more about REDCap.
• Before using new online survey or data collection hosts, contact your department’s designated security coordinator to ensure that the host is compliant with Ohio State safeguards.

Fraud Detection Strategies

• Consider cognitive tasks requirements such as ReCAPTCHA, word scrambles and “Click Here” prompts.
• Employ attention check questions (e.g., “Please select 'AGREE' for this question”) to ensure respondents are real and providing truthful responses. Use simple factual questions and not questions involving matters of opinion. Attention check use must be described in the protocol and in the consent process.
• Use open-ended questions requiring written responses rather than multiple-choice selections.
• Repeat questions (e.g., post similar questions throughout the survey) to assess response reliability.
• Consider using “honeypots” (questions hidden from human participants that can be seen by bots).
• Set up time limits on how long the survey or survey link remains accessible.
• Cap the total number of responses to limit bot attacks and prevent over-enrollment.

Consent

• Use the online exempt and IRB consent Templates located in the Huron Library. The templates contain confidentiality and risk language and can be modified based on study specifics.
• Participants must be informed of fraud mitigation strategies that will be used (e.g., attention check questions).
• Inform participants that they can only complete surveys one time.
• Specify how long it should take to complete the survey. Time tracking can later show whether the response is legitimate (e.g., a survey that should take 15 minutes is completed in 1 minute).
• Explain when incentives will be distributed with a disqualification statement explaining that suspected fraud or abuse will lead to compensation forfeiture.

Incentives

• Set reasonable incentives for the effort required of participants. High incentives may attract bots and fraudulent responders.
• Offer a raffle incentive rather than individual participant payments.
• Place a cap on how many times a participant can be paid.
• Require participants to authenticate their identity through a verification process prior to awarding an incentive.

Mitigation Plan

• Bot responses may still occur even when fraud prevention strategies are implemented.
• Participants may file complaints if they completed the study activities in earnest but were rejected or denied compensation.
• Anticipate these scenarios and develop a comprehensive plan to differentiate legitimate from fraudulent responses (e.g., confirming unique IP addresses, verifying unique participant identity).
• Promptly respond to participants’ questions/concerns and work to resolve the issues.
• A good plan avoids costly errors and the need to submit incident reports to the IRB.

IRB Reporting

Submit Reportable New Information (RNIs) if any of the following occur:

• The study’s mitigation plan does not address the problem.
• The resolution steps involve deviations from the approved protocol/mitigation plan.
• Participant complaints are unable to be resolved by the researcher.

Contact IRB-Reporting@osu.edu for questions about whether an RNI submission is needed.

Additional Resources

Lawlor, J., Thomas, C., Guhin, A. T., Kenyon, K., Lerner, M. D., Ucas Consortium, & Drahota, A. (2021). Suspicious and fraudulent online survey participation: Introducing the REAL framework. Methodological Innovations, 14(3). https://www.researchgate.net/publication/355739095_Suspicious_and_fraudulent_online_survey_participation_Introducing_the_REAL_framework

Simpson, Julie, "A Simple Guide for Researchers and Institutional Review Boards (IRBs) to Protect Data Integrity in Online Human Subjects Survey Research" (2026). Integrity in Research and Scholarship. 4.
https://scholars.unh.edu/research_integrity/4

Article ID: 136
Created: May 29, 2026
Last Updated: June 2, 2026

Online URL: https://ohiostateresearch.knowledgebase.co/article/bot-attacks-and-fraudulent-responses-in-online-survey-research-136.html