What are fraudsters searching for? How SEO data reveals document fraud tactics
Fraudsters rarely operate in the open.
But if you pay attention, the signals are there: hidden in metadata, document formatting, behavioral patterns, and sometimes, in something as seemingly benign as a search query.
At Inscribe, we believe that effective fraud prevention begins with curiosity.
Our approach, especially across our risk and product teams, involves reverse-engineering fraud tactics: studying forgery techniques, deconstructing document manipulation patterns, and using those insights to inform the detection capabilities of our AI systems.
But recently, our investigation took an unconventional path through SEO data.
Using SEO as a signal for fraud behavior
While reviewing keyword trends in our SurferSEO dashboards, I noticed a series of search phrases that stood out.
These weren’t queries from customers looking for document verification tools, or underwriters learning about income analysis. They were search terms that looked more like intent signals from fraud actors themselves.
We decided to explore further.
Using search volume data from SurferSEO and on-site behavior from Google Analytics, we isolated clusters of keywords likely associated with fraudulent document creation.
Then we cleaned the data (removing clearly legitimate queries) and studied what remained.
What is a keyword (and why does it matter)?
A keyword is simply a search phrase typed into Google. But in aggregate, keywords become a behavioral dataset:
- Search volume shows how common the behavior is.
- Query structure reveals intent.
- Emerging patterns signal changes in tactics over time.
Most companies use this data to understand demand, but we can also use it to understand deception.
High-volume search terms that suggest fraud intent
Below is a sample of keywords with monthly volume that reflect interest in document forgery tools—not education or curiosity.
While these aren’t inherently criminal, they mirror the tactics we’ve seen in known fraud attempts, particularly in loan underwriting and KYB use cases.
Thematic clusters: What fraudsters are trying to fake
The keywords break down into four common document categories:
Bank statements
- fake chase bank statement
- editable bank statement template
- bank statement maker
W2s & 1099s
- editable w2 template
- how to get a fake w2
- w2 form download (manipulated)
Pay stubs
- fake pay stub generator
- create pay stub editable
- printable pay stub template
Employment and income letters
- proof of income letter generator
- fake employment verification letter
- editable income verification letter
These mirror the document types we most frequently detect as manipulated using Inscribe’s document agents—especially in high-trust workflows like loan underwriting.
The language of deception: masked in DIY phrasing
One of the more revealing signals is the structure of the search terms:
“how to make a fake bank statement”
“create your own pay stub”
“generate employment verification letter”
This phrasing is intentionally subtle. It uses the semantics of personal productivity to disguise malicious intent. It’s one of the reasons Inscribe’s detection engine doesn’t just look for anomalies—it reasons about them.
The internet is the fraudster’s toolkit — and our signal source
It’s easy to think of SEO as a growth function. But when used through the lens of document risk, it becomes a lens into how fraudsters think, search, and act.
At Inscribe, we’re committed to helping risk teams reason through risk—not just react to it. And that means building intelligence from every available source. We use these queries as directional evidence, not deterministic labels. They help guide red-teaming, customer training, and threat monitoring—not drive standalone decisions.
If your team is interested in leveraging more proactive detection methods (including intelligence like this), our document agents are ready to help.
Request a demo or request a free trial of Inscribe’s document agents. What will we find hidden in your document data?
