Unfortunately, this is something that occurs and is becoming more and more common as contests become more popular on Facebook. The best method to track voting and monitor/prevent fraudulent votes in a UGC/Photo/Video contest would be to enable data collection from voters and then restrict voting to Email Address or Email Address per Day.
You could alternatively limit the votes by “Facebook user” or “Facebook user per day” because that will verify that each vote is cast by an individual Facebook user account, and you will still get the IP Addresses for each vote cast in the Vote Export file.
*Due to recent Facebook updates, you can no longer automatically collect names, email addresses, or any personal data from a Facebook profile.*
You can see all the information collected from each vote that has occurred in the Votes Export file, which can be downloaded from the Winners section of your offer dashboard.
The information provided in the Votes Export file may help in giving you a better idea regarding the legitimacy of specific votes. Unfortunately, beyond that, we don’t have a way of preventing/detecting fraudulent voting at this point. We are looking into some different methods for avoiding this in the future, but currently there’s not a particularly simple way to go about it. So, basically, you just have to look at all the data available in the Vote Export file for the suspected fraud and do some checks on the IP addresses (using Google and MaxMind GeoIP), see how fast they’re coming in, etc.
On the Votes Export, there is a column titled “Bad IP.” If a cell in this column contains data such as “TOR,” “fraud,” “server,” or a few others, it means that this vote came from an IP address already flagged in our system as being a known source of fraudulent voting and the vote has already been blocked. Although it appeared to the end user that their vote was accepted, it does not count toward the vote total.
Keep in mind that there are legitimate reasons for there to be many votes coming from the same IP Address; such as people voting in a workplace or school setting, where all computers share the same IP; or even a household computer that multiple family members/individuals use.
It may be the case you see a lot of proxy server addresses which would indicate fraud or the IPs are from foreign countries that shouldn’t be participating. If you suspect fraud you could also reach out to the entrant to confront them and you can always remove their entry per your rules. Setting the voting to be limited to “one per Email Address” makes it more difficult and provides even more info to evaluate in the Export File.