What Is Fake Account Creation and how to prevent it

What is Fake Account Creation?

Fake account creation is the process of creating accounts using bogus or stolen identity information. In this type of attack, cybercriminals use automated bots to create a large number of fake accounts in a short amount of time.

How Does Fake Account Creation work?

Fake account creation works by exploiting the business logic of a website or web app, specifically the registration form. Attackers assemble an attack script that inputs fake or stolen identity information into a registration form. Bot networks distribute the script and create many artificial accounts.

How Do Cybercriminals Use Fake Accounts?

Cybercriminals use fake accounts to conduct a wide range of criminal acts. Here’s how cybercriminals take advantage of fake account creation:

  • Free Trial Abuse: Many companies give special offers, free trials or bonuses on account sign up. By creating multiple accounts, fraudsters can take advantage of these offers multiple times.
  • Subscription Abuse: Cybercriminals resell subscriptions or free trials on third-party sites at discounted rates swaying potential customers to purchase away from the actual website or web app.
  • Review Fraud: Fraudsters use fake accounts, for instance, to bomb review sites with favorable reviews of their product or negative reviews about a competing product.
  • Money Laundering: Bad actors use fake accounts to launder funds from illicit operations.
  • Skewed Analytics: Fake accounts creation results in decisions that are based on inaccurate and misleading data. Fake accounts skew many KPIs and metrics, including daily active users and engagement, session duration, bounce rates, look-to-book ratios, campaign data and conversion funnel.

Business Impact of Fake Account Creation

For digital businesses, more registered users is a sign of growth, and the rising number of registrations is unlikely to be investigated too rigorously, until it’s too late.

How are Companies Fighting Fake Account Creation?

Companies may fight fake account creation using methods such as multi-factor authentication (MFA), CAPTCHAs and challenge questions. Businesses may also leverage payment fraud solutions and other security tools to catch fraud. These solutions may weed out some automated account creation attempts, but they have several flaws:

  • Negative user experience: Traditional tools like MFA and CAPTCHAs add friction at a critical point in the customer journey, which negatively impacts real human users. If the account creation process is too cumbersome, companies risk losing potential customers.
  • Do not stop all bots: Today’s sophisticated bots can solve CAPTCHAs. If bot inputs are within the expected parameters for a registration form, account creation requests look legitimate.
  • Reactive detections: Classic payment fraud solutions only detect fake accounts after the transaction. By then, the criminals may have already used the accounts to commit fraud.

Stop Fake Account Creation with PerimeterX Account Defender

PerimeterX Account Defender detects and prevents cybercriminals from creating new accounts using fake identities. Using behavioral analysis, the solution applies continuous authentication to monitor account abuse throughout the user journey on your website or web app. Account Defender continuously evaluates users’ post-login activities and uses behavioral signals to generate an evolving risk score. The solution identifies new account abuse and breached accounts, and enforces security policies that stop malicious activity. It addresses the questions “are you who you say you are?” and “are you doing what you should be doing?”

Account Defender moves beyond payment-specific “decline/authorize” to enable interventions earlier in the process that work with an organization’s business flow. The solution monitors users throughout their registration process and post-login journey and continually updates risk scores based on profile, statistical comparisons and new behavior. The solution moves beyond forensic and reputation information to also leverage behavioral analysis in order to provide greater visibility and investigation capabilities into account abuse.

With Account Defender, you can detect and prevent fake account creation attempts in real time, automatically blocking bots from tarnishing your brand reputation.

Case Study

I would absolutely recommend PerimeterX to any team that’s trying to battle bot traffic. Quite simply, PerimeterX works as advertised. The solution is invaluable in stopping the bots that can scrape or compromise our data. At the same time, the solution minimizes the false positives that can frustrate site users and waste our staff’s time and resources.

Robert ConradHead of Engineering at Crunchbase
Read Case Study
© PerimeterX, Inc. All rights reserved.