1. Obtain Digital Identities
Fraudsters purchase databases of stolen credentials from the dark web, or harvest on their own.
2. Disguise Themselves
Bots use residential proxy networks, customized DevTools, and solvers to evade detection by anti-bot solutions and downstream protections.
3. Abuse Login
Automated scripts inject stolen credentials into logins to generate fake accounts or take over existing ones, while bypassing anti-bot, CAPTCHA, and OTPs.
4A. Monetize Fake Accounts
Consumer: Successful new accounts are used to make one-time purchases they don’t intend to pay back – buy now, pay never.
Merchant: Fraudulent merchant accounts dupe customers into buying fake products or used to ‘wash’ money.
4B. Exploit Account Takeover
Valid credentials are used to lock consumers and merchants out of their accounts and rack up debt or sell on the dark web.