Fake account creation is an effective way for motivated individuals to gain the upper hand. Also known as new account fraud, fake account creation is an automated attack that uses false or stolen information to generate an online account or profile. False information can include names, birthdates, or other personal information. In some cases, adversaries create entirely fake identities with fabricated backstories and photos. Fake accounts are often “aged” to make them appear more legitimate.
Adversaries use fake accounts on eCommerce or streaming sites to engage in fraud or other illegal activities. Phony accounts are also generated on social media platforms to spread misinformation, disinformation, or hate speech.
At Kasada, we’ve observed fake accounts being created in surges. In many cases, accounts are being generated at a rate of hundreds of thousands per hour. Recent fake account attacks we’ve helped our customers detect and stop were used for:
- Login and onboarding fraud
- Account takeover
- Loyalty fraud and promotion abuse
- Hype sales and checkout fraud
- Commenting and spreading hate speech
Some of the most tenacious bots we’ve come across have been used to create fake accounts for hype sales. The demand for accounts is so high, adversaries have begun to sell fake accounts to other botters to make a profit.
Even with account verification methods in place, it’s still possible for motivated attackers to create and verify fake accounts using burner phone numbers and email addresses from providers like Outlook, Gmail, GMX, iCloud, and web.de.
Fake account creation and fake accounts have a variety of harmful effects on revenue and resources, including:
- High account verification costs (SMS or MFA)
- Higher costs due to fraud
- Unhappy users due to inauthentic experience
- Elevated infrastructure costs
- Site crashes and slow page speeds
- Skewed marketing KPIs and web metrics
- Ad click fraud caused by fake accounts
Fake accounts make online experiences unfair for real customers, contribute to an unsafe space for individuals on media platforms, and have a large impact on an organization’s revenue, operations, and site performance.
Our unmatched understanding of how these extremely persistent and relentless bots try to evade detection has played a large role in how Kasada has been architected.
Kasada detects fake account creation attempts using hundreds of sophisticated sensors that collect hidden traces of automation. If an attacker attempts to tamper with client data or behavior, we have both client-side and server-side detections that verify data and inspect for anomalies. This multi-layered approach with fail-safes allows us to detect and adapt to threats in real time.
With Kasada, it’s more than just a product, you get a team of experts to help in the fight against motivated attackers.