Table of Contents

Did you know that there are people out there who make a living creating fake accounts online?

In some cases, these fake profiles are used for catfishing or impersonating a real human. In other instances, fake accounts are created to abuse loyalty points, rewards, programs, or other incentives that make a huge dent in companies’ overall profits.

These “professional fakers” or fraudsters can create any persona they want, and they do it to wreak havoc on victims for their own benefit.

So, what is fake account creation, and why should you be concerned?

First, let’s define what fake account creation means.

Fake account creation is the act of creating an online account or profile that uses false information. It’s also known as new account fraud.

The purpose of creating fake accounts can vary, but often it is done in order to engage in fraud or other illegal activities. It can also be done simply to create a nuisance or cause confusion.

We’ll dive deeper into the reasons why people make fake accounts in a bit, but first, let’s look at their origins.

Early cases of fake account creation

The creation of fake accounts began with email addresses. People created accounts using made-up names and information and used them to send spam or engage in other malicious activities. However, with the rise of social media and the digital revolution, fake account creation has become much more sophisticated.

Today, it is relatively easy to create a fake profile on virtually any online platform by using a false name, date of birth, or other personal information. In some cases, people even create entire fake identities with fabricated backstories and photos.

While fake account creation may seem like harmless fun at first, it can actually have serious consequences. In addition to being illegal in many jurisdictions, it can also lead to identity theft, fraud, and other types of crime.

Why is fake account creation on the rise in 2023?

Although loyalty programs have been around for centuries, the digital age created a new set of challenges for businesses that offer loyalty or rewards points.

Loyalty program fraud

Loyalty program fraud (also called reward points fraud) is when a criminal abuses a loyalty program, usually for financial gain or other illicit purposes.

The criminals will create fake accounts under many names and transfer the reward points among the fraudulent accounts to accrue a massive number of points on a single account.

Social media

Similarly, as social media platforms gained popularity, people learned that they could exploit them for personal gain.

Trolls, or online users who engage with others in a malicious way to stir the pot, often use fake accounts to mask their true identities.

Politics

Finally, the current political climate is a factor in fake account creation. In many countries around the world, there is a plethora of misinformation spreading around the Internet. Fake news is flourishing.

Why do people make fake accounts in the first place?

It’s not just to troll on Facebook or get revenge on an ex-lover. Here are a few other reasons why people create fake accounts for personal or financial gain:

1.  To commit fraud

Fake accounts are often used to commit various types of fraud. For example, an imposter might create a fake account in order to trick people into sending them money.

2. To engage in phishing

Another common type of fraud is phishing, which is when someone tries to obtain sensitive information such as passwords or credit card numbers by pretending to be a trustworthy entity.

3. To spread malware

In some cases, attackers use fake accounts to spread malware or other malicious software when recipients click on links to infected websites or files.

4. To conduct market research

Some businesses create fake accounts to conduct market research. The research could include gathering information about competitor products or attempting to gauge customer satisfaction.

5. To promote a product or service

Fake accounts can also be used to promote a product or service. Spammers create multiple accounts and use them to post positive reviews or comments about a specific item.

6. To influence public opinion

Influencing the public could involve spreading false information or engaging in so-called “astroturfing,” which is when someone pretends to be a satisfied customer in order to generate positive buzz.

7. To defame someone

Another common reason for creating fake accounts is to defame a public figure by posting negative reviews or comments about them.

8. To steal someone’s identity

Some criminals create fake accounts in order to steal someone’s identity so they can apply for credit cards or loans in the victim’s name.

How can you tell if your business is a victim of loyalty fraud?

The word “loyalty” implies trust between businesses and their customers. Unfortunately, there is nothing loyal about creating tons of fake accounts to abuse a rewards program.

Here are eight signs to look for if you think you may be a victim of loyalty fraud:

1. You may notice fake accounts or duplicate accounts within your loyalty program.

These fake accounts are created in order to redeem rewards or benefits that your business offers.

2. You notice unusual activity patterns within your loyalty program, such as a sudden spike in activity from a particular location or region.

IP addresses can be spoofed, so the activity may not necessarily be coming from the location you see.

3. You notice members trying to redeem rewards that they are not entitled to.

For example, they may try to redeem a reward before they’ve earned enough points or they may try to redeem a higher-tier reward when they only qualify for a lower-tier reward.

4. You see members trying to game the system by abusing loopholes or taking advantage of program rules.

Gaming the system takes away from the overall experience for genuine members and can result in decreased loyalty and engagement.

5. Your loyalty program expenses suddenly increase.

Fake accounts could be redeeming rewards or benefits, or the sudden increase in costs could be genuine members abusing the system.

6. You see an abnormal influx of brand new accounts joining your program.

Loyalty fraudsters often create fake accounts in order to take advantage of sign-up bonuses or other introductory offers.

7. Your staff is complaining about an increase in customer service inquiries or requests.

The increase could be the result of fake accounts redeeming rewards or benefits, or it could be genuine members who are having difficulty using the program because of fake accounts or other fraudulent activity.

8. You receive negative feedback from members about the program.

If your genuine members notice suspicious activity, they may be less likely to participate in the program or recommend it to others.

How can you tell if a social media account is fake or not?

There are a few key indicators that will tell you whether an account is fake, such as:

1. The account is brand new.

If the account was created today, it’s probably fake—unless you quickly see it populate with a profile image and personal information. Accounts that have no posts or activity are usually spam accounts. Look out for them!

2. The account uses a fake name or profile picture.

If an account is using a fake name or profile picture, it is likely to be a fake account (or somebody’s finsta).

3. The profile information is incomplete or contains false information.

Most people complete their profiles with accurate information. Therefore, if an account has incomplete or false information in its profile, it is likely illegitimate.

4. The account has few friends or followers.

People are less likely to add someone they don’t know, so it is challenging for fake accounts to accumulate a lot of followers.

5. The account has a username that is very similar to another well-known account.

Sometimes, people create profiles in order to impersonate illustrious people. That’s why you’ll often see fake celebrity accounts.

6. The account posts content that is not related to the supposed subject.

Often, spammers create fake accounts to promote their own content. They may open accounts on unrelated topics and then post content that pushes their products or services instead.

Kasada Fake Account Scaled
How does fake account creation happen?

There are a number of ways that fake account creation can happen. Here are just a few:

  • People use real information but create a fictitious persona.
  • People use real information but create multiple accounts using the same or similar information.
  • People use fake information to create an account.
  • People use bots or scripts to automatically generate fake accounts.
  • Some platforms allow people to buy or rent accounts that have already been created with fake information.

A brief breakdown of a fake account attack

Creating a fake account is relatively simple, and it only takes a few minutes.

First, the attacker will gather some basic information about their target, such as their name and date of birth. They may also look for other publicly-available information, such as their address or phone number.

Once the attacker has enough information, they will create an account using the victim’s name and personal information. In some cases, they may even use a real photo of the victim.

The fake account can then be used for a variety of purposes, such as sending spam messages or friend requests or posting offensive comments. In some cases, attackers may even use the account to commit fraud or steal sensitive information. Yikes!

How attackers create massive numbers of fake accounts

At lightning speed, attackers can create an army of fake accounts. How, you ask?

Let’s take a look at their favorite tools of the trade:

Bots

There are a number of automated systems that can be used to create fake accounts. These tools usually require very little input from the attacker and can create hundreds or even thousands of fake accounts in a matter of minutes.

Human click farms

A human click farm is a group of people who are paid to click on links or perform other simple tasks. These people can be used to create fake accounts, post comments, or even like and share content.

Botnets

A botnet is a network of infected computers that can be controlled by an attacker. Attackers can use botnets to create fake accounts en masse.

There are a number of paid services that will create fake accounts for a fee. These services often have a high success rate and can create large numbers of fake accounts quickly.

Social engineering

In some cases, attackers may use social engineering techniques to trick people into creating fake accounts for them. For example, they may send phishing emails that contain links to bogus websites that ask for personal information.

Alternatively, they may call people and pretend to be from a legitimate company, such as a bank or an online service, and trick them into providing personal information.

How fraudsters make money from fake accounts

In some cases, fraudsters will create fake accounts in order to monetize them. For example, they may use the accounts to:

  • Abuse loyalty points or rewards programs: this type of fraud results in thousands of fake accounts that can lead to a massive loss in profit for organizations.
  • Send spam messages: these messages may promote a product or service, or they may contain links to malicious websites.
  • Post promotional content: this content may be about a product or service that the fraudster is promoting.
  • Conduct click fraud: this can generate revenue for the fraudster, or it can cause the advertiser to lose money.
  • Sell products or services: this may include selling counterfeit goods, or it may involve selling access to a premium account.
  • Provide fake reviews: these can be about products, services, or businesses.
  • Give fake likes or follows: these are used to artificially inflate the popularity of a product, service, person, or business.

All of these activities can result in the fraudster making money, either directly or indirectly.

Fake accounts cause issues in almost every industry, but especially these:

1. Banking and finance

The banking industry is particularly vulnerable to fake accounts. Criminals use them to commit fraud or launder money. In addition, fake accounts can be used to apply for loans or credit cards. This can damage the credit score of the person whose identity was stolen.

2. Social media

The social media industry is also affected by fake accounts. The offending accounts are often used to spread spam or misinformation or to harass and bully other users. Spammers often use fake accounts to create false narratives or promote products or services.

3. eSports

In the gaming industry, players sometimes create multiple accounts to cheat or gain an unfair advantage over others. Additionally, criminals use fake accounts to impersonate other players or scam them out of their money.

4. eCommerce

The eCommerce industry is also affected by fake accounts that are used to commit fraud or scam people. Spammers often use fake accounts to leave false reviews for products or services. Negative reviews, whether they are real or fake, will damage the reputation of a business.

5. Education

Fake accounts riddle the education industry with fraudulent information and impersonations of other students. In addition, fake accounts can be used to apply for financial aid or scholarships and take away opportunities from deserving students.

The problems fake accounts cause

Fake accounts cause widespread problems for both the people who create them and for the companies or organizations they target.

Here are a few of the issues fake account creation causes:

1. Reputational damage for companies

For the companies or organizations that are targeted, fake accounts can cause reputational damage. They may be used to spread spam or misinformation about the company. In some cases, criminals may also use fake accounts to commit fraud or steal sensitive information.

2. Increased costs for customer support

Another issue that resulted from fake account creation is the increased cost of customer support for many companies. Companies or organizations may need to deal with a large number of false reports or complaints—so many that they need to hire additional staff to deal with the increased workload.

3. Difficulty in determining the authenticity of online reviews

Fake accounts make it difficult to determine the authenticity of online reviews. Affected businesses will receive a large number of false reviews, either from the fake accounts themselves or from people who have been paid to write them. It can be difficult for customers to know which reviews are real and which ones are fake.

4. Misleading information spreading online

Fake accounts often spread misleading information online. The people who create them may use them to post false information or to promote certain products or services. This can lead to people making bad decisions based on the false information that is being spread.

5. Fraudulent activity associated with fake accounts

Fake accounts can be used to commit fraud when criminals collect personal information or make unauthorized charges. In the worst case scenario, they may even use the account to steal money from the victim’s bank account.

6. Underhanded marketing practices

Another problem associated with fake accounts is that they can be used for underhanded marketing practices. Businesses may use them to send spam messages or friend requests. These are called “black hat” marketing tactics.

7. Inaccurate data about user engagement

Fake accounts provide inaccurate data about user engagement. The people who create them may interact with the account in different ways than a real user would. For example, they may use automated software to post comments or likes. This can make it difficult to understand how users are actually interacting with the content on the platform.

8. Security risks associated with fake accounts

Another problem with fake accounts is that they can pose security risks. This is because the people who create them may use them to collect personal information that can be used to steal someone’s identity.

9. Annoyed or offended users

Fake accounts often annoy or offend legitimate users. The people who create them may use them to post false information or to promote certain products or services. This can lead to people feeling angry or frustrated when they see the content from the fake account.

10. Legal implications

For their creators, fake accounts often lead to legal trouble. Creating a fake account is deceptive and often against the terms of service of most websites. In grave cases, it is considered fraud. The offenders often face suspension, bans, or even arrest if their activity broke the law.

Why it can be difficult to prevent fake accounts from being created

In the digital age, it’s more important than ever to protect your brand from fake accounts. But with all the different online platforms out there, it can be challenging to keep track of them all and prevent fraud.

Here are some reasons why it can be difficult to prevent fake accounts from being created:

1.  It can be easy to create a fake account if you don’t have to provide any personal information.

Attackers can generate illegitimate accounts with little effort by simply using bots or automated scripts.

2. Social media platforms make it easy to create multiple accounts with different identities.

This makes it difficult to track and remove fake accounts.

3. There are many ways to create a fake identity, such as using a fake name, profile picture, and even location.

As bots and automated tools become more sophisticated, it is difficult for businesses to keep up with identifying fake accounts in real-time.

4. It can be hard to spot a fake account, especially if the person behind it is good at hiding their tracks.

This is why it’s important to be vigilant and report any suspicious activity to the platform the offending account is on.

5. Many websites do not have strict authentication procedures in place.

This makes it easy for someone to create a fake account and use it to commit fraud or other malicious activities.

How to stop fake account creation as a user

You’ve seen it before. You sign up for a new account on a website and, before you know it, you’re being spammed with messages from bots trying to sell you something or promote a cause.

It’s frustrating, especially when it seems like every other account is a fake one. Fortunately, there are ways to protect yourself from these spam accounts.

Here are a few tips to help you prevent fake account creation:

1. Set up a strong password policy for your accounts.

Make sure your passwords are complex and difficult to guess. Use a combination of letters, numbers, and special characters.

Don’t use the same password for every platform. Generate a brand new, strong password for each account you create.

Password security will be especially important for logins that could be used to create new fake accounts under your name. Consider using a password management tool to help keep track of your passwords.

2. Use two-factor authentication for your accounts.

This adds an extra layer of security to your personal and business accounts by requiring you to enter a code from your mobile phone in addition to your password. This makes it more difficult for someone to access your account if they have your password.

3. Monitor login activity.

Be on the lookout for any suspicious login activity, such as logins from unknown devices or locations. If you see anything suspicious, be sure to change your password immediately.

You can also force all devices to log out from your account to ensure no one has unauthorized access.

4. Keep your personal information private.

Be careful about what personal information you share online.

The less information you share, the less likely it is that someone will be able to create a fake account using your personal details.

Your full name, birth date, address, home phone number, and email address are all examples of information that you should keep private.

5. Be aware of phishing scams.

Phishing scams are a type of fraud where criminals try to trick you into giving them your personal information. Be sure to never click on links or enter your personal information into any website unless you are absolutely sure that it is legitimate.

How to stop fake account creation as a business

As a business, you understand the importance of safeguarding your account from unauthorized access. You may have also heard about the growing problem of fake account creation, and how it can lead to lost revenue and decreased trust from customers.

There are several actions you can take to prevent fake account creation as a business. Here are your next steps:

1. Require all new users to verify their email addresses.

This will help to ensure that only real people are creating accounts on your website.

2. Ask all new users to verify their phone numbers.

To protect yourself from fraud, make sure you verify the identities of all users before they are able to use your site. Phone numbers are highly personal and more difficult to create than email addresses. Phone verification is a great way to prevent fake accounts from taking over your business website.

3. Use honeypot fields in your registration forms.

Honeypot fields are hidden fields that are used to trick bots into filling them out. This helps to identify and prevent fake account creation.

4. Review all new accounts manually.

Don’t let fake accounts slip through the cracks. Be sure to review all new accounts before they are activated to ensure that they are legitimate.

5. Limit the number of accounts that can be created from a single IP address.

If you see that a large number of accounts are being created from the same IP address, it’s likely that someone is using a bot to create fake accounts. To prevent this, cap the number of accounts that can be created from each IP address.

6. Keep your software and plugins up to date.

Outdated software and plugins can be a security risk. Be sure to keep your website updated to help prevent fake account creation.

7. Use a security plugin like Wordfence to help protect your site.

Wordfence is a security plugin for WordPress that helps to protect your website from attacks. It includes features like two-factor authentication and malware scanning to help keep your site safe.

8. Use bot detection and mitigation software.

Wouldn’t it be nice if you had a software solution that could identify bot activity and stop the malicious ones in their tracks? As automated threats evolve, your systems must adapt to the more intelligent bots that will emerge over the next few years. Request a demo to see our bot detection and mitigation software in action.

In 2023 and beyond, online businesses need extensive protection against fake account creation to remain competitive and prevent fraud losses.

Kasada provides companies of all sizes with an easy and effective solution to combat fake account creation and other automated threats.

Ready to create an action plan to stay ahead of attackers? To learn more about how Kasada can help your brand prevent fake account creation and other automated threats, feel free to reach out.

Want to learn more?

  • Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

    Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.

  • Exposing the Credential Stuffing Ecosystem

    Through our infiltration of the credential stuffing ecosystem, we reveal how various individuals collaborate to execute attacks and expose vulnerabilities for profit.

Beat the bots without bothering your customers — see how.