Prevent fake account creation fraud to verify users during signup or registration. Prevent new account fraud by low quality, fake, or duplicate users.
Prevent Fake Accounts & New Account Creation Fraud
Account creation fraud affects over 90% of websites that accept user registrations online. Fake acccount abuse can range in malicious behavior, with some fraudsters wanting to catfish or impersonate an identity, while others may be looking to abuse free trial programs, reward programs (like lead generation or affiliate marketing), or other incentived account registrations (such as bonus abuse) that could have drastic impacts on profits and overall ROI.
Fraudsters that create fake profiles, also known as "account origination fraud", may not only mimic others and create fake personas but may impersonate the identity of a person using stolen or compromised data. This abuse can have costly consequences for a brand. As such, we here at IPQS made this guide to cover account creation fraud and our solutions that will not only help you to detect fake account creation but to prevent fake account creation as well.
Defining a Fake Account
Fake account creation is when fake or invalid names, email addresses, physical addresses, phone numbers, or other personal information are used to establish a profile on a given site or platform. Bad actors that create fake accounts do so with varying goals, with some having malicious intents while others may wish to take advantage of a free trial or bypass free account limits. In either case, fake accounts are a headache and can be costly for online companies.
How To Identify Fake Account Creation
Account origination fraud can be easily detected with the right tools. People that create fake profiles start by creating an email that they use to open accounts on sites under fake names and information, they often do this to send spam or to engage in malicious acts but with the rise of social media and the digital revolution it birthed, account creation fraud is on the rise and is now more complex and challenging to prevent than any time before.
In the present day, it is relatively easy to create fake profiles on nearly any site or platform as most just require an email, name, and date of birth, all of which can be easily faked. Some fraudsters go to greater lengths and will make fake identities or fabricate backstories to gain access to the site they are targeting.
To some, the risks posed by fake profiles may seem minimal but the risks posed by them and the people that make them are very real and can lead to dire consequences, plus, account creation fraud is illegal in most jurisdictions as it can lead to other serious types of crime or fraud, such as credit and identity theft.
Knowing the risks posed to those that get attacks, IPQS came to market to be an easy and secure solution to prevent fake leads and detect fake registrations, our services help prevent fake signups and fraudulent accounts and can be deployed on websites and applications with real-time risk scoring and assessments.
Fake Account Creation on the Rise in 2023
Account creation fraud in 2023 has ran rampant and will likely continue to for some time to come (one reason anti-fraud services for fake account creation are in high demand). New tools for fraudsters continue to develop to make it easier for them to evade disposable email detection, or other types of high risk signals like using a proxy or VPN.
New user validation tools have also made it easier for companies to detect fake or duplicate accounts.
In this segment, we review some of the main reasons people create fake accounts on a site or platform.
Free Trial or Bonus Abuse
Bonus abuse, or free trial fraud, is when a fraudster abuses a policy or loophole to take advantage of the benefits of a new account, or having a duplicate account.
The aim of criminals is to create a large number of fake accounts that they can use to bypass any daily or monthly limits for a free account, or take advantage of a welcome bonus reward for new accounts. Automating the quality control for accounts can save hours per day in reviewing high risk accounts.
Social Media Fraud
Similar to how fraudsters learned they could use account creation fraud for illicit gains, they also quickly learned they could use social media for personal gains and sophisticated scams. Social media fraud has shown zero signs of slowing as fraudsters use social media to phish for profiles or personal information.
Lead Generation & Market Research
Incentivized account creation can especially impact the affiliate marketing and ad industries. Companies in this niche typically incentivize signups with a CPL or cost per lead payout. Fraudsters try to take advantage of this reward by creating fake market research survey submissions or submitting fake leads, with the intention of getting the CPL payout.
Why do People Create Fake Accounts?
Fraudsters come in many shapes and forms and can have many aims and initiatives as those that create fake accounts are not always trolls on Facebook or an ex-husband seeking revenge on an ex, here are a handful of other reasons people create fake accounts:
- Phishing attacks occurs when fraudsters strive to get sensitive information (like passwords and credit card numbers) by way of imitating a trusted and credible entity, such as a banking institution.
- To commit fraud, fake profiles are often used to commit fraud, a prime example is a fraudster who makes a fake profile with the goal and intention of getting others to send money to them.
- To spread malware, this is when attackers use fake profiles to infect devices with malware or malicious software, this tends to be achieved by sharing infected links or files with a recipient.
- To steal an identity, this is when a fraudster creates a fake profile with the intent to harvest and gather personal data or information, with which, they can use to secure loans or lines of credit.
- Bonus abuse, where users try to claim a bonus for "new users" by creating duplicate accounts, typically with fake user information.
- To impact public opinion, this is when fake profiles are created to publish false information and misinformation, they may also be used for fake reviews to create ‘buzz’ for a service or product.
- Abuse free trials, often happenign when users want to take advantage of higher limits, such as a daily search thresholds.
To promote a service or product, this deceiving practice is when fraudsters create fake accounts to promote their service or product, they often use these accounts to leave fake reviews as well.
Signs that a Site or Brand is Victim of Loyalty/Account Creation Fraud
The term ‘loyalty’ implies a bond of trust exists among a brand and its clients but no loyalty is had when a person creates dozens or hundreds of fake accounts with the intent to abuse a rewards program, here are signs of rewards program fraud to keep an eye out for if you think you may be a victim of this scam:
- Loopholes being abused, if your policy or fraud-prevention solution is not up to par, you may be at risk as exploits make it easier for fraudsters to abuse policies, and they will if they are able to.
- Fake or duplicate profiles, if you see an uptick or high number of them in your loyalty program, you are facing fraud as these profiles aim to abuse the rewards program for illicitly-earned gains.
- Fast influx in new user accounts, since fraudsters tend to create dozens to hundreds of profiles in order to con offers or bonuses from a brand, this could be a sign fraud is about to take place.
- Unusual activity and behavioral patterns, if you see lots of new accounts being made from one city or country in particular, account creation fraud may be in effect as IPs can be easily spoofed.
- Non-eligible members redeeming rewards, if you see an account claiming an award before they are eligible or if they can redeem their points before they qualify, a fraud scheme is taking place.
- Staff complaints on rising customer inquiries, this may be due to fraudsters redeeming rewards or may be due to actions of fraudsters making it harder for legitimate users to navigate the site.
- Negative remarks from users on the program, if legitimate users have issues using the program or if they notice suspicious actions or activities, negative remarks or reviews are likely to follow.
- Sudden increase in loyalty program expenses, this may be from real users redeeming points but at times, it just may be scammers on fake profiles with non-legit points claiming loyalty rewards.
Prevent Fake Accounts With Instant Setup
How does Fake Account Creation Occur?
There is a range of ways people create fake accounts but in most scenarios, a person that does will use:
- Fake info and names to create an account.
- Bots or scripts to automate account creation.
- Real information but a fake name and persona.
- Real information and many accounts with similar info.
- Online marketplaces that sell or rent profiles using fake info.
Brief Rundown and Overview of Fake Account Creation Attacks
Account creation fraud is the process of creating a fake account, which is fast and easy for most to do.
An attacker may simply use a fake email to try to bypass email validation checks or may gather basic info on a target, like the name and date of birth or other public info, like an address or phone number, to create a fake account under the name of a real person, fraudsters that want to look legit may even use a real photo of the victim on the account.
Once the attacker gains enough data, they then create an account to use for a range of purposes, they may try to abuse your loyalty or rewards program or could be aiming to collect data on your products or clientele, each of which are security and financial risks our account creation fraud solutions can negate.
How Scammers and Fraudsters Create Fake Accounts in Bulk
In no time, savvy fraudsters can make a large number of accounts on a site or platform with the help of:
- Bots that are coded and scripted for the sole purpose of creating accounts, such tools often rely on little input from attackers and can make hundreds to thousands of profiles in very little time.
- Botnets, which is a network of infected computers that can be controlled at a remote location; fraudsters use the infected network of PCs to spoof locations and to make multiple fake profiles.
- Paid services that let them make fake accounts at no cost, services specializing in the creation of accounts tend to have high success rates and can often make tons of accounts in very little time.
- Human click farms where people earn money for clicking links and performing tasks or actions, such places make it easy for fraudsters to find and hire people that will open accounts for them.
- Social engineering, which is when attackers use tactics (like sending phishing emails with links to bogus websites that request personal information) to trick others into creating profiles for them.
How Fraudsters Earn and Benefit from Creating Fake Accounts
More times than not, fraudsters create fake accounts to earn from them, to achieve earnings, they may:
- Post and sell reviews for others as a service or for services or products they run or advertise.
- Sell a service or product which in many cases will be illegal services or counterfeit merchandise.
- Conduct click fraud which is the practice of them clicking ads placed on their site or ads of the target company, this can be costly as click fraud can swiftly bring a paid campaign to its knees.
- Send spam messages to users on the platform in hopes that recipients will click the link, service, or product in it, these links are often infected or lead to pages that ask for personal information.
- Share promotional content that pushes and advertises a service or product, shady companies and fraudsters use this tactic in an attempt to push more traffic to their offer or landing page.
- Abuse loyalty points and rewards programs by creating hundreds or thousands of accounts, on which they will illegally claim or harvest points or credits to redeem for rewards from the brand, this outcome of account creation fraud can be costly and can swiftly bring a program to an end.
Account Creation Fraud is an Issue in All Industries
Account creation fraud has long been an issue for brands and companies of all niches and industries yet it has been more common in some than others, the ones most impacted by account creation fraud are:
- eSports, players have been known to make many profiles to gain unfair advantages over players, criminals may create accounts to impersonate players or to convince friends of accounts they compromise to send them money.
- Education, this industry has long faced fraudulent acts and behaviors as criminals will steal or make a student profile to impersonate them or to apply for financial aid or scholarships.
- eCommerce, this industry struggles with account creation fraud as spammers will create fake profiles to leave false or inaccurate reviews on competitors in their industry.
- Social media, some create fake social profiles at scale to spread spam/misinformation or to sell likes or other social metrics that are in demand.
- Finance and banking, since bank accounts can be used to launder money and commit fraud, the banking industry is vulnerable to account creation fraud as fraudsters may use fake accounts to open loans or credit cards under a stolen identity.
Issues Caused by Fake Accounts
Fake accounts are of great concern and should put brands on high alert as the problems and destruction their paths leave behind can be costly and difficult to recover from, here are common issues they cause.
Legal Implications
Those that run fake accounts take the risk of legal trouble as they are not only deceptive but against the terms of service of most platforms, in severe cases, such as fraud, criminals may likely even be arrested.
Black Hat Marketing
One issue linked to fake profiles is their use to underhand the marketing tactics of competitors; this is often done on social media sites where a person sends mass messages to promote a service or product.
Damage to Reputation
Companies or organizations that are the target of a fake-account attack can suffer reputational damage as criminals may not only use the profile to commit fraud but to spread fake reviews or misinformation.
Spreading Misinformation
Criminals may use fake accounts to spread false reviews or misinformation on a service or product, this can cause a loss in sales as users will make a choice to use your product or service based on untrue info.
Higher Client Support Costs
One costly impact of account creation fraud is it can lead to an influx of fake, illegitimate support tickets and requests, and depending on the size of the support team, the company may spend funds to expand.
Obscured Legitimate Reviews
Fake accounts are often used to post false and negative reviews on a product or service which not only makes it harder for online shoppers to find honest reviews but more difficult for you to keep a good rep.
Security Risks and Implications
One risk of fake accounts is those who run them may use them to harvest or collect personal info that could later be used to commit identity fraud, making account creation fraud a risk you need to prevent.
Unhappy or Annoyed Userbase
Those that run fake accounts tend to annoy legitimate users as they often post misinformation or spam that is full of services or products they want you to click and order, this diminishes your user experience.
Fraudulent, Account-Driven Activity
Criminals may use a fake account to commit fraud with personal information they stole from the profile; they may steal money right from the account or use the info to secure new credit cards or lines of credit.
Blemished Insight and Inaccurate, User-Engagement Data
Those running fake profiles may engage a site and interact with its content in ways a real user would not which misconstrues data and make it hard to learn how real users are interacting and engaging content.
Difficulties of Preventing Fake Accounts from Being Created
In the modern-day age where fraud and scams are abound, it is more essential now than ever before to safeguard your brand from fraudsters and fake accounts but doing so can be challenging, here are five common issues that brands face when figuring out how to prevent and identify fake account creation:
- Creating a fake account is easy for fraudsters when personal information is not required by the site to open an account, this also makes it easier for people to use bots that create accounts in large volume. Using a service such as email address risk assessment to quickly analyze emails during signup can greatly reduce fake signups.
- Setting up accounts with unique identities on social media platforms is easier than it should be which has made detecting fake accounts one of the largest challenges faced by social media platforms today.
- Many ways to create fake names, pictures, and identities exist with the help of tools and scripts that streamline this process for fraudsters, making real-time, account fraud detection a challenge for most.
- Identifying fake accounts is hard if the one running the profile is savvy enough to cover obvious tracks, as such, it is essential platforms put a feature in place that allow legit users to report suspicious profiles.
- Sites lacking authentication features, like 2FA (Two-Factor Authentication), make it easier for fraudsters to create accounts from which they may conduct fraud, illicit acts, or other actions that violate policies.
Avoiding Risks Posed by Fake Accounts as a User
You likely joined a site in the past to be sent spam messages from fraudsters and fake accounts that aim to steal your info or sell you a service or product, here are five ways to protect yourself from fraudsters.
1. Create a Strong Password
Creating a strong password is the first line of defense all users should take to secure themselves from fraudsters as doing so will make it harder for criminals to guess the login credentials, be sure to use a unique password for each site and account you use and consider using a password management tool.
2. Enable Two-Factor Authentication
This gives an added layer of protection to personal and business accounts as it requires users to enter a code that is sent to their phone, in addition to their password, before they receive entry to the account. If the phone number is being collected, then deploying a phone number risk scoring service can provide insight into fraudulent phone numbers.
3. Keep Personal Information Private
Stay cautious and mindful of where personal info is shared as fraudsters have watchful eyes and can use even basic info to impersonate people and create fake accounts, this said, share as little info as you can and do your best to stop your name, email, address, date of birth, and phone number from going public.
4. Monitor Login and Account Activities
Monitoring an account for unknown logins and suspicious activities is essential to account integrity, and if you see your account was accessed from an unknown device or location or if actions you did not make are being made on your profile, change your password right away and then log out in all other locations.
5. Stay Mindful and Watchful of Phishing Attempts
Phishing scams are a tactic of fraudsters where they send people an infected link or fake web page that is designed to capture personal and sensitive data, never enter details on a page without confirming you are on the right site with a secure connection as fraudsters use clever ways to imitate notable websites.
Prevent Fake Account Creation as a Company
At this stage of the guide, you now know how essential it is to safeguard a site from fake profiles and an account from unauthorized access as account creation fraud can cause a loss of revenue and avoidable damage to a reputation; it can also lead to wasted time that could have been better invested elsewhere.
Given the risks of account creation fraud, many companies leverage our solutions for detecting fake accounts each month as it lets them detect fake account creation and prevent fake account creation with real-time scoring and industry-leading accuracy, we are the best fraud detection service around.
Here are ways to prevent fake accounts on a website that will help you stop account creation fraud:
Require New Users to Verify Email Addresses
One of the easiest ways to prevent fake accounts is to require users to verify an email address, this alone will not halt the issue entirely but will reduce the volume and frequency of fake-made accounts. Analyzing emails during signup with an email address fraud prevention service can also enrich greater details about the user's intent.
Require New Users to Verify a Phone Number
Phone numbers are more personal and take more time and effort than emails to create, for this reason, requiring users to verify a phone number before using your site is a good way to reduce fake accounts.
Deploy Honeypot Fields on Registration Forms
This technology enables you to prevent fake signups as it adds hidden, non-visible fields to forms that only bots and scripts can see, this means, when a hidden field is filled, you know a fake signup occurred.
Review New Accounts Manually
This will take added time but is worth it if you offer security or financial-related services or products as, by reviewing accounts manually, you can ensure it is on the up-and-up and that no red flags are hoisted.
IP Restrict New Accounts
Bots or scripts designed to automate account creation often run on a single IP address so one fast and easy way to reduce fake signups is to limit the number of accounts that can be made from an address. Other services like a proxy detection API can also filter out proxies or VPNs during signup.
Keep Plugins and Software Updated
Outdated plugins and software pose large security risks as they can result in loopholes and leave a site open and vulnerable to attacks, as such, steadily monitor plugins and software to ensure it is up to date.
Leverage Security Plugins
One nicety of sites built on WordPress is the range of plugins people can access, one notable security plugin for WordPress is Wordfence as it has tons of useful features, like 2FA and daily malware scans.
Deploy Bot Detection Solutions
Account creation fraud, and the bots often used in the process, can cause real harm to a company and lead to a loss in profits, clients, and reputation, these costly but preventable risks are best tackled with IPQS solutions as our suite of fraud detection and prevention services are geared for risks of all types.
IPQS fraud detection solutions are trusted and leveraged by some of the largest companies around (including Fortune 500s) as our industry-leading accuracy and enterprise-level solutions are offered at compelling rates that put fraud prevention solutions within reach for brands of all sizes and budgets.
Our in-house, next-gen fraud scoring model lets us detect bots, stolen user data, and high-risk actions and behaviors with pin-point, market-leading accuracy thanks to our large and growing blacklist other services can only hope to match, meaning, we can detect fake accounts without false-positives.