What is fake account creation? | How to prevent it

Defining fake account creation
How it works
Fake account use
Business impact
Common defense strategies
HUMAN stops fake account creation
Related articles

What is fake account creation?

Fake account creation is the process of creating accounts using bogus or stolen identity information. In this type of attack, cybercriminals use automated bots to create a large number of fake accounts in a short amount of time.

How does fake account creation work?

Fake account creation works by exploiting the business logic of a website or web app, specifically the registration form. Attackers assemble an attack script that inputs fake or stolen identity information into a registration form. Bot networks distribute the script and create many artificial accounts.

How do cybercriminals use fake accounts?

Cybercriminals use fake accounts to conduct a wide range of criminal acts. Here’s how cybercriminals take advantage of fake account creation:

Free Trial Abuse: Many companies give special offers, free trials or bonuses on account sign up. By creating multiple accounts, fraudsters can take advantage of these offers multiple times.
Subscription Abuse: Cybercriminals resell subscriptions or free trials on third-party sites at discounted rates, swaying potential customers to purchase away from the actual website or web app.
Review Fraud: Fraudsters use fake accounts to flood review sites with favorable reviews of their product or negative reviews about a competing product.
Money Laundering: Bad actors use fake accounts to launder funds from illicit operations.
Distribute Spam or Malware: Fake accounts can be used to send malware or spam messages.
Manipulate Public Opinion: Automated accounts post fake comments on social media to inflate popularity of certain ideas and sway public opinion.

What is the business impact of fake accounts?

For digital businesses, more registered users is a sign of growth, and the rising number of registrations may not be investigated too rigorously until it’s too late. However, new account fraud can have significant consequences. These include:

Financial losses: When bots take advantage of signup promotions, this wastes the spend that was supposed to garner real human customers.
Skewed Analytics: Fake accounts creation results in decisions that are based on inaccurate and misleading data. Fake accounts skew many KPIs and metrics, including daily active users and engagement, session duration, bounce rates, look-to-book ratios, campaign data and conversion funnel.
Wasted Marketing Spend: Fake accounts mean that bots, not humans, may be on the receiving end of your marketing efforts. If marketing decisions are made based on fake interactions, you may take efforts that push you away from rather than towards your true customers.
Brand Damage: Real humans may be less likely to use a site that has a high number of fake accounts spreading spam messages and misinformation.

How are companies fighting fake account creation?

Companies may fight fake account creation using methods such as multi-factor authentication (MFA), CAPTCHAs, and challenge questions. Businesses may also leverage payment fraud solutions and other security tools to catch fraud. These solutions may weed out some automated account creation attempts, but they have several flaws:

Negative user experience: Traditional tools like MFA and CAPTCHAs add friction at a critical point in the customer journey, which negatively impacts real human users. If the account creation process is too cumbersome, companies risk losing potential customers.
Do not stop all bots: Today’s sophisticated bots can solve CAPTCHAs. If bot inputs are within the expected parameters for a registration form, account creation requests look legitimate.
Reactive detections: Classic payment fraud solutions only detect fake accounts after the transaction. By then, the criminals may have already used the accounts to commit fraud.

How HUMAN stops fake account creation

HUMAN Fake Account Defense detects and prevents cybercriminals from creating new accounts using fake or stolen identities. Using behavioral analysis, the solution applies continuous authentication to monitor account abuse throughout the user journey on your website or web app.

With Fake Account Defense, responses move beyond payment-specific “decline/authorize” to enable interventions earlier in the process that work with an organization’s business flow. Fake Account Defense detects and prevents fake account creation attempts in real time, blocking automated abuse and targeted, human-led fraud.