FAKE ACCOUNTS

AKA Bot Accounts, Fraudulent Accounts, Account Registration Fraud, Fake Account Fraud, Synthetic Accounts


Fake accounts lead to direct fraud losses

Fake accounts have recently made headlines for maliciously influencing discourse on social media. However, bad actors also use fake accounts to commit financially-motivated attacks, including reward abuse on retail sites, money laundering via online banking, and even as a disguise for credential stuffing.

Shape prevents attackers from creating fake accounts

Shape Enterprise Defense sits in front of online account registration applications and can detect in real-time if an attacker tries to create fake accounts at scale using automated tools or via sophisticated manual techniques.

Key Challenges of Fake Accounts:

  1. Loss of user trust
  2. Fraud losses
  3. Poor data quality

3 Seconds
A SINGLE ATTACKER CREATED A FRAUDULENT ACCOUNT ON A RETAILER’S SITE EVERY 3 SECONDS FOR A WEEK.

How Attackers Commit Fraud using Fake Accounts

1. Assemble Attack Script

If an attacker plans on making more than 20 or 30 accounts, he will typically want to leverage automation to quickly input data into each field of the registration application.

This attack script might include API calls to appropriate services, such as CAPTCHA solvers or disposable email address services.

2. Create Accounts

The attacker runs the script, creating hundreds, or even thousands, of accounts in a short period of time. Depending on the purpose of the fake accounts, account creation successes and failures are recorded.

3. Monetize

The monetization scheme depends on the type of site being targeted. For example, criminals use fake accounts on retail sites to launder money by buying and selling gift cards, which becomes difficult for authorities to trace.

 

Canary Accounts

Learn why attackers create fraudulent online accounts on a target site before conducting a credential stuffing attack.

Watch the Video

Latest Research

It Fell Off the Back of a Truck

Webinar

VP of Shape Intelligence explains how criminals use accounts created online to traffic stolen physical goods.

CAPTCHA
Tough on Humans
Easy on Bots

Blog

Many account registration forms use CAPTCHAs to prevent automated attacks. Unfortunately, they don’t stop bad actors.

eBook

The Open Web Application Security Project (OWASP) Threat Handbook addresses the Top 20 most critical automated threats to web applications, including fake account creation (OAT-019).

A Real Solution for Fake Accounts

Fill out the form to start trying Shape.

 

May 9th: Join a live webinar to learn how Starbucks partners with Shape Sign Up