Fraud starts with fake accounts
Fraud starts with the creation of fake accounts. It's a simple truth: fraudsters aim to carry out large-scale malicious activities, seeking maximum profit with minimum cost and effort. Obtaining thousands of devices for fraudulent purposes is expensive, and fraudsters steer clear of using personal accounts to avoid exposure and legal consequences.
Creating fake accounts becomes an uncomplicated and cost-effective strategy for fraudsters. In contrast to more resource-intensive crimes like account takeover or phishing, generating numerous fake accounts demands minimal investment in both time and money.
Recognizing fake account creation
Fraudsters use malicious tools and sophisticated tactics to manipulate or spoof devices, which they then use to create fake accounts to carry out fraud attacks quickly and at scale.
They employ various tactics and tools to create fake accounts. Some common methods include:
Emulators & App Cloners
Tools such as app cloners and emulators allow fraudsters to run multiple instances of the same app on a single device or across different virtual devices simultaneously. This enables them to create numerous fake accounts in a short period.
VPN, Proxy or Tor:
Fraudsters use VPN, Proxy servers or Tor browsers to hide their true IP addresses, making it difficult for platforms to trace and block suspicious activities. This enables them to spoof location to appear legitimate, and confusing anti-fraud/risk systems.
Device Spoofing:
Fraudsters manipulate or alter a device's identity to deceive platforms into believing they are legitimate users. This requires changing the device's fingerprint. It's possible to blend the modification of a real device's attributes with adjustments to the GPS location, time zone data, IP address, and other factors.
A commonly used approach involves emulators— software applications or tools that mimic the behavior of a different computer system, allowing it to run applications meant for that system. In the context of creating fake accounts, emulators are used to simulate different devices or platforms, making it appear as if multiple real users are accessing an application.
Criminals leverage this software to generate different device IDs, swiftly transitioning from one to another. They scale attacks by simultaneously emulating and establishing networks of thousands of emulated devices.
Fraudsters then can use these spoofed devices to create fake accounts that appear to be thousands of real users, each with their own device.
How fraudsters use fake accounts to conduct fraud
Fraudsters create fake accounts to conduct fraudulent activities across various industries. Here's a broad overview of how they use fake accounts to conduct different forms of fraud in various sectors:
E-Wallets
Promo Abuse: E-wallets will often offer promotions such as 'Spend $10 get $5 free' to increase uptake of their app. Fraudsters will abuse this by creating multiple fake accounts to use the promotion multiple times.
Ride-hailing
Promo abuse: Ride-hailing companies often offer promotions such as first-ride-free, seasonal, or special event discounts. Passengers can abuse these promotions repeatedly by creating many fake accounts and re-using the same promotion multiple times.
Gaming & Gambling
Bonus Abuse: Fake accounts are established to exploit bonuses, promotions, or in-game rewards offered by gaming and gambling platforms. The abusers use multiple fake accounts to easily sign up and receive the same sign up bonus.
Gnoming: Fraudsters use multiple fake accounts to get an unfair advantage to increase their odds/chances of winning. This can create an unequal playing field for genuine players, and dilute user confidence and trust on the platform.
E-commerce & Marketplaces
Promo Abuse: Fake accounts are created to exploit promotional offers, discounts, and loyalty programs so they can sell merchandise for a profit.
Fraudulent Purchases: Fraudsters use fake accounts together with stolen credit card information to make unauthorized purchases.
Online Delivery
Promo abuse: Online delivery companies will often offer seasonal, event, and one-time promotions e.g. '$10 off your first purchase'. Fraudsters can abuse this by creating lots of fake accounts and using the same promotion multiple times.
Social Media & Networking
Abusive content: Abusive users will often create fake accounts to disseminate offensive messages, posts, or images to targeted individuals. A notable illustration of this behavior is when a user generates numerous fake accounts on an LGBT+ dating app with the intent of delivering homophobic messages to individuals utilizing the app.
The impact of fake accounts on businesses
As fake accounts continue to plague the digital world, it’s important to understand how they can hurt your business.
Here are some key consequences of the proliferation of fraudulent accounts:
Fraudulent Activities: As we said before, fraud starts with fake accounts that are used as a starting point for various fraudulent activities, such as promo abuse, fraudulent purchase, and gnoming. These activities can harm users, damage the integrity of the platform, and create legal liabilities for your business.
Financial Losses: Fraudsters may exploit fake accounts to engage in various financial frauds, such as unauthorized transactions, fraudulent purchases, or deceptive financial activities. This can result in direct financial losses for your business.
Reputation Damage: The presence of fake accounts can tarnish a company's reputation. If customers or users encounter fake profiles engaging in malicious activities, it can erode trust and confidence in the brand.
Devalued user base: If you are monetizing your user base, fake users reduce this value as they don’t engage with the platform genuinely, leading to a distortion in engagement metrics such as click-through rates and time spent on the platform.
Wasted money: Your marketing budget is wasted on fraudsters instead of rewarding genuine consumers and attracting new users, driving up the cost per acquisition.
Undermining marketing analytics: Fake accounts distort marketing metrics and analytics. This can lead to misguided strategic decisions.
Regulatory Compliance Issues: Depending on the nature of the fraudulent activities associated with fake accounts, businesses may face regulatory scrutiny and legal consequences.
How to eliminate fake accounts and prevent fraud
Eliminating fake accounts and preventing fraud requires a proactive approach that combines advanced technology and vigilant monitoring.
Many companies from different industries across the world leverage SHIELD’s solution for detecting and preventing fake account creation with cutting-edge device fingerprinting, the latest in AI & machine learning algorithms and real time risk signals.
One of the key features that enables the detection of fake accounts is the SHIELD Device ID, the global standard for device identification. It identifies the root of fraud - the physical devices behind attacks - with accurate device identification. It is extremely persistent, even if fraudsters attempt to mask device fingerprints, change device parameters, or reset devices to appear differently.
When it comes to fraud prevention, the hardest thing to identify is when a good user turns bad. SHIELD Risk Intelligence continuously profiles each device session, returning real-time risk signals to provide a comprehensive picture of user activity in the platform, even identifying the exact moment when a legitimate user becomes a threat. For example, the technology can flag instances where a user activates tools commonly associated with the creation of fake accounts, such as emulators and app cloners.
The combined power of the SHIELD Device ID and SHIELD Risk Intelligence empowers online platforms worldwide to eliminate fake accounts and all fraudulent activity, stopping fraud, building trust, and driving growth.
Learn how SHIELD’s Device-First Risk Intelligence can protect your platform from fake accounts
