Author: Matt Keil, Director of Product Marketing, Cequence Security
Early use cases of fake account creation were to request info anonymously, avoid spam from an online merchant or participate anonymously in a conversation.
Today, with so much of our lives managed behind rich, account-based application platforms, fake account creation abuse is commonplace and more often than not, used to execute a secondary attack such as fraud or theft.
Using fake accounts to enhance product reputation on Amazon or Yelp is a practice that has become so commonplace, it has become its own economy with merchants who will create the reviews for you, and organizations who will analyze the reviews for you.
Studies show that as many as 91% of us trust online reviews as much as personal recommendations, which in turn, can result in a significant increase (or decrease) in revenue for the vendor. With as many as 20% of the reviews being fake, regulators in both the US and the UK are “encouraging” the vendors to take corrective action.
Whereas a fraudulent product review can have a direct financial impact for an ecommerce vendor, the purpose of fake account creation on other account-based application platforms is wide-ranging.
The most well-known example of fraud using social media fake accounts was the findings surrounding the 2016 US presidential election where many social media accounts were created using both automated and manual efforts.
Other uses of fake social media accounts include:
- Reputation influence/bombing through fake likes, posting fraudulent comments and taking advantage of account sign-up bonus programs.
- Executing content/profile scraping to use for malicious or competitive purposes.
- Denial of inventory where the high demand item is placed into a shopping cart, resulting in an out-of-stock message to the real buyer.
- Automated shopping, where bots execute legitimate purchases of high demand items from multiple accounts, effectively bypassing purchase quantity limits.
One of the most significant challenges with managing fake accounts is the fact that establishing new accounts is a legitimate transaction and the lifeblood of account-based application platforms.
For social media companies, their valuation is tied to the number of users they have, making the battle against fake accounts one that has a direct impact on their financial results.
Retailers face the challenge of losing sales to competitors and a resultant decline in revenue; lost customers who go elsewhere to purchase out of stock items.
Taking action against fake account creation is a challenging game of cat and mouse between the application owner and the bad actor.
“Fakers” continually evolve, using automated tools and human farms to create the fake accounts, making adjustments in language, frequency of posting, and location to continue their fraudulent efforts.
How Cequence Security Prevents Fake Account Creation
Our award-winning Application Security Platform (ASP) prevents fake account creation and the resultant fraud or theft by analyzing your web, mobile and API-based application transactions with CQAI, a patented, machine learning analytics engine.
The CQAI analysis is able to separate legitimate transactions from malicious, creating a fingerprint of known-good that can then be used for policy-based mitigation.
Mitigation responses can be tailored to each application from outright block to customized deceptive responses that disrupt the economics of the bad actor.
CQ Connect can also be used to share the findings with other elements in your security infrastructure, such as the fraud department.
This architectural approach eliminates the need for application instrumentation and provides you with the insight and intelligence to allow legitimate account creation while blocking automated or human-farm generated account creation.