SBN

How to Prevent Fake Account Creation on Your Websites & Apps

Fake account creation is a type of automated account fraud in which cybercriminals use bots to create fake accounts for committing fraudulent acts, such as influencing product reviews, distributing false information, or spreading malware.

Protecting your platform against fake account fraud can be tricky because adding too much friction to the account creation process might drive real users away and result in loss of revenue. On the other hand, not taking action against fake accounts could lead to loss of reputation and other negative consequences.

In this article, we’ll uncover why bad actors use automated fake profile creation attacks, how these fake account creation attacks work, how to prevent bots from registering, and how the DataDome bot protection solution protects against 100% of automated bot threats, including fake account creation bots.

  1. What is fake account creation?
  2. Who uses fake account creation attacks, and why?
  3. How fake accounts are created
  4. Common defense strategies against fake account creation.
  5. How DataDome protects e-commerce sites against fake account creation.

What is fake account creation?

Fake account creation is uses bots to automate the creation of fraudulent user accounts. The fake accounts are then used to commit account fraud, such as to generate spam, spread misinformation or malware, abuse signup bonuses, influence the results of reviews, voting, and more. Fake account creation is classified as an automated attack by OWASP, identified as OAT-019.

Fake accounts are becoming more and more of an issue across the internet:

Why do criminals create fake accounts?

Fake account creation may have started manually as a method for individuals to remain anonymous and avoid spam. After some time, it became a way to abuse bonus offers, or pretend to be someone else when communicating with others online, such as in romance scams (aka “catfishing”).

Today, fake accounts are often associated with social media (such as Twitter bots trying to influence elections), but there are many other use cases. The use of fake accounts to influence product reviews, for example, is now so widespread that it has become a flourishing industry of its own.

Example of a fake review website ad

In the gaming and gambling industry, fake accounts are often used to benefit from signup bonuses, coupons, or other benefits that can subsequently be monetized.

Other examples include the manipulation of survey results, money laundering, or misusing free services (e.g. exploiting a free cloud computing account offer to mine cryptocurrency).

Finally, attackers can use fake accounts to camouflage credential stuffing attacks, by logging in with large numbers of “legitimate” accounts (with known usernames and passwords) that will lower the login fail rate of the attack.

How fake accounts are created

  1. Gather Identity Source Data: Before running the user registration processes, bad actors will obtain identity source data—either stolen data, fabricated data, or a combination of the twoand use the bulk data as inputs for the next attack phase.
  2. Complete Registration/User Enrollment Processes: Threat actors use APIs to sidestep new account registration forms and generate them behind the scenes in large quantities.
  3. Use Created Accounts: Once the fake accounts are created, cybercriminals can use them for the various purposes listed above.
Infographic demonstrating the fake account creation process

Figure 1 – OAT-019 Account Creation Attack Process

Block Fake Account Creation Threats in Real Time

Secure all endpoints against fake account creation across mobile apps, websites, and APIs with DataDomes sophisticated bot protection software.

How to Detect Fake Account Creation

Because new account creation is a vital process for online businesses, a defense methodology must accurately identify fake account creation and account fraud attempts without creating an excess of user interface friction.

This is where a bot detection solution can come into play to quickly identify abnormal user behavior that shows signs of fake account creation. An effective bot protection solution can automatically block malicious fake account creation bots and prevent application process abuse.

To effectively protect against fake account creation attacks, a bot protection solution with real-time AI-based analyzation and authorization decision-making capabilities is critical.

How to Prevent Fake Account Creation

Common defenses against fake account creation attacks can include:

  • Employing user behavior analysis to detect abnormal activity.
  • Enforcing user verification methods to make it difficult for bots to create accounts.
  • Using an automated bot protection tool to prevent fake account creation and overall website attacks.

How DataDome Protects Against Fake Account Creation

Harnessing both revolutionary technology and a leading-edge R&D team, DataDome uses a two-layer detection engine, built on artificial intelligence and machine learning, to help you protect your web applications, mobile apps, and APIs from malicious account creation bots.

DataDome is the only bot protection solution delivered as a service, and deploys in minutes on any web infrastructure. The solution doesn’t require any architecture changes or DNS redirections, and is never a single point of failure.

Via the DataDome dashboard, you can monitor 100% of your bot traffic in real time. But you don’t need to take any action; DataDome requires no daily interventions from your team. Once you have established an allow list of trusted partner bots, the DataDome solution takes care of all undesirable traffic.

Want to see if your site is at risk of fake account creation? You can test your site today. (It’s easy and free—no credit card required.)

*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by DataDome. Read the original post at: https://datadome.co/bot-management-protection/how-to-detect-prevent-fake-account-creation-websites-apps/