Ant traps, fraud graphs, and the cost of blocking too soon
I recently had an ant problem in my apartment.At first, it looked simple. We saw ants coming through the window of one room. After looking around for a while, we found two ...
SMS verification abuse at scale: releasing our open source disposable phone number list
A few weeks ago, we released an open source list of disposable email domains observed in real abuse activity: https://github.com/castle/disposable-email-domainsThe goal was simple: make it easier for defenders to identify and operationalize ...
Inside the infrastructure behind fake signups: our open source disposable email domain list
Disposable email addresses are a foundational piece of infrastructure for online abuse. Just like proxies help attackers distribute traffic and hide the origin of automated requests, disposable email providers help them scale ...
You thought your growth was working. It wasn’t.
You just got a Slack webhook notification. You have 3 new users who created an account on your SaaS:[email protected]@[email protected]’s great, your latest marketing initiatives are finally working out. In a few days ...
You thought your growth was working. It wasn’t.
You just got a Slack webhook notification. You have 3 new users who created an account on your SaaS:[email protected]@[email protected]’s great, your latest marketing initiatives are finally working out. In a few days ...
Introducing Castle’s Research Team
How we think about research at CastleBot detection and fraud prevention are adversarial by default. It is a cat-and-mouse game: attackers iterate, defenders respond, and the cycle keeps moving.AI has accelerated this ...
Introducing Castle’s Research Team
How we think about research at CastleBot detection and fraud prevention are adversarial by default. It is a cat-and-mouse game: attackers iterate, defenders respond, and the cycle keeps moving.AI has accelerated this ...
Inside a bot operator’s email verification infrastructure
During an investigation into a large-scale automated account creation attack targeting one of our customers, we observed a burst of suspicious registration activity.In less than a week, the attackers attempted more than ...
Inside a bot operator’s email verification infrastructure
During an investigation into a large-scale automated account creation attack targeting one of our customers, we observed a burst of suspicious registration activity.In less than a week, the attackers attempted more than ...
Account enumeration in the wild: analyzing a real-world Spotify enumeration tool
In this blog post, we study the Spotify-Account-Checker open source project. The author describes it as:“An automated tool for checking the validity of Spotify accounts with proxy support, multi-threading capabilities, and Discord ...
