What is a fake account attack?
An attack in which cyber criminals deploy bot networks to automate the creation of hundreds, even thousands, of counterfeit user accounts in a short amount of time.
How do fake account attacks work?
Attackers will analyze the account sign up form, often times uncovering the APIs used in the application, then create a bot that will programmatically establish the new fake accounts. The attacker will then use infrastructure available on the dark web to automate the execution of the account creation while masking their identity and location. In isolated cases, manual labor has been used to create new accounts. Once the account(s) are created, they are then used to execute the end goal.
What are the fake account creation goals?
- Enhancing one’s reputation through the purchase of social media likes and accolades that have been/can be artificially created (and sold) by fake accounts. While not observed as often, the same process can be used to damage a users’ reputation.
- Spreading [dis]information as evidenced by the findings surrounding the 2016 U.S. presidential election where many social media accounts were created using both automated and manual efforts. The fake accounts were then cultivated successfully to gain a following and spread a message. In one example, a fake Twitter account had as many as 70,000 followers.
- Sign up bonus scams where a platform offers users an opportunity to win money, points, status for generating a large number of new account sign-ups.
- Financial fraud and money laundering have been observed on mobile payment and cryptocurrency platforms where sales have been initiated, the goods have been shipped and payments reversed, leaving users with no recourse.
What is the impact on an organization?
Fake account creation attacks will impact an organization in several ways.
Fake account creation for the purposes of disinformation takes many forms and will vary. The platforms we observed as main vehicles for abuse in 2016 may be different in 2020 and may vary across regions. Sites that could seem more innocuous, such as Reddit, could still be abused in similar ways.
The financial impact to the target organization will be from customers and advertisers who lose faith and trust in the organization, taking their business elsewhere. Finding, validating then removing the fake accounts will impact employee productivity, and then directly impact the organization’s bottom line. When theft or financial fraud are the results, the financial impact will be In the form of refunds, and lost sales.
Organizationally, fake account creation impacts can be wide-ranging, distracting teams from their daily roles to address a wide range of challenges. Overall, the organization faces the challenge of loss of trust, and the loss of existing users as a result. Legal teams need to address a range of possible lawsuits from both customers and investors. Compliance teams will need to address regulatory challenges if data or intellectual property has been compromised. Public relations and marketing will need to respond to press and analyst queries to repair brand damage. Ensuring customer support can adequately manage angry customers while maintaining positive morale, while addressing their normal roles and responsibilities.
What types of applications and industries are targeted?
Fake account creation attacks can target any web and mobile application that incorporates an infrastructure where users are encouraged to register or create an account and interact with other users. In many cases attackers will use the application APIs themselves (as opposed to the form fill) to execute their attacks. Most commonly targeted industries are social media, payment platforms, gaming and streaming media.
Preventing Fake Account Attacks with Cequence Security
Cequence Application Security Platform prevents fake account attacks and their secondary objectives using a patented machine-learning analytics engine that detects account registration or sign up attempts that are malicious and allows you to creatively mitigate them through blocking, rate limiting, or deception.