By Jake Ooi, Head of Product, SHIELD
And it’s only getting bigger.
Earlier this year, Meta pursued legal action against Voyager Labs, who allegedly set up fake accounts to scrape information from users. And a new group, dubbed Automated Libra, recently registered between three and five fake GitHub accounts every minute to abuse GitHub Actions workflow for mining.
How can companies halt fake accounts and be proactive in uncovering what is fake and what is real?
Fraudsters can run emulators and automated scripts to create thousands of fake accounts in the space of a few seconds. These fake accounts are then used for fraudulent activities, such as payment fraud, promo and incentive abuse, multi-account collusion, and the spread of misinformation.
These activities drain businesses’ resources and ruin the experience for genuine users. It’s also hard for businesses to stop them – fraudsters tend to create so many that it can become an endless game of whack-a-mole if organizations address fake accounts only after fraud has been committed.
There are three ways businesses can spot fake accounts:
- Identify returning and fraudulent devices on platforms with extreme accuracy. Fraudsters often use a single device to carry out fraud, such as creating fake accounts or conducting account takeovers. They have also learned that they can evade fraud prevention technologies through tools and tactics such as factory resets.Many fraud attacks following on from the use of these fake accounts then remain undetected and cost businesses billions. The ability to identify returning and fraudulent devices accurately, using machine learning and AI, is therefore critical to stopping fraud at its root.
- Learn to spot tools that are used for fraud. Emulators are often used to create and operate fake accounts at scale. VPNs are used by fraudsters to hide their attack origin and bypass geo restrictions. Fraudsters can also make unauthorized modifications to apps to bypass security measures, or abuse app functionalities. Detecting these tools in real-time can go a long way in helping businesses mitigate fraud before it happens and take instant countermeasures to keep their platform safe.
- Recognize genuine vs fraudulent users. It’s important to be able to spot the exact moment a user begins exhibiting malicious behavior so that immediate action can be taken. Even authentic user accounts can be temporarily compromised. Setting overly aggressive thresholds on fraud detection tools can result in many false positives and legitimate customers being flagged. This creates negative customer experiences and breaks customer trust, which will only result in frustration, loss of business, or customers switching to competitors.
Global ride-sharing platform, inDrive, is an excellent example of how a company strengthened its defenses against fraud. The company operates the second-most downloaded mobility app in the world. It services users in 700 cities across 47 countries.
The inDrive platform uniquely empowers drivers and passengers to negotiate fair price offers based on route or other factors.
However, the ride-hailing industry globally is being targeted by fraud syndicates. Fraudsters create fake accounts to complete ‘ghost rides’ (rides that don’t happen) to rack up completion incentives. They also use GPS spoofers to simulate high demand in one area, causing fare surges they can profit from.
To proactively prevent fraud, inDrive adopted an advanced risk intelligence solution to identify multiple accounts – whether they be passenger or driver accounts – being operated from the same device.
The solution can also detect if malicious tools have been installed, such as GPS spoofers, tampered apps, and app cloners.
With its mission of ‘challenging injustice’, inDrive made transparency and fairness in price negotiations a priority. Stopping fraudsters from negatively impacting genuine users was imperative.
Fake accounts will continue to be prevalent as fraudsters try to find more ways to cheat businesses and consumers alike. Businesses only have a few chances to deter fraud before it ruins their reputation, finances, and more.