Why Fraudsters Create Fake Accounts
By Sarah Beldo /
7 Sep 2016
If you’ve spent any time on social media, chances are you’ve encountered obviously fake accounts. You know the ones: no profile photo, few followers, little activity of note. However, the fraudsters, spammers, and scammers who create fake accounts are growing more sophisticated in both technique (the accounts appear more legitimate) and scale (technology exists to create these accounts quickly en masse), so it’s not always immediately obvious who’s legit and who’s a phony.
Why do people create fake accounts?
While some fake accounts may sit harmless for months, others may be used for a host of damaging and criminal behaviors. Let’s start on the slightly sunnier side of the problem. Some “fake” accounts come into existence innocently enough, with a user simply forgetting that they already signed up and creating a second account with a different email address. In fact, Facebook estimates that 4-8% of what are classified as fake accounts on their platform fall into this category.
There are also people who would just prefer to not use their true identity, for whatever reason (ranging from the innocuous to the shady). Maybe they want to fly under the radar while gathering information on someone, or perhaps they’re just testing and exploring. For example, someone may create a second profile on a dating site to test the waters and see if certain keywords and qualities will yield better results. Or a business owner may want to check up on what the competition is doing.
While this type of behavior may violate a websites terms of service, it’s not illegal in and of itself. It’s also typically perpetrated by individuals, which means it’s both smaller-scale and harder to crack down on. But it is possible to detect professional fraudsters – those who create fake accounts as a means of carrying out other undesirable behavior – and keep them off your site. First, let’s take a look at some of the reasons that bad actors may create phony accounts.
Affiliate link spam
We’ve all seen comment threads or messages filled with fervent entreaties to buy cheap sunglasses, check out Facebook pages, or work from home for big bucks. These spam messages may contain promotional links, and affiliates make money from every visit they drive via their link (plus even more if the clicker signs up). These affiliate links can lead to everything from legitimate brand sites to more questionable sites hawking diet pills and payday loans. Some fake accounts are set up solely for the purpose of promoting as many spammy affiliate links as possible until they get shut down.
The theory goes that if you add enough links to your site around the web, these inbound links will do great things for your SEO. While the value of spammy links to a site’s overall SEO strategy is questionable, there are still plenty of fake accounts created simply for the purpose of scattering these links all over the web.
There’s a reason cybersecurity advocates recommend being particularly wary about clicking links: you never know if that spammy link is just a ploy to get traffic to a website, or if it actually leads to a malicious site that will install malware on your computer. In fact, TrendMicro and other security experts have warned that malware attempts via social messages are on the rise.
Likes, reviews, and other social stats
Bad actors may create fake accounts en masse to boost a business’ status (through all kinds of social actions), or to damage a competitor’s by leaving bad reviews. The business of fake social network likes, followers, and reviews is huge. When Instagram did an enormous purge of fake accounts in 2014, most users saw their follower counts drop a bit – and Justin Bieber’s dropped by a whopping 3.5 million.
Phishing / spear-phishing
Phishing may sound old-school, but it’s never gone away. In fact, research shows attempts have grown as much as 789% year over year. Cybercriminals may create fake accounts to send these messages, and may even establish entire identities with large social networks so the message seems more credible. These messages look quite authentic, include some personal details about the recipient (gleaned from social networks), and may even appear to come from someone they know.
Whether it happens on a classified listings site, a property rental platform, a job board, or someplace else, a fake listings scam takes advantage of the trust a user has in an online marketplace. Fraudsters create fake accounts, upload scraped images, and often try to convince users to wire money or accept a phony cashier’s check as payment.
Similar to listings scams, romance scams rely on gaining the victim’s trust – but in this case, it happens over the course of weeks, months, or even years. Romance scams cost victims more than $120 million in the first half of 2016 alone, according to the FBI. And they don’t just originate on dating sites; scammers may create fake profiles on any place where people congregate and may be open to making a new friend, including social networks and online forums.
So, what do you do about fake users on your website? If you’re tired of shutting down accounts retroactively and are looking to block bad actors from creating accounts in the first place, check out Sift Science’s Account Abuse Prevention. We’re happy to answer any questions or give a demo anytime.