New Account Origination

Fake New Account Fraud Rose 70% in H1 2021

August, 27, 20215 min Read

Whether it is fake new account registration – where fraudsters use stolen or synthetic credentials to create new digital accounts – or account takeover fraud, fraudsters are impersonating authentic users to abuse and monetize digital accounts. Our latest report revealed a surge in fake new account trends, with attacks reaching up to 43 million attacks in a single week this year. 

Fraudsters are going after consumers' digital accounts, as they have become central to most digital activity. According to the latest data from our 2021 State of Fraud Report, one of the top trends for the first half of 2021 is the surge in fake account registrations. In H1 2021, more than one-third of all attacks detected on the Arkose Labs network were fake account registrations, registering an increase of 70% from the end of 2020. Fraudsters are increasingly using fake new account registrations to maximize their ROI through a wide range of in-platform abuse, such as spam, phishing, and information scraping.

Fake new account registrations and account takeover attacks are interlinked

The trends across our network show that fake new account registrations and account takeover attempts are interlinked. In early 2021, our team detected attacks on the registration flow that were followed immediately by attacks on logins. This is because when a new account registration request is declined, it may indicate that an account associated with those credentials already exists, allowing fraudsters to pivot to account takeover attacks.

Traditionally, account takeover attacks have dominated the attack types registered on the Arkose Labs network. However, in H1 2021, fake new account registration attack volumes grew prolifically to level up with login-related attacks. Fraudsters are increasingly leveraging fraud farms and mobile devices to increase their ability to mimic the way today's consumer interact and use fake accounts for spam and abuse. 

All industries are affected

As businesses try to attract new customers and foster customer loyalty in today’s digital era, they are increasingly offering sign-up bonuses and other incentives. Along with customers, these schemes are attracting fraudsters, alike, who abuse the registration process using stolen or synthetic credentials to pocket these bonuses and infiltrate business networks. These successful attacks enable fraudsters to orchestrate varied downstream fraud that is often difficult to detect and block.

New fake account registration is rampant across industries as described below:

Financial services: Fraudsters are largely targeting digital application processes,  leveraging stolen credentials to mirror a real person in order to accrue sign-up bonuses. Sophisticated phishing and vishing schemes make it increasingly difficult to detect a fraudulent application.

Media and streaming:  As people turned to online forms of entertainment and connecting, fraudsters found it easy to hide amidst a flurry of legitimate new users. More than 50% of attacks in this industry target registration with the intention to disseminate spam and phishing messages that appear to come from a “real” person. 

Technology platforms: Generally, attacks on technology platforms are focused on the login and new account registration points. Tech platforms are frequent targets of fake new account registrations as fraudsters set their sights on freemium and promotional offers to access valuable tech (like free server time), meant to attract new customers.

Intelligent bots power new fake account registrations

To achieve scale at low investments fraudsters use bots. These cheaply and easily available advanced bots can run JavaScript and be trained to simulate human behavior complete with key presses, mouse movements, and clicks. This enables fraudsters to blend in with legitimate users as they too appear to be 'normal' human traffic, making it even more challenging for businesses to detect new fake account registration fraud.

Our poll of around 100 IT executives to understand how businesses are grappling with fraud attacks today, revealed that many businesses face trouble detecting and stopping fake account registrations on their platforms. Nearly 80% of respondents – especially larger businesses that have massive amounts of daily incoming traffic on their websites – found it difficult to identify fake new accounts created on their site in real-time. Once fake accounts are created, fraudsters can commit a wide range of attacks with them, including spam, phishing, information scraping, carding, inventory hoarding, and more.

Interestingly, the respondents to our poll cited sophisticated bots as the most difficult to detect. This is because not only can these sophisticated bots be deployed at a massive scale, they can also help fraudsters evade detection while bypassing fraud defenses.

Businesses need robust protection

In the new digital-first world, where customer accounts are at the center of all activity, businesses must strive to protect the sanctity of customer accounts, all the while maintaining a superlative customer experience. As bots continue to become more sophisticated, businesses must have robust protection in place to be able to accurately differentiate between human-like bots and real people.

Digital businesses need solutions that not only tell bots from genuine users but also deter persistent malicious humans from attacking. Arkose Labs is helping global brands fight both bot- and human-driven fraud with its zero tolerance to fraud approach, where we go beyond mitigation to deter fraud by bankrupting the business model of fraud.

To get more insights into how fake new accounts registration can be a multi-pronged threat and the measures businesses can take to protect themselves, download your copy of the 2021 State of Fraud Report now.