Domain Intelligence to Reduce Fraud


The client is one of the most prominent names in the high tech industry. This client leverages Arkose Bot Detection services in their account creation workflow. They were interested in testing Arkose Email Intelligence to help them identify fraudulent accounts created as a result of low and slow attacks.

The Business Problem

As one of the big names in players in the high tech industry space, this client has been using Arkose products to identify and mitigate bot attacks. Arkose products have been very effective in helping this client fight against high volume bot attacks. This client provides truth data to Arkose periodically to help Arkose SOC team fine tune custom controls. As part of this effort, the client provided details of 12,397 sessions that were identified as fraudulent but missed by Arkose bot prevention controls. Details from these fraudulent sessions included the email address used in the session to create a new account. Most of these sessions came in low and slow volume and therefore did not trigger controls looking for high volume bot activity.

The Arkose Labs Solution

This client in the high tech industry decided to test Arkose Email Intelligence to mitigate fraud accounts created by mainly low and slow attacks. Arkose Email Intelligence is an offering that is integrated with other Arkose products and clients who opt in for this service pass the email address used in the session in addition to device and IP related attributes. Arkose Email Intelligence evaluates the email address in several risk factors such as:

  • Email Formation – Syntactical errors associated with the email address.
  • Gibberish Handle Detection – Whether the email handle represents gibberish and was created for abuse.
  • Email Enumeration – Whether the email is an enumerated form (varying by a few digits) from an email seen previously.
  • Email Tumbling – Whether the email is using an alias with an inbox same as an email seen previously.
  • Handle Pattern Recognition – Whether the email handle, although new, is being created by an automated script.
  • Email & Domain Velocity – Frequency at which emails & domains appear across Arkose network.
  • Domain Intelligence – The risk associated with the email domain, existence, and ownership information.

and any risk indicator identified is returned in the output for the client to take further action. In addition, these risk factors can also be leveraged in challenge decision to automatically mitigate bot driven attacks. In this exercise, the client chose to test Arkose Email Intelligence in offline mode using email addresses from fraudulent sessions that were missed by Arkose bot solution and therefore risk factors around the email address were not leveraged in challenge decision.

Demonstrated Results

In this offline test, the client shared 12,397 email addresses used in fraudulent account creation. 11,152 (90% of reported fraud email addresses) of these emails were identified to contain a risk factor. Major risk factors found included risky domains (recently created) and Email Tumbling. It is very common for fraudsters to register a brand new domain and use emails created from that domain to use in the account creation process. In this sample, 8,714 email addresses were identified to be coming from various recently created domains. Arkose Email Intelligence checks the registration date of domains and uses it as part of the email risk assessment. In this case study, domain age based controls were able to identify over 70% of the fraud instances. Combined with other domain and handle based controls Arkose Email Intelligence was able to identify 90% of the fraud events missed by bot detection controls. These results support that leveraging Email Intelligence in conjunction with Arkose Bot Detection would help the client mitigate a high majority of the fraud attempts and reduce fraud costs.

Book a Meeting

Meet with a fraud and account security expert

Request a customized demo to learn more.