arrow left facebook twitter linkedin medium menu play circle

Fake Accounts and Real Trouble: Wells Fargo’s Latest Problems

When the news broke that Wells Fargo had “been hit with $185 million in civil penalties for secretly opening millions of unauthorized deposit and credit card accounts that harmed customers,” the obvious question was: how can something like this happen in the first place? How does a company not notice huge numbers of fake accounts?

By Christopher Watkins September 15, 2016

Photo of Christopher Watkins

about Christopher Watkins
Christopher Watkins is Senior Creative Writer at DataVisor. He brings 10+ years of writing, editing, and strategy experience to his role. He was previously Senior Writer and Chief Words Officer at Udacity. He holds an MFA in Creative Writing from the University of Southern Maine.

Last week the news broke that Wells Fargo had “been hit with $185 million in civil penalties for secretly opening millions of unauthorized deposit and credit card accounts that harmed customers,” and the backlash caused by the account opening has been fierce.

While the ethical issues with the Wells Fargo scandal are of course much larger than just fake account opening (for starters, it was reported that they were opened by employees “transferring money from customers’ authorized accounts without permission,” and the customers were incurring those transfer fees), a lot of questions have been raised about how something like this could have happened in the first place. How does a company not notice huge numbers of fake accounts?

6046576262_7ff59e8019_z
Image Credit: Andrew Czap

The sad reality is, it’s a lot easier to create and hide fake accounts than you might think.

Whether it’s insiders creating new accounts to meet sales goals or outside fraudsters committing identity theft, fake account opening is a huge problem, and it’s becoming increasingly difficult to detect. As we’ve seen time and time again, massive dumps of personal information are being released from hacks daily, which means fraudsters can open accounts with seemingly real credentials. In some industries you often only need an email to create an account, and as we’ve shown before, you can register millions of fake accounts quickly and easily.

The question remains, however: how do you detect them? It’s not that easy, as it turns out. Fraudsters are using advanced attack methods to go undeterred and undetected. Some common account opening attack techniques include:

  • Registrations through VPNs and cloud hosting services to make the traffic appear distributed from different locations.
  • Using mobile devices with OS/hardware flashing capabilities to make the account sign-ups appear to come from different legitimate users signing up from different computer devices.
  • Faking browser info, user-agent strings, and MAC addresses to make sign-ups look like they come from hundreds of different unique users

For a real-world example from our research, we recently took a look at new account openings at a financial institution, and we were able to detect huge numbers of fake accounts by looking for signature patterns in the data. There were three main patterns we observed from the attacks:

Account openings using emails with similar patterns

We identified hundreds of account openings that took place using emails with similar patterns (randomly generated usernames containing 10 characters):

  • opjutyyggr@xxxxxxx.com
  • rtbwmneigs@xxxxxxx.com
  • eenxzirkfu@xxxxxxx.com
  • clfunyjjpq@xxxxxxx.com

Account openings from the same devices

We also detected fake accounts that were all registered with the same few devices (i.e., mobile hardware ID), with each device registering a small number of accounts. This is likely the result of the attackers “flashing” their devices to create the appearance of multiple distinct users from different devices. In addition to fake account creation, we have also observed this attack technique used to conduct fraudulent in-app purchases.

Account openings using scripts

We also detected accounts registered programmatically, as shown by the user-agent strings. For example, “Java/1.7.0_51” and “Apache-HttpClient/4.3 (java 1.5)” are default strings from the software library.

Fake accounts offer lucrative opportunities for malicious actors. Everything from social reputation, ad impressions, promotional/reward points, and in-game virtual goods can put money in a fraudsters pocket, or act as a puzzle piece in a bigger scam with an even bigger payoff. Wells Fargo has a long road ahead in terms of cleaning out fake accounts, and dealing with their trust and ethical violations. Sadly, this likely won’t be the last time massive amounts of fake accounts hit the headlines. When it comes to detecting fake accounts, all companies have a ways to go.

Fortunately, there are options. Advanced, AI-powered fraud solutions such as those offered by DataVisor offer organizations the ability to detect and prevent fraudulent account activity at the application and creation level. This degree of proactivity means attacks are stopped before the damage can happen.


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q3 2019

Learn More

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens,…

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens, why it’s scaling, and how to stop it.

Improve Fraud Protection and Customer Experience with AI

Learn More

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience.

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience—two vital sources of competitive differentiation in today’s competitive landscape. As lending activity moves online, AI leverages advanced analytics to stop new…

Keeping Platforms Safe: AI and Machine Learning for Fraud Prevention

Learn More

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined…

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined organization by organization. From mass registrations and fake listings, to ATO and spam, to promo abuse and bot attacks, DataVisor’s AI-powered fraud management solutions deliver the…


Protect your business, your customers, and your data.

Request Demo