arrow left facebook twitter linkedin medium menu play circle

Bad Account Opening: Fake Accounts and Real Big Trouble

By DataVisor September 15, 2016

Photo of DataVisor

about DataVisor

Wells, wells, wells, what do we have here? Last week the news broke that Wells Fargo had “been hit with $185 million in civil penalties for secretly opening millions of unauthorized deposit and credit card accounts that harmed customers,” and the backlash caused by the account opening has been harsh.

While the ethical issues with the Wells Fargo scandal are of course much larger than just fake account opening (to start, it was reported that they were opened by employees “transferring money from customers’ authorized accounts without permission,” and the customers were incurring those transfer fees), a lot of questions have been raised about how this can happen in the first place. How does a company not notice huge numbers of fake accounts?

Image Credit: Andrew Czap

It’s a lot easier to create and hide fake accounts than you think.

Whether it’s insiders creating new accounts to meet sales goals or outside fraudsters committing identity theft, fake account opening is a huge problem being faced by any company with users and it’s becoming increasingly more difficult to detect. As we’ve seen time and time again, massive dumps of personal information are being released from hacks daily, which means fraudsters can open accounts with seemingly real credentials. In some industries you often only need an email to create an account, and those are easy, and free, to open. As we’ve shown you before, you can register millions of fake accounts quickly and easily.

So how do you detect them? It’s not easy. Fraudsters are using advanced attack methods to go undeterred and undetected. Some common account opening attack techniques include:

  • Registrations through VPNs and cloud hosting services to make the traffic appear distributed from different locations.
  • Using mobile devices with OS/hardware flashing capabilities to make the account sign-ups appear to come from different legitimate users signing up from different computer devices.
  • Faking browser info, user-agent strings, and MAC addresses to make sign-ups look like they come from hundreds of different unique users

For a real-world example from our research, we recently took a look at new account openings at a financial institution and was able to detect huge numbers of fake accounts by looking for massive patterns in the data. There were three main patterns we observed from the attacks:

Account openings using emails with similar patterns

We identified hundreds of account openings that took place using emails with similar patterns (randomly generated usernames containing 10 characters), e.g.


Account openings from the same devices

We also detected fake accounts that were all registered with the same few devices (i.e., mobile hardware ID), with each device registering a small number of accounts. This is likely the result of the attackers “flashing” their devices to create the appearance of multiple distinct users from different devices. In addition to fake account creation, we have also observed this attack technique used to conduct fraudulent in-app purchases.

Account openings using scripts

We also detected account registered programmatically, as shown by the user-agent strings. For example, “Java/1.7.0_51” and “Apache-HttpClient/4.3 (java 1.5)” are default strings from the software library.

The lure of fake accounts is huge. Everything from social reputation, ad impressions, promotional/reward points, and in-game virtual goods can put money in a fraudsters pocket, or act as a puzzle piece in a bigger scam with an even bigger payoff. Wells Fargo has a long road ahead in terms of cleaning out fake accounts, and dealing with the trust and ethical violations. However, this isn’t the first, and won’t be the last, time massive amounts of fake accounts hit the headlines. When it comes to detecting fake accounts, all companies with users have far to go. 

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q1 2019

Learn More

Access proprietary data and research results to discover the latest attack techniques and prevention strategies.

Download the Q1 2019 Fraud Index Report from DataVisor to receive unparalleled data-driven insights into the latest attack trends, and the most effective prevention strategies, based on analysis of over 44 billion events, 800 million users, 396 million IP addresses, and more.

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Guard Your Online Marketplace Against Fraud

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful eBook.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This eBook details the entire lifecycle of a fraud attack, and lays out…

Protect your business, your customers, and your data.

Request Demo