arrow left facebook twitter linkedin medium menu play circle

How To Register Millions of Fake Accounts With Ease

By Ting Fang Yen September 29, 2015

Photo of Ting Fang Yen

about Ting Fang Yen
Director of Research // Ting-Fang specializes in network and information security data analysis and fraud detection in the financial social and eCommerce industries. She holds a PhD in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.

iPhones Charging

Fake accounts are a bigger problem than ever. With so many new security technologies, why are they still so prevalent? Recent studies show that approximately 10 percent of accounts on social media sites are fake [1,2]. Other reports are more drastic: Instagram’s crackdown on spam fake accounts in December of last year exposed 18.9 million (29 percent) of followers of the Instagram official account as fake [3]. 

Really, is it that easy to register so many fake accounts? Sounds too good to be true. The reality is that there are many “helper” tools that enable bad actors to evade traditional security measures. Free voicemail services like K7 and Laser Voicemail provide disposable numbers to bypass phone verification. Guerrilla Mail, Mailinator, Fake Mail Generator are just a few of the providers of anonymous, temporary email addresses. Captcha solver services, many manned by human labor in Southeast Asia (see Figure 1), can cost as low as $0.5 for 1000 images. Anonymous proxies, VPNs (e.g., HideMyAss, FilterBypass, ZenMate), and cloud hosting services allow traffic to appear from different locations, defeating blacklisting or IP-based rules.

Workers Distribution by Countries
The distribution of the human labor force at one captcha-solving service, AntiGate.com.

To make it even easier for attackers, there are all-in-one account creator software that automates all of the above for you, such as the $2,500 (two PC license) deal from spamvilla.com, and “click farms” where fake accounts are registered manually and resold for different purposes [4]. Even dedicated hardware, i.e., jailbroken iPhones, have emerged in China. The phone comes complete with not only account creation capabilities for multiple online services (WeChat, Momo, Bilin, iAround, Weju, and Moca), but also automated messaging scripts and IP changer software for $550 – $700. The title image at the top of this post is a screenshot of the jailbroken iPhones being programmed by the seller.

Taobao ad for all-in-one “fraud” phones.
Taobao ad for all-in-one “fraud” phones.

The table below summarizes the security solutions commonly used at online services, and the attack techniques to defeat them.

Security Solution & Attack Techniques Table

Why are fake accounts so attractive? The sophistication of online services today has opened up lucrative opportunities for criminals. As mentioned in our earlier blog post, many service features including social reputation, ad impressions, promotional/reward points, and in-game virtual items can be converted into real-world gains. If account creation software alone costs $2,500, the profit that can be milked out of the fake accounts must be many, many times greater – at the cost of the online service.


References
[1] Emil Protalinski. “Facebook estimates that between 5.5% and 11.2% of accounts are fake.” The Next Web 3 Feb 2014. http://thenextweb.com/facebook/2014/02/03/facebook-estimates-5-5-11-2-accounts-fake/
[2] Lara O’Reilly. “8% of Instagram accounts are fakes and 30% are inactive, study says.” Business Insider< 2 Jul 2015. http://www.businessinsider.com/italian-security-researchers-find-8-percent-of-instagram-accounts-are-fake-2015-7
[3] Vindu Goel. “Millions of fake Instagram users disappear in purge.” The New York Times 18 Dec. 2014. http://bits.blogs.nytimes.com/2014/12/18/millions-of-fake-instagram-users-disappear-in-purge/
[4] Doug Bock Clart. “How click farms have inflated social media currency.” New Republic 20 Apr. 2015. http://www.newrepublic.com/article/121551/bot-bubble-click-farms-have-inflated-social-media-currency
[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q3 2019

Learn More

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens,…

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens, why it’s scaling, and how to stop it.

Improve Fraud Protection and Customer Experience with AI

Learn More

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience.

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience—two vital sources of competitive differentiation in today’s competitive landscape. As lending activity moves online, AI leverages advanced analytics to stop new…

Keeping Platforms Safe: AI and Machine Learning for Fraud Prevention

Learn More

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined…

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined organization by organization. From mass registrations and fake listings, to ATO and spam, to promo abuse and bot attacks, DataVisor’s AI-powered fraud management solutions deliver the…


Protect your business, your customers, and your data.

Request Demo