Fake accounts are a bigger problem than ever. With so many new security technologies, why are they still so prevalent? Recent studies show that approximately 10 percent of accounts on social media sites are fake [1,2]. Other reports are more drastic: Instagram’s crackdown on spam fake accounts in December of last year exposed 18.9 million (29 percent) of followers of the Instagram official account as fake . Really, is it that easy to register so many fake accounts? Sounds too good to be true. The reality is that there are many “helper” tools that enable bad actors to evade traditional security measures. Free voicemail services like K7 and Laser Voicemail provide disposable numbers to bypass phone verification. Guerrilla Mail, Mailinator, Fake Mail Generator are just a few of the providers of anonymous, temporary email addresses. Captcha solver services, many manned by human labor in Southeast Asia (see Figure 1), can cost as low as $0.5 for 1000 images. Anonymous proxies, VPNs (e.g., HideMyAss, FilterBypass, ZenMate), and cloud hosting services allow traffic to appear from different locations, defeating blacklisting or IP-based rules. The distribution of the human labor force at one captcha-solving service, AntiGate.com. To make it even easier for attackers, there are all-in-one account creator software that automates all of the above for you, such as the $2,500 (two PC license) deal from spamvilla.com, and “click farms” where fake accounts are registered manually and resold for different purposes . Even dedicated hardware, i.e., jailbroken iPhones, have emerged in China. The phone comes complete with not only account creation capabilities for multiple online services (WeChat, Momo, Bilin, iAround, Weju, and Moca), but also automated messaging scripts and IP changer software for $550 – $700. The title image at the top of this post is a screenshot of the jailbroken iPhones being programmed by the seller. Taobao ad for all-in-one “fraud” phones. The table below summarizes the security solutions commonly used at online services, and the attack techniques to defeat them. Why are fake accounts so attractive? The sophistication of online services today has opened up lucrative opportunities for criminals. As mentioned in our earlier blog post, many service features including social reputation, ad impressions, promotional/reward points, and in-game virtual items can be converted into real-world gains. If account creation software alone costs $2,500, the profit that can be milked out of the fake accounts must be many, many times greater – at the cost of the online service. References Emil Protalinski. “Facebook estimates that between 5.5% and 11.2% of accounts are fake.” The Next Web 3 Feb 2014. http://thenextweb.com/facebook/2014/02/03/facebook-estimates-5-5-11-2-accounts-fake/ Lara O’Reilly. “8% of Instagram accounts are fakes and 30% are inactive, study says.” Business Insider< 2 Jul 2015. http://www.businessinsider.com/italian-security-researchers-find-8-percent-of-instagram-accounts-are-fake-2015-7 Vindu Goel. “Millions of fake Instagram users disappear in purge.” The New York Times 18 Dec. 2014. http://bits.blogs.nytimes.com/2014/12/18/millions-of-fake-instagram-users-disappear-in-purge/ Doug Bock Clart. “How click farms have inflated social media currency.” New Republic 20 Apr. 2015. http://www.newrepublic.com/article/121551/bot-bubble-click-farms-have-inflated-social-media-currency[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container] View posts by tags: Mass Registration | Social Commerce Fraud and Abuse Related Content: Stay up-to-date on the latest fraud insights and intelligence. Thank you for subscribing.