arrow left facebook twitter linkedin medium menu play circle

The Hidden Enemy Threatening Your Online User Growth | Fake Reviews, Fraud, Transactions

By Yinglian Xie August 31, 2015

Photo of Yinglian Xie

about Yinglian Xie
Yinglian Xie is CEO and Co-Founder of DataVisor. She was previously at Microsoft Research, where her focus was on advancing the security of online services with big data analytics and machine learning. Yinglian completed both her Ph.D. and post-doctoral work in Computer Science at Carnegie Mellon University, and currently holds over 20 patents in her field. A highly-regarded researcher, author, and conference contributor, Yinglian is widely regarded as one of the most influential figures in the areas of artificial intelligence, machine learning, and big data security.

Hidden Enemy Threatening Your Online User Growth - Fake Reviews

We are entering an era of billions of users and trillions of online accounts. This is attracting a growing wave of attacks like fake reviews targeting online services of all sizes. The Internet user population is now 3 billion strong [1]. There are now over 3 million mobile apps and online services available, and most people have registered accounts with at least 26 of them [2]. That’s creating a huge surface area of online services and user accounts to protect.

Not only are there more mobile apps and web sites than ever before, but they are also becoming much more complex. To continuously drive strong user growth, modern online services are rapidly evolving from single-function sites to feature-rich platforms that have a blend of social networking, e-commerce, gaming and online-to-offline (O2O) services attributes. While each of these new “features” makes the service more attractive to benign users, they are also potential vulnerabilities to be exploited by bad actors.

Crosshairs--User Account--Fake Reviews
User accounts are the primary target of online criminals

As a result of the combined growth and feature richness of online services, user accounts are becoming highly desirable targets. They are the precious core of every service, as users are both contributors of content (e.g., reviews, ratings, followings, pins, messages) and a channel for monetization (e.g., ad clicks, promotions, in-app purchases). But due to their intrinsic value, user accounts are also the most vulnerable spot in every service. Coordinated malicious user accounts, either created anew, or obtained via user hijacking, actively target the various features of the modern online service for some type of real-world financial gain. Example attacks include fake reviews to boost business reputation [3,4], promotional credits abused to gain an unfair advantage within games, and stolen credit cards used to pay for goods via Apple Pay [5]. Such attacks can cause millions of dollars of loss to the service, in addition to severely degrading brand name reputation and platform integrity.

Examples of service features targeted for financial gain as with fake reviews
Examples of service features targeted for financial gain

The Sleeping Enemy Within
These attacks signal the emergence of a new breed of online adversary. We are well beyond the lone gunman looking to make a quick buck by using a fake credit card to make a small number of fraudulent transactions on an e-commerce site. Today, technologically advanced, coordinated online criminals continuously adapt their techniques to stay under the radar, not only leveraging the billions of events generated by the other millions of user accounts to remain undetected, but also taking the time to build massive armies of “sleeper cells” within the online service. These dormant accounts are used for testing or carrying out the attack in stages, and lie in wait for months or even years until the time is right for an assault.


The fact that fraudulent accounts are growing at an alarming rate — sometimes even outpacing normal user growth — shows that traditional reactive solutions, such as signatures, rules, or purely supervised machine learning approaches, are falling behind. As pointed out in a recent Gartner report, “Rules, which are usually based on attacks that happened, are only as good as what a user knows. Rules do a poor job when it comes to predicting future attacks, and they also become difficult to manage over time as they proliferate.” [6]. Similarly, supervised learning is inevitably difficult to catch new attack patterns, where labels are unavailable.

We believe it is time to rethink our security requirements for the new era of trillions of accounts that we live in. A next-gen solution is needed to address the growing threat of online identities, and to stay ahead of these advanced attacks. As such, we need leading computer scientists to work together and develop predictive solutions using Big Data technology and security analytics. The purpose of DataVisor is to strengthen this weakest and highly exploitable link in the new security arsenal. We are here to build trust in online communities and services as they flourish, to protect the long-term growth of all consumer-facing sites and apps, and to protect every one of us as end users.

[1] Internet live stats.
[2] Nielsen. “Smartphones: so many apps, so much time.” 1 July 2014.–so-much-time.html
[3] Megan Griffith-Greene. “Yelp, Google and UrbanSpoon targets for fake reviews.” CBC News
7 Nov. 2014.
[4] Victor Luckerson. “Amazon is sueing sites that sell fake reviews.” Time 10 Apr. 2015.
[5] Daisuke Wakabayashi. “Fraud comes to Apple Pay.” Wall Street Journal 3 Mar. 2015.
[6] Avivah Litan and Jonathan Care. “Market guide for online fraud detection.” Gartner 27 Apr. 2015.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features mean vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…

Protect your business, your customers, and your data.

Request Demo