arrow left facebook twitter linkedin medium menu play circle

The Hidden Enemy Threatening Your Online User Growth | Fake Reviews, Fraud, Transactions

By Yinglian Xie August 31, 2015

Photo of Yinglian Xie

about Yinglian Xie
CEO and Co-Founder // Yinglian has over 10 years of experience in security, specializing in fighting large-scale attacks with AI and Big Data technologies. Previously, Yinglian worked at Microsoft protecting hundreds of millions of users across a wide range of Microsoft products.

Hidden Enemy Threatening Your Online User Growth - Fake Reviews

We are entering an era of billions of users and trillions of online accounts. This is attracting a growing wave of attacks like fake reviews targeting online services of all sizes. The Internet user population is now 3 billion strong [1]. There are now over 3 million mobile apps and online services available, and most people have registered accounts with at least 26 of them [2]. That’s creating a huge surface area of online services and user accounts to protect.

Not only are there more mobile apps and web sites than ever before, but they are also becoming much more complex. To continuously drive strong user growth, modern online services are rapidly evolving from single-function sites to feature-rich platforms that have a blend of social networking, e-commerce, gaming and online-to-offline (O2O) services attributes. While each of these new “features” makes the service more attractive to benign users, they are also potential vulnerabilities to be exploited by bad actors.

Crosshairs--User Account--Fake Reviews
User accounts are the primary target of online criminals

As a result of the combined growth and feature richness of online services, user accounts are becoming highly desirable targets. They are the precious core of every service, as users are both contributors of content (e.g., reviews, ratings, followings, pins, messages) and a channel for monetization (e.g., ad clicks, promotions, in-app purchases). But due to their intrinsic value, user accounts are also the most vulnerable spot in every service. Coordinated malicious user accounts, either created anew, or obtained via user hijacking, actively target the various features of the modern online service for some type of real-world financial gain. Example attacks include fake reviews to boost business reputation [3,4], promotional credits abused to gain an unfair advantage within games, and stolen credit cards used to pay for goods via Apple Pay [5]. Such attacks can cause millions of dollars of loss to the service, in addition to severely degrading brand name reputation and platform integrity.

Examples of service features targeted for financial gain as with fake reviews
Examples of service features targeted for financial gain

The Sleeping Enemy Within
These attacks signal the emergence of a new breed of online adversary. We are well beyond the lone gunman looking to make a quick buck by using a fake credit card to make a small number of fraudulent transactions on an e-commerce site. Today, technologically advanced, coordinated online criminals continuously adapt their techniques to stay under the radar, not only leveraging the billions of events generated by the other millions of user accounts to remain undetected, but also taking the time to build massive armies of “sleeper cells” within the online service. These dormant accounts are used for testing or carrying out the attack in stages, and lie in wait for months or even years until the time is right for an assault.

Screen-Shot-2015-08-28-at-5.00.21-PM

The fact that fraudulent accounts are growing at an alarming rate — sometimes even outpacing normal user growth — shows that traditional reactive solutions, such as signatures, rules, or purely supervised machine learning approaches, are falling behind. As pointed out in a recent Gartner report, “Rules, which are usually based on attacks that happened, are only as good as what a user knows. Rules do a poor job when it comes to predicting future attacks, and they also become difficult to manage over time as they proliferate.” [6]. Similarly, supervised learning is inevitably difficult to catch new attack patterns, where labels are unavailable.

We believe it is time to rethink our security requirements for the new era of trillions of accounts that we live in. A next-gen solution is needed to address the growing threat of online identities, and to stay ahead of these advanced attacks. As such, we need leading computer scientists to work together and develop predictive solutions using Big Data technology and security analytics. The purpose of DataVisor is to strengthen this weakest and highly exploitable link in the new security arsenal. We are here to build trust in online communities and services as they flourish, to protect the long-term growth of all consumer-facing sites and apps, and to protect every one of us as end users.


References:
[1] Internet live stats. http://www.internetlivestats.com/internet-users/
[2] Nielsen. “Smartphones: so many apps, so much time.” 1 July 2014. http://www.nielsen.com/us/en/insights/news/2014/smartphones-so-many-apps–so-much-time.html
[3] Megan Griffith-Greene. “Yelp, Google and UrbanSpoon targets for fake reviews.” CBC News
7 Nov. 2014. http://www.cbc.ca/news/business/yelp-google-and-urbanspoon-targets-for-fake-reviews-1.2826154
[4] Victor Luckerson. “Amazon is sueing sites that sell fake reviews.” Time 10 Apr. 2015. http://time.com/3817401/amazon-sues-fake-reviews/
[5] Daisuke Wakabayashi. “Fraud comes to Apple Pay.” Wall Street Journal 3 Mar. 2015. http://blogs.wsj.com/digits/2015/03/03/fraud-comes-to-apple-pay/
[6] Avivah Litan and Jonathan Care. “Market guide for online fraud detection.” Gartner 27 Apr. 2015.
[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q1 2019

Learn More

Access proprietary data and research results to discover the latest attack techniques and prevention strategies.

Download the Q1 2019 Fraud Index Report from DataVisor to receive unparalleled data-driven insights into the latest attack trends, and the most effective prevention strategies, based on analysis of over 44 billion events, 800 million users, 396 million IP addresses, and more.

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Guard Your Online Marketplace Against Fraud

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful eBook.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This eBook details the entire lifecycle of a fraud attack, and lays out…


Protect your business, your customers, and your data.

Request Demo