arrow left facebook twitter linkedin medium menu play circle

The Underground Market for User Accounts | Fake Accounts, Account Fraud

By Ting Fang Yen September 15, 2015

Photo of Ting Fang Yen

about Ting Fang Yen
Director of Research // Ting-Fang specializes in network and information security data analysis and fraud detection in the financial social and eCommerce industries. She holds a PhD in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.

For Sale Sign - Real Accounts of Fake Accounts?

User accounts are extremely valuable – real accounts far more so than fake accounts. This is not only true for Internet properties, which are valued by the size and growth of their user base, but also for professional online criminals exploiting these platforms for a profit.

The prevalence of these user accounts in the underground market proves this is a common problem across all social platforms. The figure below shows the price range per account on BlackHat World, a web forum for black hats providing tips or services for online marketing. As you can see, the price varies widely by service, and also depends on the number of accounts purchased, whether the accounts are phone-verified, the country in which they were created, the age of the accounts, etc. Credible accounts are far more valuable than fake accounts. 

Price Per Account - Real Accounts Not Fake Accounts
The price range of a user account on Black Hat World forums. This figure is based on data collected during two weeks in late July to early August 2015.

In the figure, the red line is the median price per account, the box is drawn between the first and third quartile of the price range, and the “whiskers” (in dotted line) extend to the furthest value within 1.5 times the interquartile range from the end of the boxes. Any data point further than that is marked as ‘+’.

In addition to accounts, other types of social currency are also up for sale. On the BlackHat World forums, a thousand Facebook “likes” run for a median price of $3, a thousand Twitter retweets is about $0.75, and a thousand Instagram followers is $2. Combo packages are available – $18.99 will buy you 530 Facebook likes, 500 Twitter shares, 380 Google +1’s, 300 Pinterest repins, 250 Facebook shares, and 240 LinkedIn shares. Looking for a quality marketing channel? LinkedIn accounts with 500 connections are only $30 each.

So what does all of this mean? Clearly it shows that the current security solutions in place, such as multi-factor authentication and rules/model-based systems, are ineffective at stopping mass registrations and account takeovers. It also underscores the point that there is a thriving underground for “fraud-as-a-service” where people buy and sell user accounts, fake reviews, followers like commodities on the stock exchange. Furthermore, it demonstrates the type of adversary we are now up against. Well-organized, well-funded criminal businesses that are spending a lot of money in these black markets to create huge armies of fake accounts to do their bidding for financial gain – whether it be fraudulent transactions, spam ad campaigns, promotional abuse or more. We need to rethink how we combat this modern adversary by stopping the creation of these accounts and the downstream damage they conduct.


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q3 2019

Learn More

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens,…

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens, why it’s scaling, and how to stop it.

Improve Fraud Protection and Customer Experience with AI

Learn More

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience.

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience—two vital sources of competitive differentiation in today’s competitive landscape. As lending activity moves online, AI leverages advanced analytics to stop new…

Keeping Platforms Safe: AI and Machine Learning for Fraud Prevention

Learn More

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined…

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined organization by organization. From mass registrations and fake listings, to ATO and spam, to promo abuse and bot attacks, DataVisor’s AI-powered fraud management solutions deliver the…


Protect your business, your customers, and your data.

Request Demo