arrow left facebook twitter linkedin medium menu play circle

One in Five Cloud-Based Online User Accounts May Be Fake, According to New DataVisor Study

October 2, 2018

Q2 2018 Fraud Index Report shows that for some cloud services more than 75% of accounts are utilized by hackers

MOUNTAIN VIEW, Calif. (October 2, 2018) DataVisor, a leading fraud detection platform, announced today in its quarterly fraud index report that more than one in five user accounts set up through cloud service providers may be fraudulent.

The Q2 2018 DataVisor Fraud Index Report is a quarterly assessment of types and methods of online fraud in social platforms and financial services. The current report uses information gathered by DataVisor between April and June of 2018, analyzing 1.1 billion active user accounts; 1.5 million email domains; 231,000 device types; and 562 cloud hosting providers and data centers, among other indicators.

DataVisor found that 21.57% percent of accounts originating from cloud service IP ranges appear to be fraudulent. Malicious accounts are eight times more likely to originate via cloud services than normal users. In fact, some cloud services and data centers can have more than 75% fraudulent accounts, the study found.

The United States and China host the highest number of fraud attacks. More than 21% of fake accounts targeting online and financial services originated from the US, and 17% originated from China. In attacks targeting North American online services, more than 45% of the attacks originated in the US.

Interestingly, crime rings leverage different cloud service providers depending on the attack. Fraudsters targeting social platforms largely use Amazon Web Services; DigitalOcean appears to be preferred by fraudsters targeting mobile apps and financial services.

Coordinated attacks – a group of fraudulent accounts controlled by the same attacker – represent the majority of fraudulent activity in both social platforms and financial services, the report found.

More than 90% of fake account registration in social platforms involves coordinated attacks; in the financial sector more than 40% of application fraud comes from coordinated attacks.

While most fraudulent attacks occur less than a day after accounts are established, some “sleeper cell” accounts can lie in wait for months or years before being used. On average, fraudulent accounts incubate for 35 days before attacking.

“This quarter’s DataVisor Fraud Index Report demonstrates that the increased adoption of the cloud has unintended consequences for the financial well-being of online businesses,” said Yinglian Xie, CEO and co-founder of DataVisor. “DataVisor is committed to educating businesses on trends in online fraud by providing regular quarterly reports on existing and emerging vectors of attack.

“This continuing series of reports draws insights from the DataVisor Unsupervised Machine Learning Engine and our Global Intelligence Network. With this approach, DataVisor is able to look across all events and users, and correlate groups of malicious users,” Xie explained. “We can accurately identify not only known attacks, but newer attack types that might go undetected.”

A full copy of the Q2 2018 DataVisor Fraud Index Report – as well as reports from previous quarters – are available online on the special reports section of the website.

About DataVisor
Founded in 2013, DataVisor is the leading fraud detection solution utilizing unsupervised machine learning to identify application fraud, identity theft, spam and abuse, fraudulent transactions, app install fraud, money laundering and more. DataVisor’s full-stack risk platform provides an end-to-end solution for detecting and preventing attacks by modern cybercriminals, and protects the largest financial institutions and Internet properties in the world including Pinterest, Yelp, and more. The company is headquartered in Mountain View, Calif., with offices in Beijing and Shanghai. For more information, visit