Sept. 11, 2024
How certain are you that you're interacting with real accounts as opposed to fakes? In a world where digital interactions are social and economic interactions, fake accounts present a very real threat to individuals and businesses. They can sway public opinion, cost businesses hundreds of thousands of dollars in loss, and cause irreparable brand damage. In this post I'll explain why you need to care about preventing fake accounts if you want to earn user trust on your platform. I'll explain how relying on technology, verification, and user education and support can make your security airtight. By the end, you'll know the exact steps you need to take to protect your digital identity, and play an active role in the digital world confidently.
In today's world, you can think of fake account prevention as a bit of an umbrella term for all of the things you might do to try and prevent people from creating tons of fake accounts on your online platform, whether that's a social media website or an e-commerce site, where they can pretend to be someone else, and commit account creation fraud that could be damaging to your business and your users—so of course you'd want to protect against that.
Fake account prevention is really important. They're bad news all around, bad for people, bad for businesses, bad for brands, and bad for the truth. If a fake account is impersonating a real user, it can create false information and that false information can deceive people. This deception can lead to a lack of trust, which can destroy a brand or cost a business a lot of money, engaging in fraudulent transactions, or ruin a marketing campaign by contaminating the data.
That's just the brand damage; there's also user damage. If you've created a platform that forces a user to interact with a fake account, then you have lowered that user's experience and you have lowered the chances of them coming back in the future. As we increasingly work and play and live online, everyone is vested in preventing fake accounts. It's not just a safety problem; it's a business problem.
When it comes to account impersonation, one of the best things you can do to reduce risk is prevent fraudsters from creating fraudulent accounts in the first place. You can ensure that the person creating the account is who they say they are and require users to prove their identity in the process of creating the account. For example, require users to complete multi-factor authentication (MFA), so even if a hacker or unauthorized user knows a user's password, they still won't be able to access the user's account. This is done by having a user enter a combination of a password and a one-time code that's sent to their mobile phone.
But you want more than that. You want to also be able to identify a fake account that is acting suspicious. For instance, a brand new account that is suddenly attempting to access a host of sensitive information or engaging in a lot of strange transactions. Using machine learning algorithms, the platform can continue to learn from user behavior patterns and thus improve its ability to flag strange user behavior over time.
With this capability, you can achieve not just high accuracy rates but also automate the process, rather than manually screen and verify each new account. If not, you won't be able to cope with the volume of new users you're onboarding. Instead, you want to be able to screen accounts and automatically block suspicious accounts during registration, in real-time. Preventing fraudulent user registrations this way will lower the incidence of fraud and will help safeguard your community and business on the whole.
As social media has grown, so too have fake accounts. There are different types of fake accounts that populate social platforms, and each is created to achieve a different goal and faces different obstacles. If you understand these types of fake accounts, you can more easily navigate their deceiving ways.
Bots are just accounts that are operated by scripts or algorithms to carry out various pre-determined tasks on social media. These accounts may pollute your timeline with irrelevant content that you probably don't want to see, or artificially inflate engagement metrics like shares, likes, etc. For instance, a bot might post the same spammy content in a popular hashtag over and over again so that when people search for the hashtag, they won't be able to find anything relevant or have a relevant conversation. Some bots are even used to promote some sketchy service or product, using algorithms to make you think something is popular and legitimate. In short, this kind of bot proliferation can manipulate public perception and cause a ton of misinformation.
The worst part is that bots are getting better and better at imitating human behavior. With AI, some bots can be "live," responding to humans in real time, and almost completely indistinguishable from a human. That's why you'll want to have good moderation practice in place so you can recognize and remove these spammy accounts from your platform.
Impersonators are people who create accounts that mimic real people or public figures so convincingly that they trick others. They use stolen photos and a username that looks similar enough to the original to make you think they are someone else. Their reasons for making these copycat accounts can vary from trying to scam people (like asking you to send money) to trying to get likes and followers by lying to people.
For example, a scammer might create a fake account of a celebrity to try and trick people into investing in their scammy investment or to get in on some fake contest. This not only betrays the trust of the followers, it also does harm to the person being impersonated. And it's not just individuals either—entire communities can suffer as they're fed falsehoods and real relationships manipulated.
Catfish accounts are fake identities, often used in the context of online dating. The person behind the account creates a very detailed profile, including photos that aren't really of them, and a completely made-up life story, all designed to manipulate the emotions of the person they're targeting. Usually they're trying to get the person to give them money, and they'll use the emotional connection they've engineered to get the person to hand over cash in some way.
Just goes to show, meeting people online can be risky business—especially in this day and age, when online dating is so popular. You always need to keep your guard up, and take a few steps to look into new people you meet. And talk to other people about things like catfishing, so everyone knows what signs to watch out for, and what pitfalls to avoid.
Professional spammers are individuals or companies that create accounts only to try to sell to you, or to deceive you. Unlike bots, which simply try to talk to as many people as possible, professional spammers are a bit more selective and try to talk to certain groups of people to get the most sales. They'll use things like sketchy marketing and psychological tricks. They'll buy followers and scam people into buying their products, and all of this is part of social media credibility and verifying marketing sources online.
Trolls are real people who purposefully disrupt online, often with multiple fake accounts to increase their reach, and their only goal is to emotionally provoke or foster infighting within a community; whether that's forums, social media posts, or games. They're a different breed of fake account, in that they're not trying to make money -- they literally feed off the chaos and reaction that they create.
Understanding the why is essential to being able to take action against them in an effective way. Because many of these people operate under the cloak of anonymity, platforms need to update their policies and practices to make it hard for them to operate. Creating a welcoming and supportive community is the best way to close the gaps that they exploit, and we can prevent them from growing in numbers.
Once you know what to look for and are proactive in moderating your community, you can pinpoint the fake accounts that are popping up more and more often and protect the integrity of your online community.
These days, as more and more people use online banking and social media, it's increasingly important to be able to prevent and battle fake accounts. Due to the spike in fake accounts, businesses are starting to use much more strict ID and verification checks. In this section, you'll read some business stories of how they do this, and you'll see exactly how they do it.
We have 2 products here. A launch feature, and an email automation tool. We've been around since 2016, and since then, we've had a lot of people try to take advantage of our site.
The biggest way people take advantage of us is by creating multiple accounts. They'll create multiple accounts to have $1 deals with themselves, and to get free products. They'll create multiple accounts to leave themselves reviews. They'll create multiple accounts to not have to pay for the service they use.
They'll use a bunch of fake names, and a bunch of fake emails. They'll also use a bunch of the same payment method. For example, they'll use 10 accounts and all 10 accounts will use the same VISA card.
While we can't say for sure that all of these are bad actors (sometimes you'll have a husband and a wife that have separate accounts, and they'll use the same credit card), but most of the time these are bad actors.
So how do we prevent this? Our methods aren't perfect, but we do have a lot of checks in place to prevent bad actors from getting value from JumpSend.
One of the easiest methods is to just check their IP addresses. If we see that the same IP address is using a bunch of different accounts, and they're all using the same coupon code, we'll ban all the accounts using that IP address, and we'll void the coupon code. We have a bunch of other methods in place, but this is the easiest and most effective method.
We're a bit biased here, but this is one of our favorite case studies! We have a lot of Amazon FBA sellers who use JumpSend to launch their products.
The most common way that people try to take advantage of us is by paying with someone else's card. They'll sign up for an account, and use someone else's card to pay for a promotion. We don't want that. We don't want to have someone take someone else's card, and use it on JumpSend.
So what can we do to prevent this? We use our own service! We use our own identity verification service to verify that they are who they say they are.
Our sellers upload their passport or driver's license. We also take a photo of them, and we make sure that the photo they uploaded matches the photo on their ID. We also make sure that the photo on their ID matches what they look like now (if they uploaded a driver's license).
Sure, there's a way to spoof this. The scammer can just have the real user take a photo of themselves, and send it to them, but it's a lot of work for the scammer.
And the biggest reason why this case study is our favorite? Amazon's ID verification service is complete garbage. It's super easy to spoof, and anyone can just upload a photo for someone else's ID and get approved. Amazon doesn't even check to see if the photo on the ID is the same person signing up. They also don't check to see if the person signing up matches the photo on the ID. In other words, it's super easy for someone to scam the system.
So, if Amazon's service is so easy to scam, then why do we even use it? Well it's a requirement by Amazon to use an ID verification service, and we're very white-hat. We don't want to break any of Amazon's rules, so we use our own competitor's service only because we have to.
This isn't a customer of ours, but a lot of people who read this will be.
Apple is a really big place. They have a lot of money, and they don't have a lot of time. So they'll automate as much as they can. That's why a lot of people try to scam them.
One of the most common ways to scam them is by offering a "free trial" for an app, and cancelling their credit card so they can't get charged after the trial ends. It's a scam.
Because Apple is so big, and because they'll automate as much as they can, their app store was actually quite lenient when it first came out (it's a lot stricter now, though). In fact, there were a lot of apps that were just candy crush games, which you wouldn't be able to get away with today.
But the problem with candy crush games? They're not coffee shops. They don't have a lot of money. And so? They'll advertise their game with a "free coffee" that you can redeem at Starbucks. And all you have to do is to download their app.
So how did Apple prevent this? Apple has the same method that we do, except they have a few more checks. They'll check to see if your app actually does what it says it does. They'll also check to see if your app actually does what it says it does, and it's not just some ad for someone else's app. They'll also check to see if your app actually is worth the price that you're charging.
And for the most part, they do an OK job here. I'd say that they're about 80% effective with their checks.
But for the 20% that they miss, that's where we come in. We're 100% effective when we catch someone trying to scam us.
This isn't a customer of ours. We used to have a chatbot for Facebook, but we discontinued that product because it wasn't very good.
This was before chatbots were really a thing, and some people didn't really know that much about them. So they'd ask if they could use the chatbot for their business, and we'd tell them "it's a toy more than anything." But a lot of those people were persistent.
We'll talk to this college kid. He said that he's going to build a chatbot for businesses and he knows everything about our product. He said that he's a professional marketer, and he's done marketing for 5 years. He said that he's done SMM, PPC, SEO, and all these acronyms.
So we asked him, "If you've done SMM before, what's a CPM?" He didn't know. We asked him what PPC was, and he didn't know. We asked him what SEO was, and he didn't know.
So you know what? I asked him for his resume. I wanted to see who I was up against because I definitely didn't know everything about our product. I only knew enough to get it to work.
Turns out, he's never actually done marketing. He was a college kid in his second year, and he's never even had a job before.
So how did Facebook prevent people like this from using their ad system? They just required a credit card. That's it. That's all.
The college kid can't have a credit card. He's a college kid. He's broke. The college kid can't have a credit card. He can't advertise on Facebook.
And for the most part, people that try to take advantage of Facebook with fake ads aren't very clever. They're not going to go out and get a credit card just to take advantage of Facebook for a few hundred bucks, and most of them don't even know how to take advantage of Facebook to begin with.
But for the people that are clever, and do try to take advantage of Facebook, they'll get caught pretty easily. Facebook won't get paid, and they'll get sued. Easy.
This also isn't a customer of ours. We used to have a Google Ads course.
So this kid took my course, and then he wanted a refund. We don't refund people that watch the entire course, and then ask for a refund, so we asked him why he wanted a refund.
He said that it was a scam, and that he knew everything that we taught in the course. And so I asked him, "If you know everything in the course, how come you're not making any money?" He didn't respond.
I looked him up on Facebook, and he was a senior in high school. And that was enough for me to know that he's full of it.
So how did Google prevent people like this from using their ad system? They just required a credit card. That's it. That's all.
The high schooler can't have a credit card. He's a high schooler. He's broke. The high schooler can't have a credit card. He can't advertise on Google.
By the way, this is how the high schooler tried to take advantage of us. He had his mom use her credit card to take our course. This is how he took advantage of us for $0, by the way.
I've been using AirBNB since 2013, and I've been hosting since 2017. I've learned a lot about AirBNB since using it, and I've learned a lot more about AirBNB since I.
Facebook's crazy decision to eliminate 691 million fake accounts in Q4 2023 really highlights how difficult it is to crack down on online fraud. This staggering number—a decrease from 827 million in the previous quarter—not only sheds light on how pervasive the issue is, but also serves to underscore Facebook's ongoing commitment to fighting inauthentic activity. In Facebook's eyes, fake accounts are those created with malicious intent, and/or the accounts of people, businesses, or things that aren't really there. In this 2-pronged issue, you not only have to ensure that people aren't impersonating, you also have to show your users that you can keep that promise.
The steep decline in fake accounts paints a clear picture that Facebook has some really neat ways of spotting fishy patterns in account creation. Through the power of machine learning, they are able to identify accounts that may be in violation of their terms before they even do anything, which really has bolstered the reputation of the platform. As more users catch wind of this effort, the community should be empowered extensively, and in a much more real way.
The JPMorgan Chase example is a good one of why you need reliable verification checks so you don't get scammed. They found that out of 4.25 million accounts they acquired in a bid to sign up new customers, just 300,000 were real. It's hard for banks to know if an account is real. It's hard for anyone to know, especially when the focus is on signing up new accounts so quickly.
As a result, JPMorgan Chase introduced more thorough checks to make sure the people they're bringing onboard are the people they say they are. With strong fraud identification processes and multi-factor ID checks, bank staff can better tell who customers are and who customers aren't. This thorough approach to customer verification not only improves security, but also serves to build a better environment of trust and loyalty for their customers overall.
Companies like Riskified are proof that automation is going to revolutionize the fight against fake accounts. They automatically screen new sign ups for unusual activity and instantly block fraud and boost security in real-time.
The automation takes the form of a set of algorithms working together, and learning from past data in order to spot fraud better than a human ever could. And because it learns, it can spot brand new types of fraud the moment they appear, which means it's always 'in the know'. For ecommerce companies, that means less order fraud and more happy customers, and that means more business all round.
And you really do need a cutting edge technology system to spot fake accounts. Facebook, JPMorgan Chase, and Riskified all have effective systems in place to catch fraud, making the internet safer for all of us, every day.
In the digital age, fake account prevention is key to any online platform. The methods for doing so work, but are not without their drawbacks that can impact user experience and safety.
Implementing fake account prevention is one of the greatest things a platform can do, because it creates trust. When a platform is good at keeping fakes out, genuine users will flock to it to connect with other real users, which is what makes it safer, and then trust it more. More trust can also lead to more user engagement--they use the platform more. For instance, they might feel more comfortable sharing their real personal information with others or getting in touch if they know there's hardly any chance they're talking to a fake account. Plus trust = brand loyalty, and happy users are the best users because they'll stick around for a long time.
Take social media for instance. Social media platforms have verified account badges because they want to show users who is real. Not only is the account-holder really the person they say they are, but it helps make other users trust them. And users will return to a platform they trust...so, more engagement. All that trust leads to a lively community, as users are more likely to connect and collaborate with each other.
Another awesome thing about anti-fake account measures is that it helps prevent bad actors from impersonating and scamming users. They're able to catch the fake accounts, which are typically used to scam, impersonate, and more. This prevents users from being scammed or hurt emotionally.
For instance, if an app requires advanced identity verification, it makes it really hard for someone to make a fake profile of you. Like uploading a passport, taking a selfie with your passport, or phone number verification. Making it really difficult for bad actors to game the system. Not only that, but with less scams, the users that use the app can trust it more because there are less scams and less fake accounts.
By implementing these, they're not only protecting their users, but they're also building a better name for themselves. And when you build a name for yourself, you get more users. And when you get more users, the app becomes more and more valuable. And when the app becomes more valuable, the ecosystem wins!
Using advanced technologies including machine learning to flag fake accounts enables you to identify suspicious activity earlier. These tools are trained to identify user behavior and patterns, and call out any unusual activity that could indicate fraudulent behavior. Maybe someone logged in from a place they never have before, or someone created 1,000 accounts in an hour – you’ll know then and there. Right away.
That way, the platform can take action before things escalate, before anything happens to the users. If you spot a brand new account that just sent 100 friend requests, or 100 messages per day every day, the system will catch it and mods can act before it escalates. And as technology improves, detection improves, so users increasingly feel safe using the platform.
I'm sorry, but you haven't provided a passage for me to edit. Please provide the text you'd like me to process according to your specific guidelines.
Plus, the worse thing about fake account prevention? Is that it's costly. It's costly to acquire and maintain the fraud detection to keep the fake accounts away, and smaller companies and startups can't afford to purchase all of these expensive things, creating a divide between the big guys who can afford to keep their platform safe and the little guys who can't. Making it impossible for the little guys to compete in a market where user trust is everything.
Big guys also get really good software and dedicated team members making sure their platform is safe, while little guys just can't afford to keep their user base safe.
That's why all of these things, there needs to be a solution that can scale and that is cost-effective for all sizes of businesses, because the world is getting more and more digital, and our lives are going online. We need to keep the bad guys out without breaking the bank.
So what's the solution? I'm glad you asked. Here are a few things you can do to help prevent this.
Two-factor authentication (2FA) is one of the easiest, most effective steps you can take to secure your users. By asking users to confirm their identity using a second method (like a text or an authenticator app), you can significantly reduce the risk of unauthorized access. This extra layer of protection adds an obstacle attackers have to navigate, which makes it more difficult for them to create or take over fake accounts.
Even better, 2FA doesn't have to be an optional add-on--it can be a seamless part of your user experience. For example, as users create their account, you can encourage them to enable 2FA in order to secure their account from the start. And with adaptive authentication, you can request additional security only when necessary based on user behavior, such as 2FA only when a user logs in from a new device or location.
Regular user account audits are key for flagging anomalies that could suggest the presence of fake accounts--things like rapid succession account creation, account activity from locations the user has never been, or login from multiple devices from widely separated locations.
When organizations systematically review user behavior and engagement metrics, they can flag accounts that stray from expected behavior. For example, if an account suddenly begins sending lots of connection requests or messages, that could be cause for concern. This type of proactive monitoring enables organizations to quickly remediate suspected fake accounts through suspension or other verification, preserving a high-quality community.
When people can recognize the signs of fake accounts, they feel confident that they can stop fraud. When you're flagging the signs of fake accounts, you're arming people to take action. When people can recognize and take action against fake accounts, they can take the right steps to stop bad behavior early.
You could use webinars, newsletters, or site resources to provide people with resources to take action against account fraud. For example, you might provide guidance on what to watch out for in identifying fake accounts, such as misuse of language, suspicious photos, and conflicting details. That shared capability will help fight fake accounts and increase the baseline trust in your site.
When you unlock the full potential of artificial intelligence (AI) and machine learning, you can change the way you analyze user behavior and gain an advantage in spotting potential fraudsters. These algorithms can process massive amounts of data to identify patterns that a person might not notice at a glance.
AI algorithms can look at factors like log-in times, usage frequency, and even message content. If an account is acting in a way that a person wouldn't, machine learning can flag the account for analysis. This gives you the ability to take action early and prevent fraud before it interferes with product quality.
Clear community guidelines are key, because they will prevent people from creating fake accounts. When people know what's expected of them, they generally rise to meet expectations. This could include things like guidelines around account ownership, how you use ID, and what happens if someone does create or maintain a fake account.
If you can see the policies, and your users can see them, and then you remind them from time to time, then your community will self-police. You could just say 'If you sign up using a disposable or temporary email address, your account will be flagged and deleted' and users will take care of the rest. They'll not only avoid doing that themselves, but if they see anyone else doing it, they'll be the ones to point it out. Get it in a few times and people won't even need to remember, and then you'll always have a clean and safe community.
The article is going to take an in-depth look at the complex world of preventing fake accounts, and all the hurdles you'll encounter when you're trying to figure out how to stop fake profiles on your site. It will tell you why preventing fake accounts is absolutely essential to your business, because having fake accounts can lead to very serious things, including money, trust, and users. It will also give you some ideas of things you can do to stop fake accounts, like using 2FA, watching for unusual user behavior, or using AI/machine learning to detect abnormal activity. We'll also talk about all the different types of fake accounts, and just how important it is to have clear community guidelines for your users. Lastly, we'll give you some real-life examples, like how Facebook and JPMorgan Chase are both taking steps to fight back against online fraud, and why both big and small companies need to be ready to stop fake accounts.
Fake account prevention is extremely important for a business. It helps protect brand integrity and maintain customer trust. Fake accounts can create customer confusion, produce false reviews, and harm reputations. They can also lead to financial losses through scams or siphoned marketing analytics, which affects customer relations and loyalty.
There are many types of fake accounts. Some common examples are bots that spam content, impersonator accounts pretending to be a real person or public figure to mislead others, catfish accounts that are used to create fake identities for emotional exploitation, professional spammers that promote deceptive products or services, and trolls that cause chaos in online communities.
Businesses can help mitigate fake account risks by verifying that a user is who they say they are with user identity verification methods like multi-factor authentication, looking out for weird behavior through machine learning, and even using automated systems to check if an account is suspicious. All of these are proactive methods to keep the platform secure and with integrity.
I'll give you a couple of IRL examples to illustrate: Facebook removed over 691 million fake accounts by improving their detection algorithms. JPMorgan Chase layered on additional verification steps after unearthing a slew of fake accounts. And Riskified leveraged automated monitoring systems to pinpoint and resolve unusual user behavior in a flash.
This in turn leads to gains in user trust as platforms are better able to oust fake profiles, reduced risk of impersonation and fraud through more rigorous verification, and quicker detection of suspicious activity with the help of more advanced algorithms. All of which add up to a safer online space and more engaged users.
Some businesses face long verification processes that dissuade real users from participating, the cost of staying current with new detection technologies, and the risk of driving users away if the security is too obtrusive. It's all about balance.
Companies should implement 2FA, regularly audit your accounts for any weird activities, educate your users on how to spot and report weird behavior, use AI/ML to detect these in real-time, and have clear community behavior guidelines to maintain a high level of authenticity.
A security expert analyzing data related to fake account prevention.
SMS Check