Account creation fraud–also referred to as new account fraud (NAF) or fake accounts fraud–is the act of fraudsters creating accounts on online services with malicious intent.
There are many variations in how and why fraudsters engage in this activity (and we will cover these below in detail), but the general ideas are the same:
A fraudster creates accounts on an online service with malicious intent using fake or stolen identity information.
A fraudster uses fake accounts to conduct fraudulent activity for the purpose of monetization (directly or indirectly).
The tactics of account creation fraud vary between different online services depending on the information required for account creation, the information verification processes, and eventually the ways that accounts can be used for illegitimate activity. Some examples of these differences between services are as follows:
Online gaming platforms: A valid email address alone is sometimes sufficient to create an account. Once created, a fake account may be used, for example, to spam other players or to gain in-game assets that can then be transferred.
Online retail and e-commerce: An email address and basic details such as gender and name are usually sufficient for account creation. A fake account may be used, for example, for credit card testing (i.e., simply verifying that account details and credit card details are valid) or as part of accounts referral chaining to collect referral bonuses.
Financial services: Account creation usually requires highly detailed account information such as an address, phone number, and social security number. A fake account may be used, for example, to access credit.