As online accounts become essential for activities ranging from shopping and social media to banking, “account farming” has emerged as a significant fraud risk. This practice involves creating fake or unauthorized accounts en masse, often for malicious purposes.
Understanding how account farming works, why it’s done and how businesses can protect themselves is crucial for maintaining data integrity, safeguarding customer trust and protecting your bottom line.
How does account farming work?
Account farming is the process of creating and cultivating multiple user accounts, often using fake or stolen identities. These accounts may look like legitimate users, but they’re controlled by a single entity or organization, usually with fraudulent intent. Here’s a breakdown of the typical steps involved in account farming:
- Identity generation: Account farmers start by obtaining either fake or stolen personal information. They may buy these datasets on the dark web or scrape publicly available information to make each account seem legitimate.
- Account creation: Using bots or manual processes, fraudsters create numerous accounts on a platform. Often, they’ll employ automated tools to expedite this process, bypassing CAPTCHA or reCAPTCHA systems or using proxy servers to mask their IP addresses and avoid detection.
- Warm-up phase: After initial creation, account farmers often let the accounts sit for a while, engaging in limited, non-suspicious activity to avoid triggering security alerts. This “warming up” process helps the accounts seem more authentic.
- Activation for fraudulent activity: Once these accounts reach a level of credibility, they’re activated for the intended purpose. This might include spamming, fraud, phishing, fake reviews or promotional manipulation.
Why is account farming done?
There are several reasons account farming has become a widespread problem across different industries. Here are some common motivations:
- Monetary gain: Fraudsters use farmed accounts to commit fraudulent transactions, like applying for loans and credit products, accessing promotional incentives or exploiting referral programs.
- Spam and phishing: Fake accounts enable widespread spam campaigns or phishing attacks, compromising customer data and damaging brand reputation.
- Data theft: By creating and controlling multiple accounts, fraudsters may access sensitive data, leading to further exploitation or resale on the dark web.
- Manipulating metrics and market perception: Some industries use account farming to boost visibility and credibility falsely. For example, on social media, fake accounts can be used to inflate follower counts or engagement metrics. In e-commerce, fraudsters may create fake accounts to leave fake reviews or upvote products, falsely boosting perceived popularity and manipulating purchasing decisions.
How does account farming lead to fraud risks?
Account farming is a serious problem that can expose businesses and their customers to a variety of risks:
- Financial loss: Fake accounts created to exploit promotional offers or referral programs can cause victims to experience significant financial losses. Additionally, businesses can incur costs from chargebacks or fraudulent refunds triggered by these accounts.
- Compromised customer experience: Legitimate customers may suffer from poor experiences, such as spam messages, unsolicited emails or fraudulent interactions. This leads to diminished brand trust, which is costly to regain.
- Data breaches and compliance risks: Account farming often relies on stolen data, increasing the risk of data breaches. Businesses subject to regulations like GDPR or CCPA may face hefty fines if they fail to protect consumer information adequately.
READ MORE: Our Data Breach Industry Forecast predicts what’s in store for the coming year.
How can businesses protect themselves from account farming fraud?
As account farming tactics evolve, businesses need a proactive and sophisticated approach to detect and prevent these fraudulent activities. Experian’s fraud risk management solutions provide multilayered and customizable solutions to help companies safeguard themselves against account farming and other types of fraud. Here’s how we can help:
- Identity verification solutions: Experian’s fraud risk and identity verification platform integrates multiple verification methods to confirm the authenticity of user identities. Through real-time data validation, businesses can verify the legitimacy of user information provided at the account creation stage, detecting and blocking fake identities early in the process. Its flexible architecture allows companies to adapt their identity verification process as new fraud patterns emerge, helping them stay one step ahead of account farmers.
- Behavioral analytics: One effective way to identify account farming is to analyze user behavior for patterns consistent with automated or scripted actions (AKA “bots”). Experian’s behavioral analytics solutions, powered by NeuroID, use advanced machine learning algorithms to identify unusual behavioral trends among accounts. By monitoring how users interact with a platform, we can detect patterns common in farmed accounts, like uniform interactions or repetitive actions that don’t align with human behavior.
- Device intelligence: To prevent account farming fraud, it’s essential to go beyond user data and examine the devices used to create and access accounts. Experian’s solutions combine device intelligence with identity verification to flag suspicious devices associated with multiple accounts. For example, account farmers often use virtual machines, proxies or emulators to create accounts without revealing their actual location or device details. By identifying and flagging these high-risk devices, we help prevent fraudulent accounts from slipping through the cracks.
- Velocity checks: Velocity checks are another way to block fraudulent account creation. By monitoring the frequency and speed at which new accounts are created from specific IP addresses or devices, Experian’s fraud prevention solutions can identify spikes indicative of account farming. These velocity checks work in real-time, enabling businesses to act immediately to block suspicious activity and minimize the risk of fake account creation.
- Continuous monitoring and risk scoring: Even after initial account creation, continuous monitoring of user activity helps to identify accounts that may have initially bypassed detection but later engage in suspicious behavior. Experian’s risk scoring system assigns a fraud risk score to each account based on its behavior over time, alerting businesses to potential threats before they escalate.
Final thoughts: Staying ahead of account farming fraud
Preventing account farming is about more than just blocking bots — it’s about safeguarding your business and its customers against fraud risk. By understanding the mechanics of account farming and using a multi-layered approach to fraud detection and identity verification, businesses can protect themselves effectively.
Ready to take a proactive stance against account farming and other evolving fraud tactics? Explore our comprehensive solutions today.
This article includes content created by an AI language model and is intended to provide general information.
