Catfished: The Rise of Fake Users

You've heard the stories: Online predators, fake romantic partners, mystery, lies, deceit. But could the concept of catfishing go beyond a bad online date?We live in a world where buzz words such as ‘fake news' have become a bad joke, but in reality, when applied to the internet, ‘fake' would be a fair indictment of the state of things. Fraud runs amok in nearly every corner. Indeed, some say ‘fake users' on the internet are the world's worst plague since ‘The Black Death.' Hyperbole aside, there is real money and consequentially real damage done by online fraud. With experts theorizing that fewer than 50% of internet users are human, this opens the gate to lots of nefarious hijinks. Let's look at some of the more popular methods.

Hacking the Algorithm

As I write this article, thousands of people around the world are hacking an algorithm.What do I mean about hacking an algorithm? People are spamming their blogs full of hot keywords for better SEO? While I'm sure that happens too, I specifically want to talk about eCommerce algorithms and how people abuse them for their own gain. One such hack would be weaponized reviews.Before we start it would help if you have a baseline knowledge of how eCommerce algorithms rank their products. Without being too specific, a lot of positive reviews vault a product to the top, a lot of negative reviews drop you to the bottom. It's similar to your favorite podcast, they're always begging you to ‘Like and Subscribe' because if enough people do this, they will be vaulted to the top of the charts and get more listens.One could argue, the power of positive reviews is incredibly valuable and the damage of negative reviews can be catastrophic.

How does it work?

Let's pretend I am selling a highly commoditized product like off brand phone chargers on some random eCommerce site. There are dozens, if not hundreds of people who sell the exact same thing as me. What is a fraudster to do?Easy…create a bunch of fake accounts. By going through the website's sign up process I can create a massive amount of accounts for subsequent misuse. I could use aliases, temporary e-mails and prepaid phones to circumvent most verification processes. It takes only a matter of seconds to create an account on most platforms, you can imagine how easy this process is to replicate.Now armed with a handful of accounts burning a hole in my pocket, we head to the next step: The fake review, from the fake account.  Myself and all of my co-conspirators write RAVE reviews to trick the algorithm. This helps us climb the ranks, but not quite all the way to the top. There are still a few pesky competitors above us.

Phase 2

We can now tank our opponents by talking about how inferior their products are in our fake reviews. Or even worse, we can flag them as unsafe and get the products temporarily suspended.This is only the tip of the iceberg when it comes to meddling with a competitor.Are you familiar with the concept of ad fraud? Generally, an ad bills every time it is served or clicked. Conversely if you are advertising an app you may be billed per download. Let's say you set your daily ad budget for your app at $1000 and each time an ad serving your app is clicked to generate a download that costs you $5, 200 fake users could theoretically download your app, draining your budget and rendering your advertising effort worthless.How would one do this? With a bot or a click farm. Go ahead, click that link to see one in action. It's quite shocking.The scheme can be run in reverse as well because many video hosting sites monetize content based on views. The NY Times did an investigation and found that you can buy 5,000 views for the bargain basement price of about $15.Fake reviews, fake accounts, spam, it doesn't stop. These are just a couple of the schemes that give corporate security experts headaches and keep them awake at night.

What can be done?

Fraud is never going away and there is no way to eliminate it, but like certain medical conditions, it can be managed. One no-brainer is phone-based authentication with every account. It should go without saying that enabling tools like 2FA and using mobile-identity based APIs to verify a user is in fact human can go a long way to reduce fraud. Finding out that User123 is actually just spamming negative reviews through a VOIP phone number makes it easier to sift through what is fake.Eventually if you make these fraudsters jump through enough hoops they'll either give up or pick an easier target. Scammers are also like any good corporate firm working on ROI, then it is key to understand that security is about raising barriers higher so the return on investment for these fraudsters become too thin to start investing.That's why at TeleSign we are passionate about putting these safeguards in place. We don't believe that anyone should be bullied online, especially by something or someone that isn't even real. If your business requires an account, we can protect you.The internet is a valuable tool when used properly and safely. Sometimes we forget about the ‘safe' part of that and when we do the financial losses could be severe. Stick with us and the only catfish in your life will be that of the smoked variety that you enjoy after a long day on the lake.This article was originally published by Guillaume Bourcy. Guillaume is a Global Sr. Director, Data and Solutions Strategy at TeleSign.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.