Account creation is a type of botnet attack where the attacker creates multiple fake accounts through a website. These accounts are then used for malicious activity like spamming, money laundering, spreading malware, hurting reputations, skewing SEO results, and other mischief.
Alternate Names and Examples
Account pharming
Fake account
Fake social media account creation
Impersonator bot
Massive account registration
New account creation
Registering many user accounts
Potential Symptoms
• User accounts containing incomplete or missing information compared to the typical account holder
• User accounts getting created but not used for awhile
• User accounts created with abnormal use, and/or misuse of the normal functions of the application
A simple way to find account creation issues or fake accounts is to look at the last login date. Typically, if a hacker is trying to abuse your service by creating a fake account, they will engage in abuse for a short period of time. It probably won’t take long for them to do what they need to do, so check when the account was last logged into. If it’s been a long time then that’s a red flag. Also, take a look at how many times they logged in with that account, how long they they were logged in, what pages they visited, etc…This should give you some good insight as to whether you should investigate the account further.
Often times account creation is just the first step to further automated botnet attacks. In order to engage in carding, card cracking, or cashing out, most of the time you would need to create an account first. Therefore, account creation is a big indicator that more damage may be attempted soon.