Anomirasecurity
Get started free
Academy/Fraud/Signup Abuse / Fake Accounts
High severityFraud

Signup Abuse / Fake Accounts

Attackers use bots to create large numbers of fake accounts on your platform to abuse free trials, claim referral bonuses, manipulate reviews, send spam, or build sockpuppet networks. Each fake account looks like a real signup but is controlled by a single bad actor.

Think of it this way

Imagine a restaurant offering a free meal to first-time customers. Someone brings 200 people wearing disguises, each 'signing up' as a new customer. The restaurant feeds 200 people for free but only one person ever intended to become a real customer. Signup abuse is that, but automated and at 10,000x scale.

How it works

Attackers use tools that generate fake email addresses, bypass or solve CAPTCHAs (using cheap human CAPTCHA farms), rotate proxy IPs to avoid detection, and fill in realistic-looking profile data generated by AI. They register at speeds of hundreds to thousands of accounts per hour, exploiting any per-new-user benefit your platform offers.

Real-world scenarios

Scenario 1

Referral bonus farming

A fintech offers ₦500 to both the referrer and new user on first deposit. An attacker creates 1,000 fake accounts, makes a small deposit on each, and harvests ₦500,000 in referral bonuses — costing the company real money for zero real customers.

Scenario 2

SaaS trial abuse

A competitor creates 500 trial accounts on a SaaS platform, using each one to access premium features, download templates, and export data — effectively getting unlimited free access by cycling through trials.

Scenario 3

Review manipulation

An e-commerce seller creates 300 fake buyer accounts, each leaving 5-star reviews for their own products and 1-star reviews for competitors — artificially manipulating rankings.

How Anomira detects this

Anomira detects signup abuse through velocity signals: many new accounts created from the same IP or IP range, identical device fingerprints across registrations, registration patterns that are too fast to be human (sub-second between fields), and new accounts that immediately perform high-value actions like referral code entry or bonus claiming.

What to do

  • Require email verification before unlocking any benefit or free tier.
  • Delay referral and signup bonuses by 7-30 days, after the user has shown genuine activity.
  • Implement device fingerprinting to link multiple accounts from the same device.
  • Use CAPTCHA at signup, but combine it with behavioral signals — CAPTCHA farms can bypass image CAPTCHAs.
  • Set IP-based limits on how many accounts can be created per day.

Related attacks

Medium

Rate Limit Abuse

Hammering your API with far more requests than any legitimate user would make.

High

Data Scraping

Bots systematically copying your content or user data at scale.

Critical

Credential Stuffing

Using stolen passwords from other breaches to break into your app.

See this attack in your live API traffic

Anomira detects signup abuse / fake accounts automatically — no configuration needed.

Start monitoring free Browse all attacks →