Fake accounts have existed for as long as the internet has required logins. And despite years of investment in detection and removal, they’re still a persistent problem that shows no signs of slowing down.
Fake accounts plague the internet, and while that’s often annoying for consumers, it can be costly and confusing for companies. With bots, AI, and automation dominating our online lives more and more, this problem is only going to become more challenging. Merchants need to ensure they have the right processes and perspectives in place to protect their business while encouraging growth.
4 Types of Fake Accounts
Fake accounts come in different flavors, making the picture even more complicated. However, it’s important to distinguish between them as much as possible, in case your best approach is to treat some differently.
These are some of the common kinds of fake accounts:
- Good customers cheating a little: Think of a good user who signs up with both their work and their personal emails to get that extra discount.
- Exploitative customers cheating a lot: Real users who get to work and set up tens or even hundreds of accounts to rack up points, benefits, and free stuff.
- Straight fraud: Fake users creating entirely fake profiles for the purpose of fraud. Accounts may well have stolen information or payment methods attached.
- Bots: Not people at all; some fraudsters use bots to set up fake accounts quickly. They may use them immediately or leave them to age to make them look more legitimate later on.
The Cost of Fake Accounts
The first kind of fake account, good customers cheating a little, operates on a restricted scale. It’s not people putting a lot of effort into their fakery; it’s just everyday folks using more than one of the email addresses they really have and use in real life.
But when you look at the other kinds of fake accounts, which are the overwhelming majority of fake accounts, you start to worry about the scale involved. Forter’s research indicates that as much as 90% of fake accounts on digital commerce sites are usually the work of a relatively small number of cheating or fraudulent users. Moreover, more than 80% of fraudsters trying fake account tricks are likely to be returning fraudsters who have tried to hit the site in the past.
Fake accounts at scale are a serious problem because they cost the business financially and logistically in both the short and long term:
- The cost of the free benefits given out to people who shouldn’t be receiving them.
- The cost of the resources used to untangle the situation and stop the abuse.
- The cost to the customer experience and growth if the business stops offering certain benefits or deals because abuse is too prevalent.
- The cost wasted in marketing campaigns attracting users who aren’t really new.
- The cost of mistaken decisions taken based on inaccurate information about what works in campaigns — or what the nature of your core audience is — when the numbers are being skewed by fakes.
Awkward Incentives
The true trickiness with fake accounts is that precisely the steps that merchants take to incentivize engagement, loyalty, and retention create the vulnerabilities animating the fake account storm.
For instance, encouraging a customer who has been dormant for a long time to come back with some free credit to start them off shopping again is a great idea. But it’s also an open invitation for cheating users to set up multiple accounts, use them once, and then lie low until they get their retention nudge.
A lot of the users who do this at scale are resellers, so what’s happening in these cases is that they’re using the retailer’s own money to fund their private reselling business. There’s no way that makes sense to me — and if you’re from a retailer, it shouldn’t to you either.
Anticipating Agents
The picture is about to get even more complicated now that tech companies and retailers are exploring the use of AI agents to automate tasks — including shopping. Agentic AI was all the rage at CES 2025, and while it’s too early to say which applications will succeed, it’s clear that there’s huge interest in using agents for online purchases.
Once that’s a factor, merchants need to be able to distinguish “good bots” from “bad bots.” When regular people rely on agents to take some of the shopping load, your business can’t afford to reject them as false declines.
The time to prepare for this challenge is now before it becomes a problem.
All About Identity
From my perspective, the answer to “What counts as an account?” comes down to understanding the identity of the entity behind it.
Many businesses have a policy that condones customers who cheat just a little. Digital commerce, BI, payments, or fraud teams often work out the equation: how much a customer needs to spend on legitimate purchases to be worth keeping as a customer, even if they cheat up to X amount, but not beyond.
Equally, good bots operating legitimately on behalf of a good user shouldn’t be blocked just because they’re bots. In other words, they should count as an account, even if they tick the technical boxes for “not an account.”
That said, it’s vital to distinguish between these accounts and exploitative or fraudulent users. Those shouldn’t count as real accounts, and shouldn’t be allowed to drain the business in any way.
Forter’s Identity Protection not only can identify which users are which and which accounts you want to count, but it can also make it easy to see the difference when you’re analyzing your traffic and implement your policies around what counts automatically. That means the users who deserve a smooth experience get it, while those who don’t get shown the door.
Whether you approach this problem through Forter or handle it differently, it’s time to ensure that your company is tackling it. Sticking your head in the “account sand” is already too costly to make sense, and with the AI advances already on the horizon, making sure you’re on top of this challenge will be key to success.
Doriel Abrahams is the Principal Technologist at Forter and host of ‘What the Fraud?,’ where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.