A few weeks ago, Kristen Faughnan got something that surprised her: a "low balance" text message from her bank. That didn't make sense. She'd just paid for a haircut, but she knew how much was in her account. Even after paying her stylist, it was much more than the level at which the bank would tell her she was almost out of funds.
"I logged onto my bank account to find two recent charges from Groupon," she says. They were from a cologne store in Texas. Faughnan lives in Pennsylvania.
Faughnan was most likely victim of a costly form of cybercrime: a fake user taking over her account. Fake users spam real users that are part of a site, steal confidential information or, as in the case with Faughnan, take over an account (the fraudulent purchases were made through a credit card she had stored in the site -- a credit card that had expired, which added another piece to the puzzle).
The fakers are costing companies users - and money.
The faux use problem
According to "The Fraud Report: How Fake Users are Impacting Business," [PDF] a study released by TeleSign, a mobile identity solutions company, and the Ponemon Institute, a research institute, 82 percent of companies struggle with fake users.
They surveyed 584 U.S. and 414 U.K. individuals who are involved in the registration, use or management of user accounts. Average value of user base of the respondents: $117 million. That's a lot of big targets for hackers to go after.
"You see [this kind of fraud] across pretty much any Web or mobile application that has a user base," says Ryan Disraeli, co-founder and vice president of Telesign, "Anywhere you need a login with an account, we're seeing issues with fake users."
And they're doing, well, everything. According to the study, 30 percent of fake users are there to spam real site users. Twenty-seven percent want to steal confidential information; 14 percent are after social engineering, 10 percent want information for phishing, six percent are hoping to take over an account, four percent want to create both chaos and disruption and credit card fraud, and three percent want to create fake reviews.
"Once they get in, they're in, virtually walking around and discovering lots of new interesting and cool stuff that they can get their claws into," says Joe Schorr, director of advanced security solutions at Bomgar. "They can pretty much take whatever they want once they're inside."
Companies aren't helping
Even though so many companies have a problem with fake users, they're not exactly putting up a fortress around their real user base. According to the study, 43 percent of companies say that they allow them into their site to avoid friction in the user registration process. The reasons for that are wide, too: 58 percent of users cite convenience as the reason; 52 percent say cost efficiency and 42 percent say ease of use. An organization's authentication strategy with security comes in fourth at 21 percent.
Sign up for Computerworld eNewsletters.