OWASP Automated Threats

Create multiple accounts for subsequent misuse.

What is Account Creation?

Bulk account creation, and sometimes profile population, by using the application’s account sign-up processes. The accounts are subsequently misused for generating content spam, laundering cash and goods, spreading malware, affecting reputation, causing mischief, and skewing search engine optimization (SEO), reviews and surveys.

Account Creation generates new accounts - see OAT-007 Credential Cracking and OAT-008 Credential Stuffing for threat events that use existing accounts.

Account Creation is also known by terms such as account pharming, fake account, fake social media account creation, impersonator bot, massive account registration, new account creation and registering many user accounts.


The symptoms of Account Creation

  • 1
    Higher than average account creation rate compared to average rate over time
  • 2
    Accounts with incomplete information relative to the typical account holders
  • 3
    Accounts created but which are not used immediately
  • 4
    Accounts created with disproportionate use, and/or misuse, of the application’s functionalities


Sectors targeted by Account Creation

  • Education
  • Entertainment
  • Financial
  • Retail
  • Social Networking


Can InfiSecure prevent Account Creation?

InfiSecure’s bot protection service can accurately identify and block bots that try to engage in fraudulent account creation activities.