Cookie Consent
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
In a complex cyber security and fraud landscape, user account attacks lead to two major types of fraud that businesses face today. These are account fraud and platform fraud.
Account fraud involves unauthorized access to user accounts, typically through tactics like account takeovers or opening fraudulent accounts.
“Oftentimes, when we mention fraud to our customers or really anyone in the industry, people's minds immediately go to things like monetary fraud which could include credit card fraud or check fraud, for the purposes of getting money,” said Mark Batchelor, CTO and Co-Founder at Verosint. “But in most cases, I had to commit account fraud in the first place to get to a spot where I could actually commit monetary fraud.”
One of the most common brute-force attack methods is credential stuffing, where attackers use stolen credentials from previous breaches to gain access to user accounts.
Often, account fraud is the first step toward committing monetary fraud, such as making unauthorized purchases, cashing out rewards points, or even laundering money. For this reason it is important to prioritize early account fraud discovery.
“Just this morning I was reading in one of the online forums for open source intelligence that there's this concept called building a sock puppet,” said Batchelor. “A sock puppet in this case is just a persona that looks enough like a person to pass enough checks. A lot of times you'll build out multiple sock puppets to open multiple accounts. Being able to detect that kind of thing is important.”
Account fraud is often the first step toward perpetrating other types of fraudulent behavior.
Platform fraud, on the other hand, targets the terms of service and very operating structure of an online platform or marketplace.
"If you’re only focusing on monetary fraud, you’re missing the bigger picture,” said John Tolbert, Director of Cybersecurity Research at KuppingerCole Analysts. “Platform fraud impacts user trust and your entire business ecosystem."
Examples include promotion abuse, where users exploit multiple personas to claim fraudulent discounts or offers, and marketplace scams like not delivering purchased goods or impersonating buyers or sellers.
“It's not the intent of the marketplace to scam their customers,” said Batchelor. “But people get on that platform, figure out how to scam the users of that platform, and it becomes platform fraud. If you've ever bought anything on eBay, Etsy, or Facebook Marketplace, over time, it becomes commonplace to think you might get scammed or to be unsure if you're going to receive that product in some cases.”
While many consumers may see platform fraud as isolated incidents, the broader consequence is diminished trust in the platform, which can lead to reduced user activity, customer abandonment, brand and reputational damage, and lower revenues.
“It may be an individual defrauding another but what happens is the marketplace itself suffers,” Tolbert said. “People don’t trust that marketplace anymore and they do less business.”
By adopting advanced fraud detection and prevention technologies, businesses can safeguard their operations, reduce financial losses, and build long-term trust with their users.
With a clear understanding of what constitutes account or platform fraud, as well as the potential consequences, organizations can begin to mitigate the three common types of user account fraud attack trends.
For more information on the three attacks to watch in 2025, the six best practices for mitigating account fraud, and more, be sure to access the most recent Account Fraud & Attack Trends Report: The Three Most Critical User Account Attacks to Stop in 2025 today.
