How to spot fake email sign-ups

Any business that collects data from their website runs the risk of gathering fake information from spambots, fraudsters or people who don’t want to give away their real details. This can be problematic for online service providers because it potentially means allowing bad actors to access apps and services where they can make financial transactions, interact with other users, or even look for security loopholes they can exploit.

Read our article to learn more about fake sign-ups and how to spot them in your audience data. 

The problem with fake sign-ups

Not only can fake sign-ups inflate the actual number of sign-ups your site has received, causing inaccuracies in your audience data, but they can be a warning sign of fraudulent activity. 

Fake sign-ups can harm your business in a number of ways:

• Increases the risk of fraudulent transactions 
• Leads to the possibility of your online service being abused 
• Increases the risk of security breach 
• Heightens the risk of credit card chargebacks

How to spot fake sign-ups

If you have a large number of users in your database, it might be difficult to tell which of them are fake. 

Typical characteristics to look out for when identifying fake sign-ups include: 

• An abnormally high number of new sign-ups - if you notice a spike of new sign-ups from the same domain all using email addresses from webmail hosts like Hotmail or Yahoo, it could be a sign of spam bots at work. 
  
  
• Lots of sign-ups within a short space of time - a large number of email addresses in a matter of seconds or minutes is a cause for suspicion. 
  
  
• Invalid email addresses - all businesses will occasionally receive invalid email addresses, but a high volume of these is a warning sign of fake sign-ups. 
  
  
• Non-corporate email addresses - if your business is B2B but you’re receiving an increase in personal email address sign-ups, it may be worth investigating. In addition, public email address domains like Yahoo or Gmail are often used by fraudsters as they are easy to obtain, so it’s important to know when and where the email address was registered, and who it was registered by. 
  
  
• Suspicious IP or mail server location - is this person from where they say they are from? It’s possible fraudsters using fake email addresses may be faking their location as well, so it’s important to check their IP address if you suspect the sign-up isn’t legitimate. 
  
  
• Gibberish - if an email address contains a string of random numbers and letters, the chances are it is a fake or disposable email address. 
  
  
• Email addresses appearing on block lists - block lists are curated by collaborators across the internet and shared to allow businesses to filter malicious and fraudulent activity. 
  
  

In some cases, it can be relatively easy to spot fake sign-ups because the email addresses may look obviously spammy. You might also notice a large number of email addresses in your list that have similar characteristics such as an alphanumeric or consecutive number string, or domains that all contain the same words. 

However, many signals of email trustworthiness are invisible to the untrained eye and can take substantial time and effort to detect. For this reason, anyone concerned about a large volume of fake sign-ups should consider automated verification checks at the sign-up stage to act as the first line of defence.

Fake sign-ups with disposable email addresses

A disposable email address is an email address that lasts for a certain period of time, from a few minutes to a few weeks.

Although not everyone who uses disposable email addresses does so for illegal reasons, they can enable criminal activity such as identity fraud, credit card chargebacks and abusive behaviour. The temporary nature of disposable email accounts enable fraud by allowing hackers to create a random email address and dispose of it quickly. 

Look out for domains from mailinator.com, tenminuteemail and temp-mail - these are sites that allow users to create disposable emails for purposes such as keeping their inboxes clean. However, fraudsters may also use these sites to generate email addresses that enable them to take advantage of your offers, abuse other users on your platform or leave spam comments on your site. 

How Email Hippo can help you stop fake sign-ups

We have two products that can help you stop your forms and CRMs carrying bad email data through to your system:

MORE

Our MORE email verification API is easy to integrate with online forms and checks 74 data points, returning results quickly. It identifies good, bad and unverifiable email addresses and the additional information feature allows you to use an email address to create discrete user experiences. 

ASSESS

ASSESS is another API that blocks attempted sign-ups from fake accounts or people using invalid email addresses. It returns a Trust Score relating to name data, location, domain and email address, so you can create automated responses to deter fraudsters and time-wasters. 

Start your free trial

Ready to find out how easy it is to use email address intelligence to spot fake email sign-ups? Sign up to a trial of ASSESS today for 100 free credits.