Think of new account fraud as the digital version of someone sneaking past security with a fake badge. By creating fake accounts using stolen or synthetic identities, fraudsters bypass verification systems and carry out activities like payment fraud, loyalty program abuse, or large-scale scams.

In this article, we’ll break down the main types of new account fraud, reveal how fraudsters operate, and highlight the industries most vulnerable to these attacks. Finally, we’ll share actionable strategies to protect your business from this growing threat.

What are the different types of new account fraud?

New account fraud isn’t just one tactic, it’s a toolbox filled with methods designed to exploit businesses. Here are the most common types and how they work:

1. Identity theft-based fraud

This is the classic “impostor” move. Fraudsters steal personal details like names, Social Security numbers, or addresses through phishing, data breaches, or social engineering.

Armed with this information, they create fake accounts that look legitimate on paper but are used for activities like applying for loans, opening credit lines, or committing financial scams.

2. Synthetic identity fraud

Think of this as a “Frankenstein identity”. Fraudsters stitch together real and fake information - like a legitimate Social Security number paired with a made-up name - to create a brand-new identity.

Because synthetic identities are part real, they often sneak past traditional security checks. These fake accounts might quietly build credit histories before suddenly maxing out loans or running up unpaid bills.

3. Account creation bots

Automation takes fraud to the next level. Bots rapidly generate thousands of fake accounts on platforms like e-commerce sites, loyalty programs, or social media.

These fake profiles can flood your system, exploit promotions, manipulate platform metrics, or even commit payment fraud - all before you have time to react.

What is the state of new account fraud?

New account fraud is escalating at an alarming rate, creating significant challenges for businesses across industries. Fraudsters are becoming increasingly sophisticated, exploiting gaps in verification processes and the growing reliance on digital platforms.

Recent data highlights the severity of the issue:

• In 2023, fraudulent new account creations accounted for approximately 9% of all new accounts, showcasing how prevalent this tactic has become,

• Digital banking is especially at risk, with 13.5% of accounts opened in 2023 suspected to be fraudulent,

• According to the Annual Fraud Report 2024, more than 1 in 5 businesses consider account opening fraud a significant stress on their operations, impacting both their reputation and bottom line,

• A report by Experian reveals that 67% of account opening fraud involves third-party fraud, while 33% stems from first-party fraud, illustrating the diverse methods fraudsters employ.

These statistics underline an urgent need for businesses to adapt. Fraud prevention is no longer optional, it’s essential to maintain trust, protect users, and safeguard operational integrity.

How does new account fraud work?

New account fraud follows a predictable yet effective playbook. Fraudsters rely on a series of calculated steps to infiltrate systems and exploit businesses. Here’s how it works:

Step 1: obtaining stolen or fabricated data

Fraudsters need a foundation to build fake accounts, and that starts with collecting personal information. This data can come from:

• Data breaches: massive leaks provide a treasure trove of stolen information, such as names, Social Security numbers, and email addresses,

• Social engineering: scammers manipulate individuals into willingly sharing sensitive details, often through phishing emails or fake support calls,

• Dark web marketplaces: personal data, credentials, and even pre-verified accounts are sold openly, making it easy for fraudsters to acquire what they need.

Step 2: creating fake accounts

Once they have the data, fraudsters set up fake accounts on various platforms. Depending on their strategy, they might:

• Manually create accounts: for smaller, more targeted attacks, fraudsters input stolen or fabricated details themselves,

• Use automated tools: bots can quickly create thousands of fake accounts, overwhelming platforms and scaling fraudulent activities.

To make their accounts appear legitimate, they may combine real and fake information, creating synthetic identities. This mix allows them to bypass many traditional security measures, as part of the information - like a valid Social Security number - is authentic.

Step 3: exploiting the accounts

With accounts in place, fraudsters move to the most damaging phase: exploitation. Fake accounts can be used for:

• Financial fraud: taking out loans or lines of credit and disappearing without repayment,

• Fraudulent purchases: making high-value transactions with no intention of fulfilling payments,

• Payment scams: redirecting or stealing funds through manipulated payment systems,

• Abusing loyalty programs: exploiting sign-up bonuses or rewards programs for personal gain.

The ability to seamlessly blend real and fake data makes detecting these accounts particularly challenging. Fraudsters can operate undetected for weeks or months, causing significant financial and reputational harm before being identified.

Which industries are targeted by new account fraud ?

New account fraud doesn’t discriminate, it affects businesses across a wide range of industries. Fraudsters are opportunists, targeting sectors that offer the highest value with the lowest barriers. Here’s where they strike the hardest:

1. Financial services

Banks, credit unions, and fintech apps are prime targets for fraudsters looking to exploit high-value opportunities. They create fake accounts to:

• Secure loans or credit lines with no intention of repayment,

• Launder money or commit payment fraud,

• Abuse signup bonuses and promotional offers from digital banking platforms.

The financial stakes are high, making this industry a constant target for fraud attempts.

2. Telecommunications

Telecommunications companies, including mobile carriers and VoIP services, face unique challenges from fraudsters. They create fake accounts to:

• Obtain subsidized devices under fraudulent contracts,

• Exploit SIM swaps to gain control of legitimate users’ phone numbers,

• Abuse VoIP services for anonymous calls or scams.

With a global reach and reliance on personal data, telecom providers remain on the frontlines of fraud defense.

3. E-commerce and retail

In the fast-paced world of online marketplaces, fraudsters exploit the sheer scale of activity to:

• Manipulate loyalty programs and signup bonuses,

• Commit fraudulent purchases using stolen payment methods,

• Fake engagement metrics through false user activity.

The volume of activity on these platforms makes detecting fraud a constant challenge.

4. Travel and hospitality

Booking platforms, airlines, and loyalty programs are no strangers to fraudulent activity. Fake accounts are used to:

• Exploit promotional offers,

• Book and cancel trips for fraudulent refunds or credits,

• Redeem loyalty perks like miles or free upgrades.

Fraudsters take advantage of the global nature of this industry to operate undetected.

5. Gaming and Social Media

Online gaming platforms, social networks, and dating apps are increasingly targeted. Fraudsters use fake accounts to:

• Spread spam or phishing links,

• Exploit in-app purchases or virtual currencies,

• Manipulate platform metrics, such as engagement or popularity rankings.

As digital communities grow, these platforms face a tough balancing act between user experience and fraud prevention.

Fraudsters adapt their tactics to exploit the unique vulnerabilities of each industry. By identifying these risks, businesses can better defend themselves and protect their users from harm.

How to detect new account fraud?

Detecting new account fraud is like piecing together a puzzle: the clues are subtle, but with the right tools and approach, they form a clear picture. Fraudsters often try to mask their activities, but businesses can spot red flags by combining systematic analysis and advanced detection methods. Here are the key steps to effectively detect new account fraud:

1. Account details assessment

One of the first steps in detecting fraud is evaluating the information provided during account creation. Look for:

• Email address reputation: verify if the email domain is legitimate or associated with suspicious activity,

• Phone number credibility: check whether the phone number is linked to a reliable network or flagged as disposable,

• Accuracy of details: inconsistent or incomplete information can indicate a fraudulent attempt.

2. Behavioral assessment

Analyzing how accounts are created and used can reveal unusual patterns, such as:

• Unusual account creation patterns: a sudden spike in new accounts from the same IP address or region,

• Device fingerprinting: identifying and flagging suspicious devices or IP addresses associated with multiple accounts,

• Number portability history: preventing SIM swap fraud by monitoring recently ported phone numbers,

• Residential proxy detection: identifying IP addresses linked to proxy servers often used to mask fraud,

• Fraud scoring: using machine learning models to assign a risk score to new accounts based on behavioral data and historical trends.

3. Open-source intelligence (OSINT)

Cross-referencing account details with publicly available or proprietary databases can uncover discrepancies or known risks:

• Data breach history: compare provided phone numbers or emails against databases of leaked information to identify compromised accounts,

• Disposable phone numbers: flag and block temporary phone numbers often used by fraudsters to bypass verification systems.

4. Unusual account activity

Even after account creation, certain behaviors can signal fraud:

• Rapid changes in account behavior: large transactions or significant activity shortly after account creation can indicate fraudulent intentions,

• Inconsistent usage patterns: accounts that show behavior uncharacteristic of normal users - like logging in from multiple locations within a short time - are strong indicators of potential fraud.

By leveraging these methods, businesses can minimize the risk of fraudulent accounts slipping through the cracks. A proactive approach to monitoring and assessment ensures better protection against evolving fraud tactics, keeping both users and platforms secure.

How to prevent new account fraud?

New account fraud isn’t just about detection - it’s about stopping it before it starts. By implementing strategic measures like seamless verification, multi-factor authentication, and robust KYC checks, businesses can build strong defenses while keeping the user experience intact.

1. Passive verification

Silent, behind-the-scenes checks are one of the most effective ways to catch fraud early without disrupting genuine users. This method verifies user information and behavior in real time by analyzing:

• Email and phone number credibility,

• Device and IP reputation,

• Behavioral anomalies.

Tools like user verification APIs, such as Prelude Watch API, can automate these checks, flagging suspicious activity without adding friction to the account creation process.

2. Multi-Factor Authentication (MFA)

Adding an extra layer of security to account creation is essential to prevent unauthorized access. Multi-factor authentication (MFA) verifies the ownership of critical user details, such as phone numbers or addresses, by sending a one-time password (OTP) to the user.

This additional step ensures that even if fraudsters have access to stolen data, they cannot complete the account creation process without the user’s active participation.

3. Know Your Customer (KYC) checks

For industries handling sensitive data or financial transactions - like banking and fintech - KYC (Know Your Customer) processes are critical. These checks typically involve:

• Requiring a valid ID document,

• Cross-referencing submitted details with trusted databases,

• Ensuring compliance with regulatory standards.

Although KYC checks add a layer of complexity, they are crucial for industries where account security and fraud prevention are non-negotiable.

The best way to prevent new account fraud is to think ahead. Combining proactive measures like verification, authentication, and KYC checks helps businesses stop fraud at its source, ensuring platforms stay secure and trustworthy. 

New account fraud is a complex and evolving challenge, but it’s not insurmountable. By understanding the tactics fraudsters use, identifying key vulnerabilities, and implementing proactive solutions, businesses can protect their platforms and users. Staying vigilant and leveraging the right tools isn’t just about security, it’s about fostering trust and ensuring long-term success in a digital-first world.

Looking to safeguard your platform against new account fraud? Try Prelude for free or contact our sales team to learn how we can help protect your platform.