“actors will fully randomize the timing of the new account creations, but most actors do not exhibit this level of sophistication. obscure and low reputation email domains the limiting factor in the creation of fake accounts is having access to email addresses. most systems requir…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
98%
“achieve username fuzzing. “ + ” among other characters can also be used instead of, or in combination with periods to achieve the same result. stolen email addresses a more sophisticated approach used by attackers may be to use real compromised user email addresses to create fake…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
98%
“. com ”, “ jo. hndoesoap @ gmail. com ”, “ joh. ndoesoap @ gmail. com ”, “ john. doesoap @ gmail. com ”, “ johnd. oesoap @ gmail. com ”, “ j. o. h. n. d. o. e. s. o. a. p @ gmail. com ” etc. while there are a large number of valid combinations, all verification and notification e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
93%
“as many real users tend to follow the same username patterns. username fuzzing this is another common approach used by sophisticated attackers to create large numbers of fake accounts. this approach is based on the difference between how email providers and the other companies wh…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.001Social Media Accounts
92%
“validate this information upfront to make it harder for attackers to create fake accounts in their systems. even for data that is not personally verifiable, similarities in profiles can reveal a lot about potential fake accounts. figure 2 below is an example of four freelance web…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
90%
“email addresses that can be used just once, or for a limited period of time. there are some legitimate use cases for these kinds of email addresses among privacy focused users, but these kinds of email addresses lend themselves perfectly for spamming and criminal use cases as wel…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
83%
“mary. childs03 @ gmail. com ” or the attacker might select a format of “ initial + lastname + 4digitdob @ domain ” and generate accounts like “ jdoe1986 @ yahoo. com ”, “ psullivan1976 @ gmail. com ”, or “ mchilds2003 @ gmail. com ” to generate these accounts, attackers will typi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
69%
“to identify the most sophisticated fake accounts from advanced actors. username pattern commonalities fake accounts are typically created in an automated fashion and in large numbers which creates some patterns in the account names that allow them to be identified and linked toge…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
58%
“are created by unsophisticated actors who will attempt to create a large number of accounts on a system in a very short period of time, typically hundreds of accounts per minute. this traffic is very easy to spot as even large websites do not have this number of new accounts bein…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.001Social Media Accounts
50%
“##er password requirements by websites, it is highly unlikely to see more than a handful of accidental password collisions. any large - scale collisions of passwords are more likely to be accounts controlled by the same entity and are probably fake accounts. profile analysis anal…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
43%
“expected email domains will vary by the regions of the typical legitimate users of the site, as there are email systems more common in some parts of the world than others. for example, qq. com is a popular email domain in china but less common in the americas and europe. seeing a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.001Social Media Accounts
38%
“to identify the most sophisticated fake accounts from advanced actors. username pattern commonalities fake accounts are typically created in an automated fashion and in large numbers which creates some patterns in the account names that allow them to be identified and linked toge…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
35%
“fake account creation bots – part 3 : 8 ways to identify fake bot accounts in part one of this series, we introduced fake account creation bots and why people create fake accounts, and in part two we covered why automation is used to create fake accounts and how fake accounts neg…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Part three of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.