How to Spot Fake Sign Ups

by | Oct 15, 2021

Collecting customer email signups is one of the most important and basic ways to connect with new and potential clients. The challenge that many businesses are not aware of is that if they’re collecting real email list sign-ups, they are also very likely collecting fake email list sign-ups. 


There are many downsides and dangers to this. If you’re dealing with people who are willingly trying to do you or your business harm ( known as bad actors or fraudsters), you can be giving them access to information, services, and apps that they can use for ill. If you’re dealing with spambots you can be inundated with false information and be unable to tell the real signups from the fake. This is especially dangerous for affiliate marketers who are giving payouts based on the number of people that sign up. 


If you don’t catch fake sign-ups in time, they can also be the source of fraudulent or illicit transactions and have a larger risk factor in terms of credit card chargebacks as well. Additionally, you’re at a greater risk for security breaches or your platform or service being abused.


No matter the source, fake sign-ups are detrimental to your business. In this article, we’re going to show you how to spot fake sign-ups and ways to prevent them from happening at all. 


Symptoms of Fake Sign-Ups

There are many methods to use to spot fake sign-ups, and it’s more of an art than a science. Though there’s not a single, fool-proof method of spotting fakes, by using multiple strategies in tandem with one another, you can catch more fake sign-ups than not. Here’s what you need to keep in mind:


Remember that for a real email address to exist, a human had to choose it and verify it. And while people are known to use some letters and numbers while creating their email addresses, they also don’t tend to make the address so complex that they can’t easily tell it to others or type it into websites. If an email address contains a string of random numbers and letters that would be difficult for a human to remember, or if it contains outright gibberish, it is very likely a fake email sign-up. 


Also keep an eye out for signups from strange or suspicious mail servers or IP locations. For example, are you getting multiple signups from one specific state all of a sudden? It’s one thing to have an area where your services are popular, but if you get an abnormal amount of sign-ups from a specific geographic location suddenly, the customers may not be real. Additionally, if you’re located in the US and suddenly begin to get an influx of sign-ups from a foreign country where you don’t even do business, beware. 


One of the most common symptoms of fake sign-ups is a sudden surge in volume. We all want more customers, but if you see an inordinate amount of new sign-ups, you should raise an eyebrow. Something else to consider is how quickly the sign-ups are occurring. If a large number of people sign-up in seconds or minutes, there’s a very slim chance they’re real. 

Something else that fake sign-ups tend to exhibit is that a majority (or all) of the email addresses used to sign up will share the same domain. For example, if you get a high number of sign-ups from Yahoo or Hotmail account, it’s likely not a coincidence. 

This is also a little more granular, but if you’re still unsure if a sign-up is fake or not, take a look to see if the first and last name fields are different than a name that was used in the email address. If the form says “Steve Sanchez” and the email says “” that’s almost certainly a fake sign-up. 

Check Your Analytics

Many companies only monitor their profits and losses but don’t truly look at their analytic data. Your website analytics can be one of the simplest forms of detecting and preventing fraud. Studies show that companies that actively monitor their analytic data can reduce fraud activity by higher than 50%. 


Use analytics as a tool to identify fake sign-ups at a high level, and find the data points to investigate at a more detailed level.


A simple strategy you can use to monitor your analytics is to take a look at your numbers each week, and then each month. Then every quarter, look at three months’ worth of data. It’s not a good strategy to look at daily numbers because traffic, sign-ups, and other metrics can vary greatly from day to day. If you see strange spikes that are far beyond the average, look deeper. 

Are You Being Attacked By Spambots?

A spambot is a malicious piece of software that is built to crawl your website and find specific code, and interact with it, pretending to be human for fraudulent purposes. Spambots can do a number of things, including leaving fake comments, creating fake accounts, and executing fake email sign-ups, among many other things.


Many Spambots are programmed exclusively to perform fake sign-ups. 


Since these tasks often only require the user to fill out a few fields, the Spambots are programmed to do this automatically. Sometimes these Spambots are coded to invent entirely new, fictional user information– but sometimes they’re loaded with real (often stolen) information. Some Spambots are so sophisticated that they model human behavior before taking action so they’re more difficult to detect.


Spambots are never good, but if they’re loaded with stolen, real information to execute fake sign-ups it can be especially bad. If you try to send messages to these people, they’ll have no idea who you are, and in almost every case, you’ll be breaking the law because you don’t have true consent to contact them. 

Fake Sign-Ups Hurt Existing Sales

What you may not have considered is that fake signups aren’t just a danger in and of themselves, but can also absolutely demolish your existing marketing efforts. 


When you get a surge of fake sign-ups it completely dilutes your demographic information and makes it impossible to see what’s really accurate. If you look at your marketing data and can’t tell which age groups, locations, and other information is real and what is fake, you’re flying blind when it comes to your marketing efforts. What’s worse is if you don’t realize you’ve been the victim of fake sign-ups and make changes in your marketing strategy based on entirely fictional data trends and metrics. 


For email campaigns specifically, fake sign-ups can be a black cloud that can destroy your email list. When you have a high number of fake sign-ups on your list that used real email addresses, you’re doomed to be labeled as SPAM. When a high number of people who have never heard of you get your email, they’ll often send your campaign off to the SPAM folder. When a high enough number of people do this, you can get blacklisted by the various email service providers. This means that your emails are seen as unsolicited and will go straight into the SPAM folder for everyone— including the people who actually opted in to your list. 

How Fake Sign-ups Hurt Affiliate Marketers

If you’re a player in the affiliate marketing world, fake sign-ups can cripple your business and cost you an inordinate amount of money. Here’s a look at the process that bad actors use to abuse the affiliate marketing ecosystem for their own gain.


It begins when a bad actor signs up for your affiliate program. They often already have access to illicitly obtained customer data at this point. This is stolen customer information they’ve typically purchased from a prohibited source like the dark web or illegal information brokers. These bad actors then use Spambots to automate the signup process and use the stolen information to execute a wave of fake sign-ups en masse. 


Unless you catch these fake sign-ups quickly and accurately, you then pay out the affiliate referral fee on false information. You think you’ve gotten a bunch of real sign-ups, but you haven’t. So while you’re jumping up and down in excitement, a fraudster is taking your money and disappearing. You’ll not only lose money but to make it even worse, now your database is also tainted with a wave of fake customer data.


Preventing Fake Signups

There are many ways to prevent fake sign-ups, though none of them work 100% of the time. However, by having some (or all) of these safeguards in place, you’ll be able to eliminate most fake sign-ups. Here are some things to consider:


Even though their methods are ever-evolving, many bad actors use similar tricks for their fake sign-up schemes. If you have the technical savvy, you can put safeguards in place that will typically outsmart the tech level that the fraudsters are using. Start off by filtering any VPNs or proxies to block the data centers that spammers most often use. Secondly, block any forms that are sent using iFrames. Finally, you can enact geolocation to block any traffic sources that are outside of your desired market. 


Another powerful method of filtering fake sign-ups is by creatively using a hidden field. By creating a field on your form that’s hidden, it won’t show up to your site’s visitors. However, when a Spambot fills out a form, it’s looking purely at code. When it sees a form, it’s going to fill out every possible field. The logical conclusion is that any form fill that has an entry in the hidden field is a fake sign-up. Commonly known as the “honey pot” method, this is a strong layer of protection against fake sign-ups.


The baseline method for stopping fake signups is the use of the latest version of a CAPTCHA (or the more advanced ReCAPTCHA). While these tools aren’t perfect, they’re a strong complement to some of the more robust solutions we’ve recommended. A CAPTCHA or ReCAPTCHA forces a website’s user to interact with the site with specific clicks that can’t be faked by Spambots easily. This can be checking a check box, or even selecting a group of similar pictures. Every site should have a CAPTCHA or ReCAPTCHA as its first line of defense against fake signups.


If you try all of these methods, and you’re still stuck, there are also companies that specialize in protecting companies from fake user registrations with in-depth IP verification. These companies will check the IP address of each user that comes to your website from every possible angle. They’ll cross-reference the visiting IPs with any history of abuse, and also check any of the form fills that occur against their database of user information that is known to be compromised. They can also enact a technique known as device fingerprinting in which they match users to devices to find out if the said devices are considered fraudulent or trusted.  These sorts of services are the most powerful when it comes to truly preventing fake sign-ups.


Lead Validation With Validiform

Even if a sign-up that occurs on your site is fake, you’re still the responsible party. Don’t leave yourself at risk for fake sign-ups that can harm your business’s real customer database, and cost you serious revenue.

You need to protect yourself with lead validation that works, or you can face major fines.

If a Spambot uses someone’s real information to sign up, and you contact them, your only course of action will be to assume guilt and take the penalty or fine… unless you have Validiform. 

Validiform is the industry standard in lead validation that tracks your user’s activity on your website and captures video any time someone fills out a web form. We then store that video on our secure servers for you to retrieve at any time.

If there’s ever any question of the validity of a sign-up, and you’re in danger of a TCPA lawsuit, Validiform can save you from sitting through many hours in court, and from paying thousands in fines. All you have to do is pull up the video of the exact moment the customer opted-in, and you’ll be proven innocent by a third-party source. 

Setup is simple and user-friendly, and our in-house support team is always happy to help. 

Don’t leave yourself vulnerable. Get Validiform today.