Don’t Hit Snooze: DataVisor Study Shows 44 Percent of Fraudulent Accounts Sleep at Least a Week Before Attack

MOUNTAIN VIEW, Calif., March 15, 2017 (GLOBE NEWSWIRE) — DataVisor Threat Labs, the security research unit of DataVisor, today released its Inaugural DataVisor Online Fraud Report, which provides unprecedented insight into the behaviors and attack techniques of some of the world’s largest online crime rings. The report, which spans the last six months of 2016 and is based on the analysis of DataVisor’s proprietary global telemetry network of more than one billion users across 172+ countries in the world, identifies the favorite tools and attack techniques these bad actors use to create accounts and evade detection.

It’s Time to Wake Up to Sleeper Cells

One new, and effective, attack technique for online criminals is to develop massive armies who appear normal and hide amongst normal users, waiting long periods of time to age the account before striking. These armies, or “sleeper cell” accounts are often used for testing or carrying out the attack in stages, and can lie in wait for months, or even years, before being used in an attack. According to the DataVisor Online Fraud Report, 44 percent of fraudulent accounts sleep at least seven days before an attack. Thirty-seven percent of malicious accounts have still yet to attack even after three months.

Head to the Cloud for a Head’s Up on Fraud

Fraudsters are using cloud hosting providers to create armies of fake accounts from unique machines and IP addresses. The cloud allows fraudsters to both significantly increase the number of attack campaigns they can conduct, as well as evade detection by remaining anonymous. DataVisor observed that 18 percent of accounts originating from cloud service IP ranges are fraudulent. Also, malicious accounts are seven times more likely to use cloud services than normal users.

Additional Key Findings

  • Fraudsters prefer desktop over mobile platforms: Desktop is the preferred platform for fraudsters as 82 percent of fake accounts originated from desktop machines, compared to only 18 percent from mobile platforms.
  • Fraudsters use Android devices: A user from Android platform is eight times more likely to be fraudulent than a user from iOS device.
  • Fraudsters look legit in your inbox: The data shows 53 percent of fraudulent accounts are registered with email addresses from popular email services from Google, Microsoft or Yahoo to blend in with good users.
  • Fraudsters go big when they go social: The fraudulent account armies targeting social platforms are 17 times larger than those targeting financial services — averaging 160 accounts per campaign.

“The Fraud Economy is flush with billions of dollars in resources. It’s no longer just one malicious user causing trouble, but rather massively funded armies numbering in the hundreds who are providing a big payout for these bad actors,” said Yinglian Xie, CEO and co-founder, DataVisor. “The fraudsters are becoming adept at looking like normal users and it’s clear from our research that they are increasingly sophisticated and using the latest technologies available to skirt detection. The DataVisor Online Fraud Report will hopefully serve to help inform and empower the fraud fighting community in our war against a common enemy, one sleeper cell at a time.”

To download the full report, please visit:

About DataVisor
DataVisor is the leading fraud and financial crime detection service utilizing unsupervised machine learning to identify attack campaigns before they conduct any damage. DataVisor protects some of the largest organizations in the world. For more information, visit


CONTACT: Contact

Lisa Mokaba
Head of Media Relations