Multi-Accounting: How Fraudsters Exploit Your Platform and How to Stop Them

Most platforms have a one-account-per-person policy. Most fraudsters ignore it. Multi-accounting - the practice of a single person or group operating many accounts on the same platform - is one of the most pervasive and adaptable forms of online fraud. It underpins everything from coupon abuse to marketplace manipulation, and it's getting harder to catch.

What multi-accounting is and why it's everywhere

At its core, multi-accounting means one person controls multiple identities on a platform. Sometimes it's two accounts; sometimes it's two thousand. The motivation varies - exploiting promotions, evading bans, manipulating rankings, or gaining an unfair competitive advantage - but the underlying mechanic is the same: create more accounts than the rules allow, and use them to extract value.

The reason it's so widespread is simple economics. Platforms offer incentives designed for individual users - signup bonuses, referral credits, first-order discounts. Each incentive becomes a profit opportunity when someone can create accounts at scale. A $10 signup bonus is negligible for one user but worth $10,000 across a thousand accounts. And the tools to do exactly that have never been cheaper or more accessible.

Common attack patterns

Multi-accounting isn't a single type of fraud. It's a technique that enables many different schemes:

• Promo and coupon abuse: New-user discounts, free trials, and welcome offers get harvested across hundreds of accounts. Food delivery platforms, streaming services, and ride-sharing apps are frequent targets. Each "new user" is the same person with a fresh email address.
• Referral fraud: Referral programs that reward both parties become self-dealing operations. The fraudster refers their own fake accounts, collecting bonuses on both sides of each referral. Some operations run referral chains dozens of accounts deep.
• Marketplace manipulation: On platforms where sellers compete for visibility - e-commerce marketplaces, freelancing sites, rental listings - multiple accounts let a single operator dominate search results or undercut competitors.
• Review and rating fraud: Fake accounts leave positive reviews on the operator's listings and negative reviews on competitors'. This is especially damaging on platforms where trust signals like ratings directly influence purchasing decisions.
• Ban evasion: When a platform bans a user for policy violations, a new account is the simplest workaround. Without effective detection, the banned user is back within minutes under a new identity.
• Gaming and gambling exploits: Online games and betting platforms offer bonuses and promotional credits. Multi-accounting lets players claim these repeatedly or collude across accounts in competitive environments.

The infrastructure behind multi-accounting

Creating one fake account is trivial. Creating hundreds that survive detection requires infrastructure. Here's what a typical multi-accounting operation uses:

• Proxy networks: Each account needs a distinct IP address to avoid obvious clustering. Residential proxies are the preferred choice because they look like normal consumer connections. Datacenter proxies are cheaper but easier to detect. For more on why residential proxies are especially problematic, see our post on why residential proxies are the hardest threat to detect.
• Disposable emails: Every account needs a unique email address. Disposable email services generate unlimited temporary inboxes, often with working verification links. Some operators use domain catch-all addresses or disposable email services that provide hundreds of addresses from a single dashboard.
• Virtual machines and antidetect browsers: Tools like Multilogin and GoLogin create isolated browser environments with unique fingerprints - different canvas hashes, WebGL renderers, screen resolutions, and timezone settings. Each browser profile looks like a distinct device.
• Virtual phone numbers: When platforms require SMS verification, temporary number services provide phone numbers for a few cents per verification code.
• Fake identity generators: Names, addresses, and dates of birth can be generated or purchased to fill out profile requirements.

Why basic detection fails

Platforms that rely on simple signals for account deduplication get bypassed routinely. Here's why the obvious approaches don't hold up:

Email-based detection catches only the laziest operators. Gmail's plus-addressing (user+tag@gmail.com) and dot-trick (u.s.e.r@gmail.com) create seemingly different addresses that deliver to the same inbox. And disposable email services provide genuinely distinct, unrelated addresses at scale.

IP-based detection is undermined by residential proxy networks. When each account registration comes from a different residential IP in a plausible geographic area, there's no IP overlap to flag. The IPs are real, they belong to real ISPs, and they pass every datacenter check. As we've covered in our analysis of why static blocklists fail, the IP landscape changes too quickly for static lists to keep up.

Basic device fingerprinting is defeated by antidetect browsers, which are purpose-built to generate unique, consistent fingerprints per session. Each browser profile reports different hardware characteristics, and the fingerprints are realistic enough to pass standard checks.

Detection signals that actually work

Effective multi-accounting detection moves beyond single data points and looks for convergence across multiple signals. No one signal is definitive, but combinations are hard to fake:

• IP overlap analysis: Even with proxy rotation, accounts operated by the same person sometimes share IPs - especially when proxies fail and connections fall back to the real IP. Tracking historical IP associations across accounts reveals connections that real-time checks miss. Quality IP reputation data that identifies proxy and VPN usage at registration time adds a strong initial signal.
• Device fingerprinting depth: While antidetect browsers spoof common fingerprint attributes, deeper signals are harder to fake. GPU rendering quirks, audio context processing, and TCP/IP stack characteristics can leak through even well-configured virtual environments.
• Behavioral patterns: Humans have habits. Navigation paths, typing cadence, session timing, and feature usage tend to be consistent across a person's accounts even when everything else is different. Two accounts that always log in at the same time and follow the same sequence of actions are likely the same person.
• Email domain analysis: Checking registration emails against known disposable email domains is a high-value, low-cost filter. It won't catch every operation, but it eliminates the large segment that relies on throwaway addresses. Keeping an up-to-date domain list is essential since new providers appear constantly.
• Payment and identity correlation: Shared payment methods, shipping addresses, or phone numbers can link accounts that appear unrelated at the IP and device level.

Building a multi-accounting detection stack

There's no single product that solves multi-accounting completely. Effective detection is a layered system where each layer adds cost and complexity for the fraudster:

1. Filter at registration. Check the signup IP against VPN, proxy, Tor, and datacenter databases. Flag or block registrations from disposable email domains. These two checks alone eliminate the lowest-effort multi-accounting attempts before an account is ever created.
2. Fingerprint on first session. Collect device and browser fingerprint data during registration and early usage. Store these as account attributes for later comparison.
3. Score ongoing behavior. Build risk scores that accumulate over time. An account that always uses a VPN, was registered with a disposable email, and follows the same behavioral pattern as a recently banned account should be scored differently than one with a clean history.
4. Cross-reference on action. When high-value actions occur - redeeming promotions, leaving reviews, completing referrals - cross-reference the acting account against known accounts using shared signals. This is where historical IP data and fingerprint overlap become most valuable.
5. Investigate and enforce. Detection without enforcement is just monitoring. Define clear policies for what happens when multi-accounting is detected: warnings, benefit clawbacks, or permanent bans depending on severity.

Balancing security with user experience

The hardest part of multi-accounting detection isn't identifying fraudsters - it's avoiding false positives that punish legitimate users. Shared households, college dorms, and corporate networks all produce signals that overlap with multi-accounting indicators.

The key is treating detection signals as risk scores rather than binary verdicts. A registration from a residential proxy with a disposable email is high risk. A registration from a shared office IP with a corporate email domain is normal. The same underlying signal - multiple accounts from one IP - means very different things depending on context.

Step-up verification is the most user-friendly enforcement pattern. Instead of blocking a suspicious registration outright, require additional verification: a phone number, a payment method, or an ID check. Legitimate users clear the step in seconds. Fraudsters operating at scale face a cost multiplication that breaks their economics.

How AntiProxies fits into multi-accounting defense

Two of the most reliable signals in multi-accounting detection are proxy usage at registration and disposable email addresses. AntiProxies provides both. Our downloadable database includes comprehensive VPN, proxy, Tor, and datacenter IP classification alongside an extensive list of disposable email domains - all queryable locally from your own infrastructure with no external API calls.

This matters for multi-accounting detection because registration is a high-volume, latency-sensitive flow. You need to check every signup without slowing the process down or depending on a third-party service's uptime. Local lookups resolve in microseconds and keep working regardless of external service availability. The database updates monthly, ensuring coverage stays current as new proxy providers and disposable email domains emerge.

Multi-accounting will always be an arms race. As platforms improve detection, fraudsters refine their techniques. But the economics of fraud depend on low cost per account. Every detection layer you add raises that cost. Stack enough layers, and the operation stops being profitable. That's the goal: not perfection, but making your platform an unattractive target. Explore our full feature set to see how AntiProxies provides the foundational layers. For a deeper dive into how fake accounts are created at scale, read how disposable emails and proxies work together, and see our post on coupon abuse and promo fraud for the financial impact. For multi-signal fraud scoring, explore our risk scoring engine.