Olivia
Online
Castle
@Castle_io
APIs for account security and anti-abuse
Brooklyn, NY
Joined October 2013
349 Following
764 Followers
493 Posts
Castle's research team just shared a free dataset of 1063 recent temporary Gmail accounts tied to abuse and fake account creation 👀
Normalized + canonicalized for easier correlation against your own signups.
Is your current anti-fraud stack actually catching this? 🤔
I heard you like free fraud intel 👀
So here’s a dataset of 1063 recent temporary Gmail accounts observed from a provider used for fake account creation (canonical form).
https://t.co/ECtVxXF0QA
One thing that’s interesting: these services often abuse 2 legit Gmail features:
- dot variations
- plus aliases
Example: [email protected]
becomes:
- https://t.co/[email protected]
- [email protected]
Still the same inbox.
At @Castle_io , we monitor these ecosystems because they regularly show up in signup abuse / account farming campaigns.
Note regarding the dataset: All emails were canonicalized:
- dots removed
- aliases stripped
- gmail/googlemail expanded
-> If you correlate against your own signups, make sure you canonicalize emails on your side too.
Disposable email providers are a core piece of infrastructure behind fake account creation and signup abuse.
Castle’s research team just open sourced a curated list of disposable email domains observed in real abuse activity, updated daily 🔎
https://t.co/PDHOE5fPxT
@Castle_io 's research team just open sourced a disposable email domain list built from real abuse telemetry 🔎
Disposable email providers are a core piece of infrastructure behind fake account creation and signup abuse, similarly to how proxies enable large-scale traffic distribution.
A few things we cared about:
- curated, not aggregated from public lists
- strictly disposable domains
- updated daily
- ranked by observed abuse prevalence
And yes, before someone says it: attackers also use aged Gmail accounts, compromised inboxes, freshly registered domains, etc 😄
Disposable domains are not the whole problem, but they’re still one of the clearest infrastructure-level signals behind large-scale signup abuse.
Repo:
https://t.co/M7nx959KHE
Account sharing is a form of account abuse that needs to be detected with more sophistication than just a one-time check during signup or login. Plus, there's no strict rule on how many accounts are okay to share—it's all up to your service's policies. https://t.co/MwtWYm3kCg
Who to follow
Kacper Madej
@madejejej
🪨 Modernizing polish stone manufacturing market with https://t.co/kzc2bMkGAU (cofounder)
💪 Calisthenics athlete after-hours
Award Force 
@awardforce
Award Force is the world’s #1 awards software, trusted by millions of users worldwide. Secure, intuitive and designed to meet country-specific requirements.
Henrik Torstensson
@henrikt
Father, husband, startup investor.
We're increasingly seeing how our customers are not just triggering one, but several different CAPTCHAs based on risk and user context.
https://t.co/cEuqutJgCH
Product update: set up Slack alerts to get notified when suspicious behavior is detected, such as account sharing or multi-accounting. https://t.co/bFf9GgASzU
Often our customers find it hard to distinguish between *fraud* and *abuse*. While there are well-defined strategies for preventing fraud, handling abuse often feels like a never-ending game of whack-a-mole, with no one clearly responsible. https://t.co/BKHwujx3iE
Preventing online abuse, such as bots and account sharing, is typically integrated into your existing fraud prevention strategy over time. However, long before then, departments like Eng and Ops take on the responsibility for keeping your service safe. https://t.co/cqlai8JNOD
When measures like email or SMS verification are evaluated from a security perspective, they're often shot down as insecure options. However, when it comes to shutting down fraud and abuse *at scale*, things are a bit more nuanced. https://t.co/1BomTJeAA2
Product update: we just launched the quick explorer in the Castle Dashboard. It allows you to quickly see data associated with any entity, such as all the accounts connected to a specific device or IP. https://t.co/88HDpQRrdn
Device fingerprinting *alone* is a way of stopping fraud, but in reality won't determine fraud alone. In practice, you'll have to build features using the fingerprints, preferably aggregating in *real-time* so that they can actually be used for blocking. https://t.co/Z1sCEUwsjP
As "proxy piercing" has become less effective in 2023 for revealing the true IP address behind a proxy, here are 11 tricks that'll help you predict someone's approximate location while maintaining a good balance of privacy https://t.co/kg5OQBKJsk
Product update: zoom-out button for the selected time range. Quickly zoom back out again after honing in on suspicious traffic spikes. https://t.co/vvCWdEDvus
Device fingerprinting, particularly in the context of fraud prevention, has been getting more attention lately. As a developer, it can be hard to navigate options when vendors put their tech behind paywalls. Here are 9 solutions you can try for free. https://t.co/7FrBiGJbzd
Product update: our APIs now support transaction base amount and granular merchant information, including MCC codes. This comes in handy when monitoring card transactions. https://t.co/ueLGX5ytcx
New feature: Quickly find accounts using the same billing or shipping address. Castle provides a normalized address fingerprint out-of-the-box, but we've added the possibility to use your own. https://t.co/t2jPtQGOB3
New feature: We're released a powerful new way of comparing multiple users' activity over time. Find and block those multi-accounters in an instant! https://t.co/GudrPGoC2R
Super excited to announce instant link analysis that helps you swiftly detect and prevent sophisticated fraud rings with just a few clicks. Unlike legacy solutions, our feature lets you perform link analysis on live data, providing visibility in real-time https://t.co/5Q05vdjTTY
New feature: add custom columns, based on any event field. E.g. min/max/average for numbers and unique value count for strings and enums, as well as the most recent value and top 20 https://t.co/BtR96pcchl
We're excited to introduce the Event Explorer, giving security & fraud teams a new way to discover and investigate malicious activity. The new view allows you to browse & query Castle events, making it much faster to investigate & find patterns of fraud. https://t.co/J2SLw2NJZc
Last Seen Users on Sotwe
Phong Nha SG
Seen from Vietnam
Deniz 34
Seen from Turkey
faora-ul
Seen from Indonesia
farahd manesh
Seen from Singapore
🔞⚡️❌ GangBang Planet ❌⚡️| 23K
Seen from Turkey
Mom son love
Seen from Turkey
SheFinishesHim
Seen from Turkey
Duy Linh
Seen from Vietnam
shitjock
Seen from Algeria
veera sithi vinayaga
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers