Okta Threat Intelligence and researchers from the University of Cyprus have found that a lot of fake account registrations are coming from a big cybercrime network in Vietnam This article explores fraud schemes okta. . The activity shows that making fake accounts has become a criminal business that can support spam, phishing, SMS fraud, and other online scams.

Fake accounts are not just a problem with platform abuse. They are a big part of cybercrime today. Attackers use them to seem real, get around trust checks, and talk to a lot of victims at once. In late 2025, Okta looked into signup fraud that was linked to infrastructure it keeps an eye on as O-UNC-036.

The campaigns used fake email addresses and were part of SMS pumping, which is also known as International Revenue Sharing Fraud (IRSF).

In this kind of fraud, bad actors use automated tools to make accounts on targeted platforms. Those accounts then send text messages to premium-rate phone numbers that the attackers or their partners own. This means that service providers who use SMS for verification or multifactor authentication lose money directly.

Botnets are often used to make fake sign-ups (Source: okta) Fraud Services Made to Grow During the investigation, researchers found links between the signup campaigns and dozens of websites serving people involved in online fraud. These sites appear to operate as a cybercrime-as-a-service ecosystem, offering tools and services that simplify the creation and abuse of fake accounts.

There are marketplaces in the ecosystem where you can buy social media accounts, hacked accounts, temporary email services, tools to boost your social media presence, residential proxies, phone farm support, and browsers that don't show up in searches. The home page of CMSNT[. ]co, a Vietnamese company that sells website templates (Google Translate) (Source: okta) A lot of these sites used the same website templates that were made by a web design and marketing company in Vietnam.

Many stores used the same template style, which suggests that there is a large and loosely connected underground market. Some platforms openly sold large numbers of Facebook and other social media accounts. Accounts with session tokens, cloned accounts, aged accounts, and two-factor authentication were all on the list. Disposable email services were very important.

Via17[. ]com's front page (translated by Google) (Source: okta) These services let attackers quickly make temporary email addresses, get a single verification message, and throw away the address after they finish signing up. Why the Threat Matters This activity is important because fake accounts are used to run much bigger fraud schemes.

Okta research, they can be used to spread phishing links, manipulate reviews, abuse free trials, and support romance, investment, and cryptocurrency scams. In a lot of cases, these accounts are the first step in getting future victims to trust you. Defenders have to find a way to stop fraud while still giving users a good experience. Blocking every signup that looks suspicious could also stop real customers.

The investigation does show some useful protections, though, such as bot detection, CAPTCHA, slowing down suspicious IP addresses, blocking known disposable email domains, verifying email addresses, proving identity, and keeping a closer eye on signup patterns. The case also shows that account fraud is no longer a one-time thing. A mature service economy now supports it, which makes it easier, faster, and cheaper for criminals to do their work on a much larger scale.