Fake Signups Are on the Rise — Here's What Small Business Owners Should Know

If you run a small business and let customers sign up online — whether it's to place an order, unlock special offers, or simply create an account — there's something you should be aware of: nearly half of all customer signups are fake.

That's what Okta, a leading provider of login and user access solutions for businesses, found in its latest report, based on a global survey of 6,750 consumers across nine countries.

Their data shows that in 2024, 46% of all online signups came from bots, not real people.

Why this matters for your small business

Fake signups aren't just frustrating — they can cost you money, waste your time, and put your real customers at risk.

These bots are after more than just freebies. Here's how criminals use fake signups to hurt your business:

• Find real customer accounts and prepare future attacks. Cybercriminals can use fake accounts to test how your system responds. This helps them figure out how to break into real customer accounts later, for example, by guessing passwords or spotting weak points in your security.
• Sneak past security checks by using older, fake accounts that appear trustworthy. Some fake accounts are created and then left to "age" over weeks or months. Later, when used in an attack, they look like long-time users, making it easier to bypass fraud detection tools that focus on new users.
• Overload your website and slow things down, or even crash it. By flooding your site with signup attempts, bots can clog up your system. This kind of attack, called a denial-of-service (DoS), can make your website painfully slow or knock it offline entirely. Real customers won't stick around if your site doesn't work.
• Burn through your resources. Fake accounts can quickly eat up things like promo codes, free trials, welcome discounts, loyalty points, and email campaign slots. That's money down the drain — and fewer perks available for real customers.

If you offer any kind of signup reward or run loyalty programs, you're especially vulnerable. That's why businesses in retail, finance, energy, and manufacturing were hit hardest in 2024. In fact, the retail and e-commerce sector saw one of the worst cases, with fake signups outnumbering real ones by 120 to 1 over several months. Financial and professional services were also major targets — not surprising, given the sensitive personal and financial data they handle.

Related: What is a BIN Attack and Why Is Your Very Small Business at Risk?

How AI is making the problem worse

Okta believes the rise in fake signups is closely linked to how cybercriminals are now using AI to power their attacks. With AI tools, it's faster and easier than ever to create bots that look and act like real people, making them harder for you to spot and easier for them to slip through your defenses.

To give you an idea of how serious it is: on one day in April, 93% of all signups were fake. That's an extreme example, but even on regular days, bots made up at least 30% of total signup attempts.

Related: Your Face, Your Voice, Your Business—The Rise of AI-Driven Identity Fraud and How to Stop It

The user experience challenge

Unfortunately, while you're fighting bots, your real customers are feeling the pain too.

Okta's research found that:

• 74% of people care about a company's reputation and trustworthiness
• 72% check for good security before signing up

So yes — your customers do value security. But there's a trade-off.

• Nearly 1 in 4 walk away if the signup or login process feels like too much effort.
• 62% say long forms are the most frustrating part of getting started.

That leaves small business owners like you in a tough spot: you need to block fake accounts without driving real customers away.

Related: AI Scams: How Cybercriminals Use AI to Defraud Digital Citizens and How to Stay Safe

What you can do to protect your business

Here are some steps that can help protect your business without scaring away real customers:

• Use CAPTCHAs — but only when there's suspicious activity, not for everyone.
• Block suspicious IPs — use security tools that detect unusual traffic patterns and block them automatically.
• Limit how many signups can come from the same device or location.
• Use a Web Application Firewall (WAF) — this helps detect and block harmful traffic.
• Offer secure and simple login options, like passkeys, instead of long password forms.
• Consider bot protection tools — many now use behavior tracking to tell humans and bots apart.

You may not be a big company, but your business is still a target. If bots are flooding your signup forms, they're not just wasting your time — they could also be setting you up for bigger problems down the road.

Bitdefender Ultimate Small Business Security can help. It offers advanced scam detection, phishing protection, and AI-powered tools that recognize fraud attempts before they do damage, so you can stay focused on your real customers.

Read more about it and try it for free.

FAQs

What can I do if I spot fake signups on my website?

The first step is to investigate where they're coming from — for example, specific IP addresses, unusual locations, or devices. You can then block those IPs through your website settings or a security tool. It's also a good idea to activate CAPTCHAs when unusual activity is detected, limit how many accounts can be created from the same location, and use tools that detect bot behavior. If you're offering signup rewards like discounts or freebies, consider tightening how and when they can be used to reduce abuse.

How can I tell the difference between a fake signup and a real one?

Fake signups often use strange or random email addresses and names. You might also notice a large number of signups in a short period of time from the same IP address or device. Another clue is a lack of engagement — for instance, the new account never logs in again, never opens emails, or doesn't complete any purchases. If your platform allows it, reviewing user activity and login patterns can help you spot accounts that look automated.

Do small businesses need bot protection?

Yes — small businesses are just as likely to be targeted by bots as larger companies, especially if they offer promotions, collect customer data, or run online storefronts. Fake signups can mess up your marketing analytics, waste your resources, and in some cases, leave you open to more serious threats like account takeovers or denial-of-service attacks. Taking basic steps to detect and block bots can help you protect your time, money, and customers.