Research and insights on stopping modern bots and fraud
A few weeks ago, we released an open source list of disposable email domains observed in real abuse activity: https:
A few weeks ago, we released an open source list of disposable email domains observed in real abuse activity: https:
Disposable email addresses are a foundational piece of infrastructure for online abuse. Just like proxies help attackers distribute traffic and
You just got a Slack webhook notification. You have 3 new users who created an account on your SaaS: * john.
How we think about research at Castle Bot detection and fraud prevention are adversarial by default. It is a cat-and-mouse
During an investigation into a large-scale automated account creation attack targeting one of our customers, we observed a burst of
In this blog post, we study the Spotify-Account-Checker open source project. The author describes it as: “An automated tool for
At first glance, an email address ending in .eu.org looks trustworthy. It feels institutional, maybe even official. Many people
In my previous post, I showed how LinkedIn detects browser extensions as part of its client-side fingerprinting strategy. That post
Modern bot detection rarely deals with obviously fake browsers. Most large-scale automation today runs inside browser instances, with patched fingerprints,
In fraud and bot detection, people usually think of fingerprinting as the classic browser or device fingerprint. This comes from
Every month, we publish a snapshot of the email domains most actively used in fake account creation and related abuse
If you have been following this series (post 1 and post 2), you know the ritual by now. I buy
