We asked the community which bot attacks are most common . The ranking was clear: Fake account registrations came in first (63%), Account takeover came in third (50%), Carding came in fifth (37%).
Three separate rows in a table. But there's a known technical link between some of these stages that the ranking hides:
An attacker opens a fake account. They don't rush it - the account sits dormant for weeks so it looks like a real, established user. Only then do they activate it - to take over a real account, or to test stolen credit cards.
The practical takeaway: an account that passed your signup check is not the same as a safe account. That's just a snapshot of one moment. The account that invested the most effort to look "clean" at signup is sometimes exactly the one to watch later on.
Question for the community: when you catch a fake account at signup, do you check retroactively whether similar accounts that passed in the past are active today at checkout? If the answer is no, that's a gap worth closing.