Stop ignoring this growth problem

It's time to do something about fake accounts

May 08, 2024

Welcome back to the 11th edition of The Gist by Growth Unhinged where I give you one specific action item to grow faster. Past editions have covered how to ask about willingness-to-pay, revisiting your automated email program, and rethinking “time savings” as your central value proposition.

In this edition: what to do when your free trial attracts fake accounts (think: bots, repeat signups, spam).

Helping me out are Yash Terkriwal and Eric Engoron, growth leaders at Clay — the fast growing startup that helps teams scale personalized outbound (not to be confused with the relationship management tool of the same name). In just one month, Clay added >$150k in incremental ARR and saved >$175k in credit costs just by stopping fake accounts. Let’s dive in 👇

The Gist

Up to half of your free trial signups may actually be fake accounts. They distract your sales team, deflate your conversion metrics, and inflate hosting costs. And you can fix it without adding friction for your real users.

In just one month, Clay’s solution added >$150k in incremental ARR and saved >$175k in credit costs

Why you should care

They’re ubiquitous. They’re obnoxious. They’re hard to detect.

Bots and fake accounts can ruin your data integrity, spread false information on social media (cough, Twitter), and spam your email account. And, if you offer a free trial or referral program, they can distract your sales team, deflate your free trial conversion metrics, and inflate your hosting costs.

At first, these fake accounts may only seem like a nuisance. Over time, they can have a detrimental impact. Clay ran into the following:

Conversion confusion: It was impossible to discern the real conversion rate from free trial to paying customers, blurring marketing and sales metrics.
Direct costs: Contact data costs were racking up. (Other companies may see higher compute costs or other expenses.)
Scraping IP: Some bots were creating their own lead lists by scraping Clay, essentially stealing Clay’s IP.
Hurting email deliverability: In one extreme case, a fake user invited so many other fake users to its workspace that it brought down Clay’s entire email sending infrastructure.

Tell me more

If you haven’t heard of Clay, here’s a quick primer: they help B2B go-to-market teams (like Thena, which I covered earlier) grow across every part of their funnel by automating inbound and outbound workflows across conversion, expansion, and retention. Clay is to GTM teams what Figma is to product designers. Their AI web scrapers and data provider waterfalls increase data quality while automating manual research.

Like most PLG companies, Clay offers a free trial. The trial lasts two weeks and includes 1,000 contact data credits (worth ~$50 in free data). Notably, the free trial has a low-friction signup process — no sales meetings or credit card required. The number of signups has ballooned as Clay has taken off, from 10-15 signups per day a year ago to ~1,000 new trial signups every day 🤯.

This growth has been driven primarily by a word of mouth and customer referral snowball. Early Clay experts like Eric Nowoslawski and Jacob Tuwiner posted videos showcasing automation workflows in Clay, which ended up going viral and catching the attention of important sales voices like John Barrows. This led to a feature on his podcast, which helped Clay get mainstream attention within its ICP.

The number of daily signups was exciting, but something felt fishy. As the GTM team looked under the hood, they discovered a large portion of their signups were spam accounts.

Simply looking at your signup log can tip you off to whether accounts are real or fake; some dead giveaways that you’re getting spam signups include:

Auto-generated email structures
Fake or temporary domains
Email aliases (emails with + or . in them)
Spikes in account creation in short windows
Account creation from non-target geographies

These fake Clay accounts were all created within seconds of each other

If you’re looking at your recent signups and aren’t sure whether the users are real or fake, you can test their IP quality and location and email validity using sites like IPQS and Email Checkpoint, respectively.

In addition to manually reviewing signups, you can perform a few simple tests yourself that help determine if your website is vulnerable:

Create multiple accounts: If you have a few email addresses (work, personal, school, etc.), try to create multiple accounts from the same browser (you can even try clearing cookies if you want to be extra sneaky).
Test fake emails: Use a temporary email generator to see if users can create accounts with disposable emails; websites like temp-mail allow you to bypass email verification with floating inboxes
Run a bot on your site: You can let an informational bot run on your site to see it create an account in real time — see below for an example on Clay (before implementing solutions).

If you’ve dealt with fake signups, you’ve likely faced a crossroads: Should you…

Shut down (or dilute) your signup promotion?
Add friction to the signup process (e.g., phone verification or require credit card)?
Dedicate engineering time to solve the problem?
Outsource to a fraud detection vendor?
Do nothing at all?

Oftentimes, the easiest and cheapest option is to simply add friction — such as requiring a credit card, verifying work emails, or implementing phone two-factor authentication (2FA) at signup. Added friction, however, deters a number of potential customers from your product, often outweighing the cost of bots and fake accounts themselves.

The below workflow is based on Clay’s decision matrix. Of course, every company is unique, but it’s a starting point to help answer if 1) you need to take an action in the first place, 2) you can implement free workarounds or 3) need a fully fleshed out solution.

Decision framework to determine if and how to combat fake accounts

With thousands of new accounts per month, detrimental business impact of fake accounts, and resources to solve the problem, Clay found itself in the purple box of the graphic above. They were ready to implement either an in-house or third-party solution.

Whether you buy or build depends on a number of factors, such as speed to solution, control over the technology, cost, and more. The below buy or build table discusses these tradeoffs in more detail:

Yash and Eric arrived at this framework empirically after trying a number of in-house / point solution measures to combat spam, including:

Manually reviewing email patterns
Device fingerprinting vendors (e.g., Fingerprint.com and Shield)
Scraping IP lists

But fake accounts kept cropping up, and Clay was constantly a step behind. The growth team saw its focus shifting away from growth…

Finally fixing the problem

Given the whack-a-mole issues and software development effort tied to in-house / point solutions, the team sought out all-in-one platforms such as Seon, Arkose Labs, and Verisoul. Given Clay’s need for robust workflows, total automation and ease-of-use, the team opted for Verisoul, which raised its seed round last fall to tackle this fake user problem.

Clay launched a pilot to test the solution and after two weeks decided to move into full production. The team adjusted both signup and sign-in workflows to add fake account detection. Without adding friction for users, Clay now checks whether users are:

Human (not bots)
Unique (not duplicates)
Trusted (real email, device, network, etc.)

Before a user gets a free trial, Clay runs a real-time decision from Verisoul with an answer on whether an account is real, suspicious, or fake. Clay then routes fake accounts to paywalls or block lists instead of free trial options.

With a solution in place, Clay discovered that ~47% of its signups had actually come from fake or duplicate accounts. These free trial credits were being spammed by an assortment of attacks:

Duplicate accounts (20% of trial sign-ups): Real, potential customers were repeatedly making accounts to avoid paying.
Fake accounts (19% of trial sign-ups): People were using fake devices, networks, emails, and more to gain access to the Clay portal.
Bot accounts (8% of trial sign-ups): Bot accounts were wreaking havoc; one Bangladesh bot in particular was responsible for over 1,000 fake accounts. This individual was not only racking up credit costs, but also uploading scraped contact data to their own website

After just 30 days, not only did Clay save money by blocking fake accounts, they were able to grow even faster than before. Roughly 30 businesses that were creating multiple free accounts to avoid paying converted to customers after being detected — driving an incremental $150k in ARR.

The result? Higher growth, lower costs, and less developer time spent on fake accounts. Tackling fake accounts was a problem worth solving.

What else you should know

How to make impact in your first 90 days. I teamed up with Lenny Rachitsky to interview 20 🔥 operators about their favorite quick wins.
A viral cancellation flow?! I went to cancel my Canva account the other day, but Canva’s cancellation flow was so good that I changed my mind. See why for yourself. (This is already my most popular LinkedIn post of all time.)
The Dawn of Everything. To be honest, I rarely read full print books anymore. But I couldn’t put this one down. It was a fascinating perspective on how societies have evolved and what “progress” actually means.
📺 To watch. Ok, now that the highbrow is out of the way… I’m digging Baby Reindeer, the new season of Hacks, and Girls5eva (because 4ever is too short). Add ‘em to your queue!