How AI helps identify fake accounts

Fake accounts (bots, sibylls, purchased "superchargers," gray farms) harm trust, distort metrics and increase fraud risks. AI allows you to detect them by a combination of behavioral, content and network signals, without intruding on private data and observing Responsible Gaming.

1) Signals by which AI distinguishes fakes

Behavioral (repeatable patterns)

Abnormal frequency of actions (series of reactions/messages with minimal pauses).

"Cold start" without onboarding: no presentation, no reading of the rules, immediately promo questions.

Atypical time zones of activity for the declared region, synchronism with other accounts.

Zero "social inertia": many outgoing, few incoming responses; no history of constructive messages.

Content

Formulaic phrases/vocabulary, low uniqueness, repetition of the same text.

Reference patterns: low reputation domains, URL templates, tracking tails.

Toxicity without context, "priming" conflicts, forcing a controversial agenda.

Network (graph)

Dense "stars" and "rings": many new accounts are connected to 1-2 nodes.

Abnormally high shared neighbors for "different" profiles.

The same involvement routes: who reposts whom and in what order (cascade fingerprints).

Technical/Operational

Abnormal environmental fingerprints (browser/device) subject to privacy and law.

Frequent resets of cookies/local state, the same type of user-agents.

In chat/social networks - participation only in draws/referral branches.

💡 Important: each signal itself is weak. Reliability is provided by the combination (feature stacking) and graph context.

2) Pipeline data without invasion of privacy

1. Collection (minimum required): events (registration, login, messages/reactions, reports), public profiles, request metadata (without storing sensitive content, where not required).

2. Cleaning: deduplication, time/language unification, spam filter.

3. Enrichment: aggregates by sessions, time windows (min/hour/day), network features (degrees, clusters).

4. Vectorization: text/bio embeddings (where acceptable), categorical features.

5. Models: fake classifier → graph community detector → anomaly detector.

6. Activation: risk dashboard, alerts, case kanban, semi-automatic actions (rate-limit/belief/review).

3) Model stack (increasing complexity)

Rules + thresholds (baseline): frequency of actions, freshness of the account × intensity, abnormal time windows.

Classifier (log/gradient boosting): features of behavior, content, simple graph features.

Graph analysis: PageRank/Betweenness, Louvain/Leiden (search for dense communities), identification of "bridges" and cascades.

Anomalies/time series: STL/Prophet, Isolation Forest, One-Class SVM by activity.

Mixed approaches: the ensemble "classifier + graph + anomalies" with probability calibration.

Good practice: keep models interpretable (SHAP/feature importance) to justify decisions and reduce the risk of errors.

4) Quality metrics and error control

Precision @ k/Recall @ k: Accuracy and completeness at upper risk thresholds.

FPR (false positive): the share of honest, mistakenly labeled as fakes - keep as low as possible, target p95.

AUC-PR: With severe class imbalance, better than AUC-ROC.

Time-to-mitigate: time from trigger to soft measure (rate-limit/review).

Appeals CSAT: satisfaction of appeals (speed, quality of explanation).

5) Decisions in the case: soft measures → escalation

Soft (default)

Rate-limit on posting/reactions.

"Challenge" for simple actions (read-only N minutes for new ones).

Quiet verification: confirmation of email/telegram links, simple captcha.

Averages

Limiting external links/media to mini-onboarding.

Shadow moderation of controversial posts prior to moderation.

Request for additional information (without sensitive data) with atypical patterns.

Hard (after human verification)

Temporary freeze.

Cancellation of participation in promo/draws.

Ban and withdrawal of prizes (if conditions are violated).

💡 Always leave an appeal channel and an explanation of why the measure was applied.

6) Daily/weekly dashboards

Daily

New "risk rating" accounts (low/medium/high).

Registration bursts from the same sources/timeslots.

High-density, repeatable retweet/repost networks.

Anomalies by links/domains and "burning" cases of moderation.

Weekly

FPR/FNR trends, appeals, parsing time.

Top clusters of fakes and their "bridges" to a real audience.

ROMI of protective measures: how much spam/fraud is prevented (estimate).

Retro by mistake: where it worked falsely/late, what we change in the rules.

7) 90-day road map

Days 1-30 - Foundation

Privacy/AI/appeals policy; public code (which is prohibited).

Baseline rules and minimum captcha/challenge.

Collection/cleaning of events; primary dashboard (registrations, frequencies, simple anomalies).

Days 31-60 - Models and Columns

Fake classifier by its examples (interpreted features).

Graph circuit: community detection, "bridges," cascades of reposts.

Semi-automatic measures: rate-limit, link restriction, quiet verification.

Quality Metrics + Appeals Process (SLA ≤ 72h).

Days 61-90 - Robustness and error reduction

Ensemble "classifier + graph + anomalies," threshold calibration.

A/B soft measures (which measures hurt honest users less).

Weekly post-mortems of false positives; updating features.

Quarterly report: FPR/FNR, Time-to-mitigate, Appeals CSAT, economic effect.

8) Checklists

Launching an anti-fake circuit

Code and appeal policy published.
Collect minimum required events and store safely.
Basic rules + captcha/challenge are active.
Dashboard of registrations, activities and anomalies.
Human-in-the-loop process for controversial cases.

Model quality

Deferred selection for validation.
Distribution shift monitoring
SHAP/feature importance for explainability.
Weekly retro false positives.
Fast moderation and data command link.

9) Communication templates

Soft Measure Notice (Short)

💡 Hello! We have limited the frequency of actions on the account due to atypical activity patterns. This is a temporary measure to protect the community. If you are a real user - just continue the usual communication, the restriction will be removed automatically. Need help? Write to # appeals.

Request for additional verification

💡 We noticed atypical activity. To continue participating in draws/posting links, please confirm [safe step]. This will take ~ 1 minute and help protect the community.

Response to the appeal

💡 Thank you for contacting us! We revised the case and removed the restrictions/confirmed the measure. Reason: [brief]. If the situation repeats itself - let me know, we will help.

10) Ethics, Privacy, Responsible Gaming

Data minimization: do not store unnecessary; use aggregates and anonymization where possible.

Transparency: describe which signals are analyzed and why; give an understandable appeal process.

Human-in-the-loop: final tough measures - only after verification by the moderator/compliance.

RG-frame: no nudge to risk; priority - the safety and well-being of users.

Localization: Consider local data and communications laws.

11) Frequent mistakes and how to avoid them

Put a "hard ban" on one signal. Use ensembles and human confirmation.

Ignores false positives. Measure FPR, track appeals and improve thresholds.

Black box. The explainability of decisions increases the credibility and quality of appeals.

Lack of soft measures. Start with rate-limit/challenges, do not "punish" right away.

Non-updatable rules. Farms are adapting; review features every 2-4 weeks.

AI does not "catch bots with magic" - it adds mosaiku from behavioral, content and network signals in order to react gently and honestly in time. With transparent policies, appeals, human-in-the-loop and regular model revisions, you will reduce noise, protect promos and keep the main thing - the trust of live users and the health of the community.