The problem is, when you have a high value payoff for breaking in, then manual methods and people running manual scams becomes reasonable. I work for a classic car website, and the majority of our issues comes from real people, running real scams.
We have a lot of detection and followup in place, with a manual review process. The next generation will add the need for the user being logged in (though a click-through social network login will make it easier for most users)... At least in that case it's easier to tell when someone has a twitter account with no follows/followers who's never tweeted. Nothing is perfect though.
It really is an arms race, my point is the rules are very different depending on your market.
We have a lot of detection and followup in place, with a manual review process. The next generation will add the need for the user being logged in (though a click-through social network login will make it easier for most users)... At least in that case it's easier to tell when someone has a twitter account with no follows/followers who's never tweeted. Nothing is perfect though.
It really is an arms race, my point is the rules are very different depending on your market.