Category: Scammer

iovation Releases White Paper Detailing How To Fight Online Dating Fraud

Posted on June 22, 2009

Iovation PRESS RELEASE — June 22 — Security is a major challenge for dating sites, which can attract scammers, spammers, stalkers and predators. Fraudsters can create hundreds of virtual identities within a single community. A device fingerprinting solution such as iovation ReputationManager™ is focusing on the user’s device instead of on personal information provided by the user. By identifying the computer used, dating sites can uncover hidden associations between multiple computers and accounts, helping to stop fraudsters all within one shared network crossing multiple industries. iovation's global fraud database stores over 120m device reputations and their associations with other computers and accounts across the Internet. iovation announces the release of a new white paper titled, “Online Dating: Keeping Your Members Safe from Online Scams and Predators", that discusses the financial impact of fraud and the eight “must-haves” when shopping for a device fingerprinting solution.

The full article was originally published at iovation website, but is no longer available.

After Two Years In Decline, Internet Fraud Complaints On The Rise

Posted on April 1, 2009

Ic3 logo BIZ REPORT — Apr 1 — The IC3, which is made up of the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance, saw a rise in the number of complaints of Internet fraud last year, after two years of declines. The U.S. watchdog received 33% more complaints in 2008 than in the previous year. A new report shows a total of 275,284 complaints were received last year, amounting to losses of $265m. FULL ARTICLE @ BIZ REPORT

This post also appears on SocialNetworkingWatch.

Big Rise In Malicious Websites

Posted on April 1, 2009

Messagelabs logo BIZ REPORT — Apr 1 — ~3,000 potentially malicious websites were blocked each day by MessageLabs during Mar this year. That's almost three times the number blocked during Feb. Cyber crooks are changing tactics and focussing their malevolence on web servers and SQL injection attacks. FULL ARTICLE @ BIZ REPORT

This post also appears on SocialNetworkingWatch.

Greg Pierson, CEO Of iovation

Posted on March 14, 2009

Greg_pierson_photo_new OPW INTERVIEW — Mar 14 — iovation helps dating sites and social networks work together to beat scammers, spammers, and those that would be abusive towards our communities.  Here's my interview with Greg Pierson, the CEO of iovation. (Full Disclosure: iovation is a client of Courtland Brooks). – Mark Brooks

How is iovation funded at this stage?
iovation raised $15 million in growth capital in 2007 and the financial partners we have include Intel Capital, SAP Ventures and European Founders.

What markets does iovation serve?
We serve customers in a range of markets with very different types of fraud and abuse. In addition to online dating customers we serve organizations that are more pure social networks. We have organizations in gambling and online gaming, in financial services and in online retail.

How does iovation help dating companies work together to beat scammers and the like?
The way we serve all of our customers is with a platform that exposes the reputation of internet devices that are connecting to their businesses. What's different vertical to vertical is the types of problems that our individual customers are dealing with. Of course, that varies. But the base technology and infrastructure that we provide is the same. Let's say you're an online retailer. Would it be valuable to know that independent of the identity or transaction information that a consumer is giving you through an internet connection, what if you knew the device they're using had defrauded you in the past? Or would it be valuable to know that that device has defrauded some other iovation customer in a way that is something you care about?

Do you see much cross over between the other industries you serve and the dating industry?
We absolutely do. One thing to think about is that the bad guys, if you will, are much more prolific and much more active in their abuse. Someone who is spamming and advertising competitive services in the dating space are going to be doing it on every network they can get access to. The same thing if someone is running scams. We see a surprising amount of cross over in individuals and organized groups that are defrauding businesses in vertical A and are also defrauding businesses in vertical B. We also see linked frauds where individuals are using organizations to get data from users to steal identities. Then using those identities to launder stolen credit cards in a different vertical. So absolutely we see cross over within and across verticals we serve.

How does the iovation service work from the user perspective?
If you're a good average Joe and not causing problems at a particular online dating site you're going to see nothing. The only thing you might see is that the sites that you're using that are using iovation have less abuse and less folks who are scamming and spamming the community.

Dating sites that we're serving set up rules. They decide what's right and what's wrong and when an end user is violating one of those rules and that site decides to keep them out, now what they're going to see is when they try to connect to that business from any device they've used in the past they're going to get some kind of message saying they're not getting access. When they get frustrated and say fine I'll set up a new account they're going to find that doesn't work either. So they're going to have to completely start over and go out and use completely new identities and completely new devices.

How does it work from the the internet dating abuse managers side?
Let's start with value. Let's say you had a million dating accounts and the only way you had to understand the relationship between accounts was if someone started to use the same email address or physical address. But scammers go out of their way to make sure they're not using identity information that can correlate them. So we help you understand that account A and B are related because they've logged into your network using the same or related internet devices.

Many of our customers have sophisticated tools that are either 3rd party or they've built them themselves that catch problems. We can say, guys if you're concerned about one problem you better go look at these other 50 accounts because they have used the same physical devices to access your site and they are therefore related. So in this example we've provided the 50 to 1 uplift on their other tool, whether it be some automated tool or a manual process.

Then we stop the revolving door. On many social networks the only thing you need to access a site is an email address and account name. So its pretty hard to use many 3rd party services to protect yourself when that's the case. So once you've identified a problem and iovation has helped you realize that that is related to 50 other accounts and you've shut them all down, now how do you prevent the individual from simply coming back 10 minutes or 10 days later and trying to pretend to be somebody else? That's where we come in to say no, no guys don't allow this new account to be set up its coming from a device that has in fact defrauded you or done something inappropriate in the past.

We are building a shared infrastructure. So the other value that our customers see is that when a device is associated with a problem they care about that has taken place on some other iovation customer's site, we can bring that to their attention so they can act in whatever way they feel is appropriate. It's a real time platform that is answering reputation inquiries in under an 8th of a second. But it's not just that.

In addition our individual customers have access to our fraud team here in Portland. So we are working with them in terms of training and looking over their shoulders and helping run special reports to  make sure they get the most out of our system and have their rules set up in an optimal way.

What is in the works for iovation? Are there any new announcements coming up?
Up until this point our reputation manager platform has been all about exposing problems with certainty, problems that our customers can react to in real time. We have been testing a risk scoring service for the last few months with a small group of about 20 of our customers. This is going to be a very nice compliment to our existing platform. Organizations will be able to react in real time to devices that we know have caused a problem for them, or some other iovation customer, as well as, flagging new account set ups or logins or other interactions on their site that we suspect for a number of different reasons from indirect relationships to problems. i.e account velocity, log in velocity and those types of things. We know from testing with the initial group that we're seeing some very good results that our current and future customers can look forward to.

See all posts on iovation

iovation’s Network Surpasses 100 Million Unique Devices

Posted on March 5, 2009

Iovationlogo
BUSINESS WIRE — Mar 4 — iovation, The Device Reputation
Authority™ for the Internet, announced that their fraud management service has recognized over 100m
unique devices. iovation’s patented
technology helps online businesses determine in milliseconds if a
computer has been associated with a fraud activity. FULL ARTICLE @ BUSINESS WIRE       

See all posts on iovation

This posts also appears on SocialNetworkingWatch.

Online Dating: Blocking The Bad Guys

Posted on February 13, 2009

Iovationlogo COMPUTERWORLD — Feb 13 — iovation's ReputationManager service, which is also used by financial services, social networking and online gaming sites, collects data on 32 categories of unwelcome activities ranging from fraud to spam to chat abuse. The system then associate those behaviors with the specific computer used by creating a "device print." In this way, scammers who are detected can't just log in again under a new identity. Information on suspect devices is shared with all subscribers so that a scammer who attacks one site can be blocked from accessing another. The company claims to have stopped more than 730,000 account creations and fraudulent activities last year.

The full article was originally published at Computerworld, but is no longer available.

Mark Brooks: iovation (an Intel backed company) is helping the internet dating industry to work together to beat scammers and those that would be abusive towards our communities. (Full Disclosure: iovation is a client of Courtland Brooks)

See all posts on iovation

Liz Wasserman, Mate1.com – CEO Interview

Posted on November 5, 2008

Liz_wasserman OPW INTERVIEW — Nov 5 — I talked with Mate1.com's CEO, Liz Wasserman on the subject of scamming. – Mark Brooks

What kind of scamming activity have you encountered at Mate1?
We've encountered a wide range of scamming activity. It's evolved over time partly, I think, because people in this industry have been pretty quick to adapt. Scams fall by the wayside as people adapt to them.

In the early days, almost all of it emanated from African countries that don't have laws against wire fraud. From what I could tell, the scammers basically set up call centers full of people who created thousands of fake dating profiles. They would pretend to be very attractive women in the U.S. who were "temporarily" in some African country and needed to get home. They would try to extort money via Western Union. We saw a lot of those, even from Eastern Europe for a while. We actually have a whole catalog of these schemes that we made available on the site (link: http://www.mate1.com/fraud/fraud_warning) because we wanted to tell our members what to look out for.

And then there are the ones you can't really prepare for because they're idiosyncratic. People who are looking for love can be some of the most vulnerable people out there. Anyone who has an attractive picture and can talk their way into someone's heart, basically can very often convince them to send some money. And those often tend to be minor scams, but we do catch them more often than not simply by having undercover customer service agents trolling the site all day long.

We've also used various technologies, like matching up IP's with locations to make sure people aren't misrepresenting where they are, but for the most part it's a matter of constant communication with our customer service department to find out what the latest thing is and to quickly adapt to it.

Have you found the number of scamming incidents increasing?
I think early on we developed a reputation as being tough on scams because it used to be one of our major preoccupations. It ate up a huge amount of our resources. And as we adapted and put in more technological mechanisms to prevent it, scammers who are in-the-know went elsewhere.

Have you found any ways to catch them pre-signup?
There are ways and a lot of them revolve around IP detection – knowing where the person is half the battle. There are certain areas that these people tend to congregate. We have a couple of mechanisms in place to try to shuffle out those people who are clearly suspicious. Luckily, scammers don't tend to be extraordinarily brilliant technologically, so we're able to outsmart them.

I hear the Russians are particularly adept.
We do catch quite a few in Russia and surrounding countries. Then there are some women in Russia who are borderline. You don't know if they're a scammer or just in a really bad situation and you have to be careful to distinguish between the two.

But, yes, they're highly intelligent and highly desperate so you have to watch out for Eastern Europe, for sure. I know there are sites that have blacklists which we do refer to from time to time. I don't know, though, if they're still as good as they used to be. They used to keep fairly up-to-date lists of these personas. There was one called Russianwomenblacklist.com. I think having central repositories that could be intranet shared by people in the industry would be really useful. You just wouldn't want to share it with the scammers.

Any other thoughts on how the industry might be able to work together?
I think people are pretty forthcoming with information in this business. Whenever you meet people at industry events, people like to talk and I think that's a great thing. Anything we in the industry can do to devote and share resources would, in the end, actually be money-saving for all of us. I think it would be great if we could all collaborate and help each other create the best anti-scam systems possible. I would certainly participate in such a thing.

See all posts on Mate1      

iovation CEO Interview, Greg Pierson on WCCO Radio

Posted on October 17, 2008

Greg_pierson_iovation WCCO Twin Cities Radio — Oct 16 — Thousands of people find the love of their lives on online dating sites. Unfortunately, many users of those sites are also finding themselves to be victims of crime. There has been a substantial rise in the number of users who have been ripped off by potential love matches. Joining us now is Greg Pierson, CEO of iovation a company that helps businesses combat fraud.

Q: It would seem to me that people are a little more open and wanting love so that might make them more susceptible to the this kind of scam, no?

A: Exactly right.

Q: Can you explain how it works and what happens?

A: There are a number of problems that the internet creates for us. Namely folks can go on there and be anyone they want to be and adopt new personas, etc. And when folks do “bad things” nothing stops them from coming back and pretending to be somebody else.

So there are layers of problems here. One problem is folks that use stolen identities and credit cards to acquire access to these services and that by itself is a problem for the business and not necessarily a problem for other users directly.

A common practice is to set up a profile that looks like its halfway across the country or maybe even in another part of the world and to appear very, very interested in the person that is ultimately being scammed. And to very slowly but surely gain some confidence and then ask a favor. Hey I’m behind on my bills or I would really love to fly to see you but I just can’t afford it. Can you split it with me? Oh I missed my flight and I’m sorry I spent that money on the electric bill. Can you do this again?

Q: How hard is it to catch them?

A: Catching the individuals is extremely difficult. Preventing it from ever happening again, that’s what we do. Fortunately preventing it from ever happening again is a little bit easier then getting to the real people. We focus on the computer, on the laptop, the PC, the Mac, the PDA whatever the internet device is that consumers are using to connect to the online businesses that we protect. If one of those devices is used to defraud that business or its customer, that problem can “stick to it” at least digitally in our system. When that computer comes back and when that site reaches out to iovation to say ‘hey what do you know about the reputation of this computer?’ We can say: “Hey, warning guys! That computer was used to defraud you in the past so be advised.”

Q: You can imagine the joy that I felt this morning finding out that I was the nearest next of kin to a couple in England who passed away and had millions of dollars that was just for me.

A: Yes exactly, congratulations!

Q: I didn’t even read that far and put this in the spam. It had a blind CC on it, is that dangerous?

A: Yes and there are lots of clues about those kinds of things. But the golden rule of thumb here is the typical – if it sounds too good to be true.

Consumers need to be increasingly aware of the kinds of services that they’re using online because there absolutely are things that online services can do to protect their community. Online businesses need to take responsibility for their part of this problem as well. And there are absolutely some fantastic services and technology out there that online business can use to protect their customers.

LISTEN THE INTERVIEW HERE

See all posts on iovation

Hannah Schwartz, RSVP – CEO Interview

Posted on October 8, 2008

Hannah_schwartzInside Internet Dating Show includes interview with the co-Founder of RSVP.com.au.

 OPW INTERVIEW — Oct 8 — I interviewed Hannah Schwartz, CEO of RSVP in Australia, on the subject of scamming. – Mark Brooks

What kind of scamming have you encountered in the past on RSVP?
We've seen two types of scamming. The first tries to take advantage of a potentially lonely person. I think we tend to call that the Nigerian scam.  We also see a lot of scams originating from Africa.  It usually involves a network of people abroad putting up fake profiles. The profiles are usually of women who court the men and pretend great interest. They talk of a life of wanting to move to Australia and plan to come visit, but at the last minute they unfortunately can't make it. They email the prospect and say their brother-in-law couldn't get the ticket. "Can you wire the money instead?"  Women and men are just as likely to be the target of these scams and what we see is that trust (via email and phone) is built over 3-6 months before the request for money comes into play.

Another type of scam we get involves our hybrid payment plan, where you pay as you go. We've received attempts to scam the model by buying large numbers of the stamps upfront. We now have triggers in place that tell us if a certain level of purchase has happened. We search the IP address of where the purchase originated and have even gone so far as to not allow credit cards that are foreign issues.

Is there anything else you do to try to beat the scammers?
We've spent a lot of time on our site educating our members about these types of scams, but we're not done. We have to constantly educate our users, as well as innovate our back-end systems. We work very closely with authorities, when appropriate. But we also have our own protocols in place where we know some of the telltale signs and bring down suspicious profiles before scammers can make contact with our members. We work very closely with the payment processors who keep master lists of bogus credit cards. We maintain records of anybody we've deemed criminal or suspect and have instituted a warning system when such persons return to the site.

It sounds like you've found a way to catch scammers pre-signup?
Every profile that goes up on our site does not go live instantly. It is proofed by us first. So, you can join up but that doesn't mean we'll bring you live. In essence, we prevent scammers from becoming viewable to the public.

In general, have you seen the number of scamming incidents or scamming attempts increase or decrease?
I would say scamming has leveled.  I don't think we've seen any indication that it's on the rise. I think there is just a steady trickle and because we've put in more and more controls, we actually are getting smarter at preventing it.

How would you like to encourage the Internet dating industry to work together to combat scamming?
It would be terrific if, in the future, the dating industry had a master suspect list that included IP addresses. It would be great if we could share that, as well as develop a means of communicating with each other quickly when new scams crop up. There are security programs out there, like McAfee, that post the latest types of viruses and spyware. It would be terrific if we had something similar – a central place where scams are posted.

See all posts on RSVP

Mike Fitzgerald, BoneFish CEO Interview

Posted on September 18, 2008

Mike_fitzgeraldOPW INTERVIEW — Sep 18 — Mike Fitzgerald is the CEO of BoneFish and interviewed with me on the subject of internet dating scamming and how to stop scammers. – Mark Brooks

What kind of scamming have you encountered on Bone Fish’s affiliate sites?
About 90% of the scamming on Bone Fish’s sites has come from Russian and African scammers. Russian scammers are primarily looking for people to send money to Russian women or to entice members to send airfares and give gifts, etc. 

African scammers are slightly different in that they send out emails relating tales of woe and stating that they have a great deal of money sitting in a bank account in Uganda and are looking for assistance to transfer it into an overseas bank account for a percentage of the sum (or similar).

Bone Fish has tried to combat this matter by bringing on-board a full time risk manager whose sole purpose is to deal with the scamming issue. I would say that at the moment, it is probably our number one priority as it affects our reputation with banks, members and affiliates, who are obviously being hit by the chargebacks on a weekly basis.

Do you ever encounter any types of scamming through the affiliates? Do you ever have any scammers sign up as affiliates?
About three years ago, we had someone from India register as an affiliate. However, upon seeing the affiliate’s average sales rocket about twice as high as our own, we realized that something was wrong. Their conversion rate was about 40-50% instead of 10-15%. Fortunately, we caught them at an early stage and cancelled their account. That's the only scammer I know of who actually signed up as an affiliate.

At the end of the day we try to cut scammers out before they become affiliates. As a result, we don't allow – and we heavily screen – new affiliates from certain countries. For example, potential affiliates from Russia, India and Africa.

How do scammers affect the reputation of your sites and services?
Members that have belonged to the service for two or three years and see some form scamming going on do tend to inform us of the problem so that we can remove the scammer(s) from the site. But, if he/she is a new member who has just registered, it is a very awkward situation and it makes us look very unprofessional. 

However, we do take measures to assure members that their information is safe and that they will meet genuine people on the site. We also take great measures to ensure that members are not contacted by scammers from Russia or Africa, because if they are contacted – especially within their first two or three weeks of being on the site – then it simply looks terrible.

What can the industry do to beat scammers?
Many a time I've looked on the internet for places that work like a “scammer central”. I've managed to find a few websites that list 5,000-7,000 members who are known scammers. However, I do not think that this is the right approach as it lists the names of the individual members (the scammers) that are contacting the members – not where they come from!

What I think the industry needs is a white list and a black list of IP ranges. For example, at Bone Fish Ltd we use an application on our credit card page that grabs the IP address. As such, we have blocked approximately 25% of all IP addresses in the world and still continually adding to the list on a regular basis. I’m hoping that this will catch some 95% of scammers.

With this in mind I don't think that having profiles of known scammers is the way forward. I think people need to sit down and actually look at the more technical side of it and determine where these people are actually coming from. Are they signing up in the UK, paying from Africa and then sending the messages from Africa? Or are they using IP masking tools to stop people from detecting their location? I think that these are the real issues rather than the specific members. I think we need to look at ISP and server-side solutions rather than having a great big database that's simply updated. Ideally, someone needs to put together a site from a technical point of view that will allow people to share techniques on how to block scamming.

Do you have any tips for smaller sites and services to beat scammers?
Yes, at Bone Fish Ltd we do employ a few measures that I am happy to share with you. I think the first thing smaller sites and services should do is get themselves an IP scanning tool which scans the IP addresses of all members that sign up to the site. Coupled with this, I would opt for one of the various merchants or banks on the internet, obtain a list of known high-risk countries and essentially impede all of these countries from being able to access the service – both on the credit card page and during the registration processes. (You have to remember that scammers can sign up in the UK and then pay through Africa, so special attention must be paid to these pages in particular).

The second thing I would recommend to smaller sites is a message frequency service which analyzes the number of messages a member sends out in a day. As such, owners of these sites can then analyze what is going out, and flag anybody who is sending 40 or 50 messages on a daily basis. This will help to assess who needs to be watched carefully and will essentially ensure that these members are not scamming other members. These are perhaps two primary things that will go a long way towards stopping scamming. 

And finally, the third thing I would do is have an email centre which stops .fr and .ru from logging into the service. The Ivory Coast uses .fr and Russia uses .ru. However, this will only work until scammers figure out that they are being blocked. But for the time being, it will certainly get rid of inexperienced scammers. Because every little helps.