OneFora banner
Status
Not open for further replies.
1 - 20 of 77 Posts

·
Administrator
AVS Forum
Joined
·
1,888 Posts
Discussion Starter · #1 · (Edited)
This problem is escalating quickly on all sites and we're currently less prepared to combat it than in the past.

We're at the point when ANY user creates a buy/sell thread with "Wanted" or "WTB" in the title, they get PMs from scammers from new accounts that have little to no posts offering goods via unprotected payment methods.

Attempting to educate the members only goes so far. There will always be those that fall for this.

We can no longer ban regions like Nigeria
We can no longer as admins log into suspected scammer accounts to check PMs.
We can no longer click the one touch ban button to see that a new account has 0 posts but 39 private messages.
We can no longer prevent accounts with low post counts from sending PMs.

What can we do right now? These actions hurt the reputations of the sites and our inability to protect our members amplifies that.
 

·
ArcheryTalk.com
Joined
·
41 Posts
I will echo this same concern, as we are slated to be migrated soon and every day I ban new registrations that are spamming pm's to member with WTB ads listed in our classifieds. Tapatalk is the workaround that they use, as the restrictions we have in place with vBulletin don't allow members to see the classifieds until they have been a member for two weeks and make 20 posts on the forum. We also have a 20 post requirement to send pm's to other members, but... Scammers using TT can see the classifieds immediately and also send messages to members with no post history or time restraints. This is a big problem as there is no way to 'catch' them until someone clues us in or gets scammed. I spend time every day reviewing the new registrations, viewing their private message stats and cross-referencing their multiple IP addresses (all normal things that I can do with vB as an admin) in order to catch the repeat offenders before they send messages to all of the members that have WTB's listed in our classifieds.

I am very fearful that this will really go south quickly if we are unable to deter this type of scammer. It's just a matter of time til they all start doing this to our legitimate members and we can't have that. We need similar tools to those that vB allows us as admins to catch these low-lifes. We don't ban regions, but I need to be able to search IP's, see their private message or conversation statistics. We presently can't read their private communications, but I can at least see that a member that just joined the forum this morning has already sent 30 or 40 pm's to others trying to scam them, then I do an IP search, usually get a hit from a previously spam banned member and spam ban them again.

I also regularly change email addresses, update passwords for members that were victims of the data breach/password updates a few years back, so that is also something that I do on an almost daily basis with AT to this very day. I have not looked into the other forum that we migrated recently to see if I can do that, as it's a newer forum and I don't think it has issues with passwords and old/invalid emails like ArcheryTalk has had since the password change was put into place, but I will look into that this evening.
 

·
ArcheryTalk.com
Joined
·
41 Posts
Just got another one, thanks to a member reporting the scammer's pm that he rec'd.. Newly registered account and I removed 29 pm's that were in the system already. That's probably 28 potential victims that I hopefully spared from being scammed. He had been a member of the forum for 90 minutes.

This is quite a serious issue right now for us.
 

·
Registered
Joined
·
286 Posts
Thanks guys for reporting this.... I'm seeing increased search volume across our sites for "WTB" so they are coming on, registering, and then using built-in search to look for WTB messages, and then PM'in/Conversation'ing them. We'll have to look at some additional steps to warn users or otherwise block this activity (eg. no replying to WTB threads unless you have X)
 

·
Administrator
AVS Forum
Joined
·
1,888 Posts
Discussion Starter · #6 · (Edited)
Suggestions:
Block Nigerian IPs
Ability for staff to see a user's "post to convo" ratio (1 post/37 convos is a scammer).
Popup warning to buy/sell users as they create an ad with what to watch for and a checkbox that the site is not responsible for fraud.
Certain admins can access suspected accounts to check for phishing convos.
Users cannot create a convo without at least one post.
Active alter ego detection and reporting to catch them the moment they return under a new identity.
Ensure that Tapatalk cannot be used to bypass any of it.

Huddler had an interesting algorithm where you earned the ability to create convos based on your post count. If they had to post as many times as they went phishing, it would bring them out and more visible. Most of them never make a single post because they want to remain in the shadows.
 

·
Administrator
OneFora Sherpa
Joined
·
3,534 Posts
Note some additional feedback in this thread HERE that I want to share in this one.

Closing other thread to keep discussion all in this one for the Product team.

Jeff M
 

·
ArcheryTalk.com
Joined
·
41 Posts
Just had two different members post or pm me in regards to scammers. Fortunately they were both on the ball and recognized the MO, but this is a real problem. I just went through and searched out in the admin panel several new users that are clearly spammers, their efforts to blend in are less than perfect, but the fact that they can use Tapatalk to circumvent our restrictions is a huge problem for us right now!

This member joined today -

4690
 

·
ArcheryTalk.com
Joined
·
41 Posts
I fear if I cannot search out these scammers as I can with vB, that we are going to have major problems. I need to be able to see pm stats, search by DOB and the optional fields (real name, type of archery, location), see a list (chronological) of new registrations, cross-check IP addresses (all of the ones that they use/have used) against our database of banned members and related IP's. This is a huge task to have to do manually as I have to now, but if I don't, we will continue to have members being ripped off by the same handful of scammers that have figured out the workaround (and I am sure they will share this with their fellow low-lifes).

We also need to be able to set minimum requirements for accessing (even being able to see) the classifieds sections, send private messages/conversations and have this be effective regardless of what type of device or software (browsers, Tapatalk and other forum navigation apps) are being used by the scammers or...... two options as I see it.... we remove the classifieds from our forum, there goes most of our membership, or... we disallow access using Tapatalk and again, this would have a very negative impact on forum traffic, but to be quite honest, it is far more important to prevent the members from being scammed than to make it a little more difficult for them to access the forum in my opinion.
 

·
ArcheryTalk.com
Joined
·
41 Posts
Another one last night after I cleared them all out earlier in the evening... several reported him/it, so at least many are becoming aware of their MO, send a pm advising them that their friend at this email address has what they are looking for after they list a WTB ad in our classifieds.

4692


4693
 

·
Chief Community Officer
Joined
·
63 Posts
Hey there all,

We're exploring some reputation options for surfacing some signals to members that can help convey trustworthiness. What are your thoughts on employing trophies and trophy points to designate reputation and standing for those engaged in exchanges between members? Or gating the exchange areas to usergroups with certain thresholds of activity? This might be one way of helping to reduce the frequency of fraudulent encounters.

-JP
 

·
Administrator
AVS Forum
Joined
·
1,888 Posts
Discussion Starter · #14 ·
Since the people that fall victim to these tend to already be on the naive side of the scale, I feel that placing any more burden on them to try and figure out trophies and points may be futile.

Cutting the offenders off at the pass with thresholds would be a better solution IMO.

As a user, I would expect the staff to be actively preventing these from happening beforehand vs reacting to complaints from users that it already happened.
 

·
Chief Community Officer
Joined
·
63 Posts
Setting granular thresholds to participate in various ways in the sales and trading exchanges is probably the best way to work preventative measures into the mix. Would welcome any theorycrafting on what type of gating thresholds or expectations that aren't too onerous to still keep listings legit, from you guys.

I will note though, that there are some folks out there for whom the old truism that "a fool and his money are soon parted", and even eBay, PayPal, and craigslist operate a massive amount of fraud resolution service operations for their platforms with little in the way that can stop the naive or gullible from being taken advantage of. Education and awareness is the best remedy for that - though we can look into doing better with signposting some of these in the areas where they're more likely to happen. Raising the warning of Caveat Emptor - Buyer Beware and requiring acknowledgement of must-know things before participating in those forums could be helpful options we can look into.

-JP
 

·
Registered
Joined
·
286 Posts
I also like the idea of surfacing Gmail style warnings in bright red that say this user has only X posts, and is writing from an IP in XYZ country. Please be extra cautious, with a link to a "spotting online fraud" thread.
Thoughts?
 

·
ArcheryTalk.com
Joined
·
41 Posts
JP, for us it would be fairly simple if it would work as it should.. We require a minimum of 20 posts in the open forums and also a two week wait after registration. Both of those are required to even view or see the classifieds and also to post in them. We would also like those requirements to apply to sending pm's or private conversations to other members in the forum. Most scammers won't go to the trouble, or if they do try to, they will likely trip up and the members will report them, or the mods will catch them by their postings.

These do, however, require that all methods of accessing the forum (i.e. - Taptalk in particular) support these requirements. It's pretty simple and for those not using TT to access the forum, they have been pretty effective.

I also agree with Mike in that we need proactive tools and ways to catch those that find a way around the requirements.

We have rules posted, stickies, announcements and active live threads in most of our busy subforums to make members aware of these issues, but... it only works for those that bother to take the time to read and understand and unfortunately, that is not always the majority...
 

·
Administrator
AVS Forum
Joined
·
1,888 Posts
Discussion Starter · #18 ·
In the vast majority of cases, the thieves aren't participating in the classifieds at all other than their ability to see them. They then start private convos via Tapatalk with dozens of potential victims pretending to have the desired item.

As someone who's always looking to make the user's experience better while keeping them somewhat protected, the idea of losing tools that do just that and shifting responsibility to the user will take some getting used to. It feels kind of icky. Like victim blaming/shaming.

I'd much rather get a notification that a new user just signed up from the same device as a scammer banned yesterday and cut them off than get complaints after the fact that the scammer got in and sent 50 fraud convos. Even if no one fell for it. I'm still banning the same scammer but sparing 50 users the negative experience on the site.

Now sometimes plain text makes it difficult to decipher intent. Maybe we're all on board for getting the stuff mentioned in post 6 deployed in the future? Maybe we're just focusing on what we can do in the meantime?

If so, I'd say a barrier to sending convos on new accounts with little to no posts that carries over to Tapatalk is a good start.
 

·
Registered
Joined
·
286 Posts
If Tapatalk is the problem, that may be easier to solve for. My concern is that if we block Tapatalk they'll just use the site.
Regardless, we will likely need a multi-faceted approach with some quick/easy stuff now... And then more later when we can spend more dev cycles
 

·
Administrator
AVS Forum
Joined
·
1,888 Posts
Discussion Starter · #20 ·
If Tapatalk is the problem, that may be easier to solve for. My concern is that if we block Tapatalk they'll just use the site.
Regardless, we will likely need a multi-faceted approach with some quick/easy stuff now... And then more later when we can spend more dev cycles
They use Tapatalk because so many vB sites already have minimum post count limitations for sending convos.

In vB, Tapatalk bypasses that. I don't even know if the same is true for XF. We'd need a minimum post count for convos established on XF and then test whether or not Tapatalk is included or bypasses it still.
 
  • Like
Reactions: HeyChris
1 - 20 of 77 Posts
Status
Not open for further replies.
Top