

How  to Sniff Out Online Fakers - brandonb
http://gigaom.com/cloud/5-ways-to-sniff-out-online-fakers/

======
brandonb
Hey, OP here! I work at Sift Science, who provided all the facts for this
article.

It's been crazy to see how far fraudsters will go to create fake accounts.
We've seen people in the Phillipines use Twilio accounts, for example, to fool
SMS verification and look like a U.S. user. People scripting the creation of
thousands of accounts. People distributing malware via Chrome extensions to
take over legitimate users' accounts.

Are any of you out there are dealing with malicious user behavior --
fraudsters, spammers, account takeover, etc.? I'd be happy to answer
questions!

~~~
mootothemax
Do you also look at - or have a chance to look at - timezones as reported by
the user's browser, or as selected by the user?

One of my services, TweetingMachine, used to have a massive problem with
spammers going out of their way to abuse it. However, before a user can
schedule a tweet, they have to select their timezone.

Problem solved! There are three or four specific timezones always chosen by
the bad guys, and every ten minutes a script ran through the database banning
users whose timezones fell into this list.

The surprisingly thing for me was that given the effort of constantly trying
to get past my other detection scripts, the spammers either never worked out
what was happening, or simply didn't choose a different timezone.

In hindsight, it's quite a cute test, and one that it looks like few of the
bad guys bother to adjust (i.e. the time their browser reports via JS) or are
aware of.

~~~
Evbn
This is why legitimate Nigerians and Chinese are banned from half the
Internet.

~~~
mootothemax
It's not ideal, but past a certain point, as a saas operator you're caught
between a rock and a hard place. The best I've been able to come up with is a
"do you think this is a mistake" button, which spammers tend to not click.

Still not nice to know that I'm treating people like second-class Internet
citizens. At the same time, my available time is extremely limited, so lessor
or two evils - for me - it is.

~~~
adgar2
Users on HN complain every single day about service companies like Google who
remove content or close accounts that haven't broken any rules.

Do you have anything to say to those users, as an operator of a large SaaS
provider that deals with fraud/spammers daily?

~~~
Dylan16807
That's mostly because Google has zero customer support. They rely purely on
their automated systems. False positives by themselves are not the issue.

~~~
adgar2
It sounds like the person I'm asking is doing the _exact_ same thing, but they
haven't scaled up to the tens of billions yet. I'm asking how he intends to
scale his model.

~~~
mootothemax
_I'm asking how he intends to scale his model._

Heh, as I alluded to in my reply to your other comment, for TweetingMachine at
least, I have _zero_ intent of scaling; tt's a small tool, and will remain a
small tool (can't even remember if I've done any work on it in the whole of
2012) whilst I focus my energies elsewhere.

So, being quite so harsh was a means to an end. At the same time, if I
experience abuse of any of my other services, it'll definitely be a marker
I'll use for more manual investigation.

------
tisme
If you haven't dealt with an elevated fraud risk yet then you are not yet
running a successful business.

Dealing with fraud and abuse takes up a good percentage of the time and other
resources at any successful online service. If you don't budget for that and
automate it as much as you can then you will possibly fail even though the
rest of your service is doing fine.

------
ilamont
I support having better systems for catching fake accounts and sock puppets,
but I am concerned about the potential for new
systems/profiles/countermeasures to make online life very difficult for
innocent users. We've seen this happen with captchas; the zeal to stop bots
has made registering for certain sites or leaving comments nearly impossible
for a lot of people. Michael Arrington had this problem recently on Tigers.com
(1).

As for the criteria named in the featured article, I work late every night,
and I use Yahoo Mail for almost all "casual" account signups to catch spam,
unwanted newsletters, and other notifications that I would rather not deal
with in my other email inboxes. I would hate to see these be used as an excuse
to target me for more intrusive registration steps or deny me access to
various sites or services.

1) <http://twitter.com/arrington/status/236893640365068288>

------
derwiki
Fraud detection seem to be a staple of a lot of successful software companies
(Paypal and Yelp come to mind immediately). Great to see a SaaS solution for
this pain!

------
rogerbinns
How do you plan to deal with false positives (guess who is often awake at 3am
:) By that I mean are you returning a probability to your customers and they
pick their level of comfort/risk or is it some binary answer?

------
dparham0
Great to see machine learning used in this way. I hope this lowers prices on
services now that other companies don't have to do this work in house.

------
Geekette
I find the statement _Most traffic coming from Nigeria is fraudulent_ to be
bollocks. Like many countries, criminals comprise a minority of the Nigerian
population and correspondingly, net fraudsters comprise a minority of the
Nigerian online population.

Interestingly, the 2011 top 10 countries by # of reported complaints of net
fraud are: 1) United States 90.99% 2) Canada 1.44% 3) United Kingdom 0.97% 4)
Australia 0.66% 5) India 0.50% 6) Puerto Rico 0.22% 7) South Africa 0.22% 8)
France 0.19% 9) Germany 0.19% 10) Russian Federation 0.17%

Source: Internet Crime Complaint Center (FBI)
www.ic3.gov/media/2012/120511.aspx

~~~
btilly
_I find the statement Most traffic coming from Nigeria is fraudulent to be
bollocks._

I don't.

Criminals are minority of the Nigerian population, but that minority spends an
inordinate amount of their energy trolling online and looking for new venues
that regular Nigerians are not likely to visit.

Therefore if you're a US based and targeted company, the majority of YOUR
Nigerian traffic IS likely to be fraud. It isn't most of the fraud that you've
got to deal with, but it is likely to be so ridiculously obvious and easy to
deal with that you'd be a fool not to.

(Of course this is widely enough known that Nigerian scammers use proxies to
hide their origin.)

~~~
DJN
The jury is still out on this one. Unless you can show some numbers, it's hard
to see this as anything but a subjective extrapolation of the facts.

Nonetheless, Sift Science's claim is at best poorly worded because it gives
armor to the false and unfair interpretation that the majority of regular
Nigerians folks are fraudulent, which by itself begs the question.

~~~
btilly
I no longer have numbers. It was several years ago that I was working for a
US-only company that decided to add a customer to customer piece, then got
targeted by scammers. But we definitely rediscovered the fact that IPs from
Nigeria were entirely scammers, and so were messages saying Nigeria. Oh, and
"Western Union" was not a phrase you want to see and so on.

It was a black hole sink. And since it was at best marginal to that business,
that piece eventually got shut down.

------
mcanon
If you're interested in fake registration detection, see also this
presentation on a 2-day rush development effort to implement fraudulent
account detection at Groupon.
<http://www.infoq.com/presentations/Bootstrapping-Clojure> It's also about the
awesomeness Clojure, but much of the meat is in the fraud detection algorithm
itself.

------
Tipzntrix
This is some good stuff. I'm definitely looking forward to seeing what can be
done with it and perhaps the spam all over certain phpBB forums, etc, can be
fixed. Of course, those are just the little fish.

------
compy
At this point in time, they should probably know it's comcast.net, and not
comcast.com which is for their employees.

------
witoldc
My initial feeling is that the most crud left behind is from professional
fakers, aka menial labor from India/Phils/etc. That's where one can buy fake
reviews en masse.

That explains point 1, 2, 3, 5 and possibly even point 4. (working time
difference, and cheap equipment.)

The key to detecting fake accounts is tractability. That's why FB logins are
gold. You can look at the account and - most of the time - it is easy to tell
if it's real or fake.

The problem is that many sites want volume, not quality. They just let anyone
"add content". This is a an easily solvable problem that most sites do not
actually care to solve.

~~~
Evbn
Easy to solve if someone publishes a credibility guide to websites, based on
this analysis.

~~~
witoldc
It's just simple business rules.

Is it really that hard for you to tell a fake FB/twitter account from a real
one that you couldn't code the logic?

You don't even have to code it. You just need to link it. If someone is
reading the review, they can go back to the person that wrote it and judge for
themselves.

