Cheaters using info from known/legit webmasters to stay under the radar
 

I've been running into this a lot lately, and it appears from other threads that I've seen that this is a growing practice among fraudulent webmasters: they get their hands on contact information for webmasters who are well-established and trusted, and use that information to establish accounts through which they then pass fraudulent signups. I'm sure the theory here is that using a known/established webmaster's info deflects suspicions concerning their account, and helps them stay 'under the radar' when programs scan for fraudulent accounts.

One common feature I've noticed with such accounts is the use of free email domains for their contact email address in combination with receiving their payments through ePassporte. Sometimes they will establish the account with the pay by method set to check, then log in later to change that over to ePass.

The contact email address they supply often looks consistent with the other information provided; for example, if they were using Xmoney's contact info to establish the account, they might provide an email address of xmoney@gmail or xmoney@yahoo.

I've shut down or rejected applications from at least a couple dozen accounts that are trying this scam, and it doesn't appear that they are letting up. My hunch is that a very small number of people are involved (maybe even just 1 guy), but they sure are persistent.

So -- program operators, if you find an account that appears to be cheating, and the URL and contact info supplied for that account is from an established webmaster, don't assume that someone legit has crossed over to the dark side... it's probably an impostor. :2 cents:

- Q.

hey Q, this is worth a bump:thumbsup

Hey Q:

We have found similar instances and unfortunately fraud continues to be one area of our business that continues to evolve. Seeing that it is harder to find quality webmasters in today's business environment we still continue to retool our fraud controls.

This is now emphasized with the advent of merchant accounts. There is more accountability on the affiliate program to not only control fraud and charge backs, yet there is new responsibilities with strong customer service programs to also include fraud control.

This industry is known for sharing knowledge, yet in all my experiences, fraud control still remains to be based on experience and a true trade secret that remains proprietary.

Can't you match up EIN numbers with address?

Why dont you just dont allow duplicate name/adress and everything else..?

Sorry guys i'll be a little sneakier next time.

Whoever is doing it might be reading the boards, so the information posted is probably useless now as they will change their approach.

I understand where you're coming from, and this is precisely why I don't typically disclose publicly any information about how I identify/catch cheaters. In this scam, however, legitimate webmasters are being affected, and it's not going to stop unless or until the cheaters change their approach... so in this particular instance, getting them to change their MO is part of the goal.

This would work when the legitimate webmaster in question already has an account on the same program the cheater is trying to sign up for -- we're fairly new, and as such there are many legitimate/established webmasters who do not already have Xmoney accounts.

The quickest way to stop them is to limit epass payments......

And hurt 100's of legit webmasters??

What is your idea exactly?

If you are uncertain about a webmaster ask for a copy of ID to determine who the person is. If you are legit I don't see a reason why you would not provide it if you can block out the sensitive information.
If someone changes payout information put the payout on hold until you have verified the person.

I know ARS required me to send a copy of ID a long time ago and I never considered not sending it why would I

Good Post Quentin.. txs for the headup :thumbsup