What is a Hoax/Phishing Site? A site designed to steal passwords / numbers / sensitive information. Disguised as a trustworthy entity so people fall for the scam
Hoax site history at Full Tilt First hoax site appeared back in November 2005. A lot of money stolen in March 06. A lot of money stolen in Sept 06, however we were able to recover 90% Seeing a new hoax site every few days Majority of hoax sites appear to be from the same group. Very professional. Very few other phishing scams appear.
Our Job Respond to all hoax/phishing related questions. Investigate accounts to see if they have been compromised. Forward any accounts that have had funds stolen to Fraud Queue in Kana
New Procedures Handbook entry:file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related %20Emails.html Answer emails in Hoax Related queue Determine if player is informant or victim Place restrictions on account Respond to player addressing concerns and educate them
Email review – Victim or Informant? Case #1----- Original Message ----- From: TOM LOUIETo: support@sign-fulltiltpokercomSent: Monday, February 26, 2007 5:22 PMSubject: $50000 giveawayhi, this is jenl88 again. at 2-14-2007 about 4am I was informed thattwo players visit try fulltiltpoker.com will get the $50000 giveaway.so I did it gave you all the informations ss # credit card # and allthe informations. it said the funds will deposit to my credit cardaccount. now I havent get it yet. it said if I dont get it yet I shoulde-mail to you after 5 business days. please let me know whathappen. thank you!!
Case #1 - Victim Apply Restrictions Review Know100 Respond to player. In this case we would add the web address to report Social Security Number fraud.(http://www.ssa.gov/oig/hotline/index .htm)
Email review – Victim or Informant? Case #2To: support@fulltiltpokercomSent: 03/03/07 8:14 PMSubject: Received this chat during tournament play…ACEPUTZ (Observer):========================================System: FullTilt Poker giveaway $50,000. The firsttwo players from this table who visit the websitewww.win50k-fulltiltpoker.com they will win $25,000.Hurry tilters!!! Admin : Chris Ferguson
Case #2 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
Email review – Victim or Informant? Case #3To: security@fulltiltpokercomSent: 03/03/07 8:17 PMSubject: scamMy name is Joseph Welcome..My Full tilt nicname is anvil1765 mylisted email address is email@example.com. I was playing $10+111pm tourney game# 13906402 at table #33 when an observenames ACEPUTZ did the $50,000 give away scam....Just letting uknow
Case #3 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
Email review – Victim or Informant? Case #4To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: scamI received this message while playing poker at your site. Ina moment of stupidity I logged on to the site it looked likethe full tilt site so I gave them my login and e-mail but didnot give them my password on the next page it asked for netteller or credit card info and then I realized that I wasmaking a mistake. Do I need to change my login?
Case #4 – Victim Player informed us that they didn’t give password We do not need to place restrictions on account. Respond to player requesting they change their password just to be safe.
Email review – Victim or Informant? Case #5To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: Very URGENT!! Please helpI went to the website, and it was full-tilt poker website, ittold me that I am the second visitor and asked me for my Idand e-mail address. I filled it out and clicked next, and then itasks me for my epassporte ID and password. This is where Iam right now. I want to know if this offer is legit.Please reply ASAP.
Case #5 – Victim Player entered PlayerID and email, and was waiting for us to respond Assume player was impatient and entered details. Follow standard victim procedures
Email review – Victim or Informant? Case #6To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: possible scamThis was posted in the message part of the table during tournament13449279. I went to the site and they said congrats etc, fill outname, password, and e-mail address. I did and then it said youcould not put the money in my Full tilt account and offered optionslike paypal. That is when I quit the process.I changed my password to my account. My screename is 2007orBustand my e-mail address is firstname.lastname@example.org.Please let me know i this was a fraud and if I need to do anythingfurther.
Case #6 – Victim Player entered PlayerID and email. However they had informed us that they had changed their password. Therefore account is secure. No need to place restrictions or reset password. Confirm for player that this was a hoax site, and thank them for changing password.
Reading Know100 Run a Know100 with a big threshold like 9999999 We are looking for a foreign login over the past few days. Clean logins Foreign Logins
Restricting Account1. Select the ‘Security & Limits’ tab in WAT2. Check ‘No Play’, ‘No Mix, ‘No Deposit’, ‘No Transfer’, ‘No Chat’ and hit Submit and Accept.1 2
Reset Password On Player Summary page, select Reset Password. Enter ‘Hoax Site Victim – Resetting Password’
Notate account In WAT, notate account with: “HOAX: Victim of hoax site. No foreign logins found. Reset password and placed restrictions on account. Once player emails in confirming they have changed their password, please remove restrictions.”Note: Please ensure player doesn’t have any current chat related bans.
Sending Email We will be using templates, however it should be customized just like every other email If they mention a payment processor, provide their contact details. If they say a credit card, then get them to contact their bank Sympathize with the player Educate with links to our identity protection page.
Account used to spam hoax site1. Boot player from system.2. Notate account with: “Hoax Site victim – Used to spam hoax site”3. Restrict account.4. Send player an email.5. Follow handbook to have website removed Note: Do not TRAP account. This will only cause headaches for us.
Evidence of stolen funds Pause account IR the player explaining their account has been compromised and we are investigating. Route the follow-up to the fraud queue