Your SlideShare is downloading. ×

Abc of hoax site investigation


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. ABC of Hoax Site Investigation
  • 2. What is a Hoax/Phishing Site? A site designed to steal passwords / numbers / sensitive information. Disguised as a trustworthy entity so people fall for the scam
  • 3. Hoax site history at Full Tilt First hoax site appeared back in November 2005. A lot of money stolen in March 06. A lot of money stolen in Sept 06, however we were able to recover 90% Seeing a new hoax site every few days Majority of hoax sites appear to be from the same group. Very professional. Very few other phishing scams appear.
  • 4. Our Job Respond to all hoax/phishing related questions. Investigate accounts to see if they have been compromised. Forward any accounts that have had funds stolen to Fraud Queue in Kana
  • 5. New Procedures Handbook entry:file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related %20Emails.html Answer emails in Hoax Related queue Determine if player is informant or victim Place restrictions on account Respond to player addressing concerns and educate them
  • 6. Email review – Victim or Informant? Case #1----- Original Message ----- From: TOM LOUIETo: support@sign-fulltiltpokercomSent: Monday, February 26, 2007 5:22 PMSubject: $50000 giveawayhi, this is jenl88 again. at 2-14-2007 about 4am I was informed thattwo players visit try will get the $50000 I did it gave you all the informations ss # credit card # and allthe informations. it said the funds will deposit to my credit cardaccount. now I havent get it yet. it said if I dont get it yet I shoulde-mail to you after 5 business days. please let me know whathappen. thank you!!
  • 7. Case #1 - Victim Apply Restrictions Review Know100 Respond to player. In this case we would add the web address to report Social Security Number fraud.( .htm)
  • 8. Email review – Victim or Informant? Case #2To: support@fulltiltpokercomSent: 03/03/07 8:14 PMSubject: Received this chat during tournament play…ACEPUTZ (Observer):========================================System: FullTilt Poker giveaway $50,000. The firsttwo players from this table who visit the they will win $25,000.Hurry tilters!!! Admin : Chris Ferguson
  • 9. Case #2 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
  • 10. Email review – Victim or Informant? Case #3To: security@fulltiltpokercomSent: 03/03/07 8:17 PMSubject: scamMy name is Joseph Welcome..My Full tilt nicname is anvil1765 mylisted email address is I was playing $10+111pm tourney game# 13906402 at table #33 when an observenames ACEPUTZ did the $50,000 give away scam....Just letting uknow
  • 11. Case #3 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
  • 12. Email review – Victim or Informant? Case #4To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: scamI received this message while playing poker at your site. Ina moment of stupidity I logged on to the site it looked likethe full tilt site so I gave them my login and e-mail but didnot give them my password on the next page it asked for netteller or credit card info and then I realized that I wasmaking a mistake. Do I need to change my login?
  • 13. Case #4 – Victim Player informed us that they didn’t give password We do not need to place restrictions on account. Respond to player requesting they change their password just to be safe.
  • 14. Email review – Victim or Informant? Case #5To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: Very URGENT!! Please helpI went to the website, and it was full-tilt poker website, ittold me that I am the second visitor and asked me for my Idand e-mail address. I filled it out and clicked next, and then itasks me for my epassporte ID and password. This is where Iam right now. I want to know if this offer is legit.Please reply ASAP.
  • 15. Case #5 – Victim Player entered PlayerID and email, and was waiting for us to respond Assume player was impatient and entered details. Follow standard victim procedures
  • 16. Email review – Victim or Informant? Case #6To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: possible scamThis was posted in the message part of the table during tournament13449279. I went to the site and they said congrats etc, fill outname, password, and e-mail address. I did and then it said youcould not put the money in my Full tilt account and offered optionslike paypal. That is when I quit the process.I changed my password to my account. My screename is 2007orBustand my e-mail address is let me know i this was a fraud and if I need to do anythingfurther.
  • 17. Case #6 – Victim Player entered PlayerID and email. However they had informed us that they had changed their password. Therefore account is secure. No need to place restrictions or reset password. Confirm for player that this was a hoax site, and thank them for changing password.
  • 18. Reading Know100 Run a Know100 with a big threshold like 9999999 We are looking for a foreign login over the past few days. Clean logins Foreign Logins
  • 19. Evidence of chip dumping
  • 20. Restricting Account1. Select the ‘Security & Limits’ tab in WAT2. Check ‘No Play’, ‘No Mix, ‘No Deposit’, ‘No Transfer’, ‘No Chat’ and hit Submit and Accept.1 2
  • 21. Reset Password On Player Summary page, select Reset Password. Enter ‘Hoax Site Victim – Resetting Password’
  • 22. Notate account In WAT, notate account with: “HOAX: Victim of hoax site. No foreign logins found. Reset password and placed restrictions on account. Once player emails in confirming they have changed their password, please remove restrictions.”Note: Please ensure player doesn’t have any current chat related bans.
  • 23. Sending Email We will be using templates, however it should be customized just like every other email If they mention a payment processor, provide their contact details. If they say a credit card, then get them to contact their bank Sympathize with the player Educate with links to our identity protection page.
  • 24. Account used to spam hoax site1. Boot player from system.2. Notate account with: “Hoax Site victim – Used to spam hoax site”3. Restrict account.4. Send player an email.5. Follow handbook to have website removed Note: Do not TRAP account. This will only cause headaches for us.
  • 25. Evidence of stolen funds Pause account IR the player explaining their account has been compromised and we are investigating. Route the follow-up to the fraud queue