ABC of Hoax Site  Investigation
What is a Hoax/Phishing Site?   A site designed to steal passwords /    numbers / sensitive information.   Disguised as ...
Hoax site history at Full Tilt   First hoax site appeared back in November    2005.   A lot of money stolen in March 06....
Our Job   Respond to all hoax/phishing related    questions.   Investigate accounts to see if they    have been compromi...
New Procedures   Handbook entry:file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related  ...
Email review – Victim or Informant?                          Case #1----- Original Message ----- From: TOM LOUIETo: suppor...
Case #1 - Victim   Apply Restrictions   Review Know100   Respond to player. In this case we would add the web  address ...
Email review – Victim or Informant?                       Case #2To: support@fulltiltpokercomSent: 03/03/07 8:14 PMSubject...
Case #2 - Informant   Send template XXX.XXX   We thank these players for letting us    know. Tell them how much we value...
Email review – Victim or Informant?                        Case #3To: security@fulltiltpokercomSent: 03/03/07 8:17 PMSubje...
Case #3 - Informant Send template XXX.XXX We thank these players for letting us  know.  Tell them how much we value play...
Email review – Victim or Informant?                        Case #4To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubje...
Case #4 – Victim   Player informed us that they didn’t    give password   We do not need to place restrictions    on acc...
Email review – Victim or Informant?                       Case #5To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubjec...
Case #5 – Victim   Player entered PlayerID and email,    and was waiting for us to respond   Assume player was impatient...
Email review – Victim or Informant?                         Case #6To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubj...
Case #6 – Victim   Player entered PlayerID and email.   However they had informed us that    they had changed their pass...
Reading Know100   Run a Know100 with a big threshold like 9999999   We are looking for a foreign login over the past    ...
Evidence of chip    dumping
Restricting Account1. Select the ‘Security & Limits’ tab in   WAT2. Check ‘No Play’, ‘No Mix, ‘No Deposit’,   ‘No Transfer...
Reset Password   On Player Summary page, select    Reset Password. Enter ‘Hoax Site    Victim – Resetting Password’
Notate account   In WAT, notate account with:    “HOAX: Victim of hoax site. No foreign     logins found. Reset password ...
Sending Email   We will be using templates, however it    should be customized just like every other    email   If they ...
Account used to spam hoax site1.   Boot player from system.2.   Notate account with:     “Hoax Site victim – Used to spam ...
Evidence of stolen funds   Pause account   IR the player explaining their    account has been compromised and    we are ...
Upcoming SlideShare
Loading in …5
×

Abc of hoax site investigation

411 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
411
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Abc of hoax site investigation

  1. 1. ABC of Hoax Site Investigation
  2. 2. What is a Hoax/Phishing Site? A site designed to steal passwords / numbers / sensitive information. Disguised as a trustworthy entity so people fall for the scam
  3. 3. Hoax site history at Full Tilt First hoax site appeared back in November 2005. A lot of money stolen in March 06. A lot of money stolen in Sept 06, however we were able to recover 90% Seeing a new hoax site every few days Majority of hoax sites appear to be from the same group. Very professional. Very few other phishing scams appear.
  4. 4. Our Job Respond to all hoax/phishing related questions. Investigate accounts to see if they have been compromised. Forward any accounts that have had funds stolen to Fraud Queue in Kana
  5. 5. New Procedures Handbook entry:file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related %20Emails.html Answer emails in Hoax Related queue Determine if player is informant or victim Place restrictions on account Respond to player addressing concerns and educate them
  6. 6. Email review – Victim or Informant? Case #1----- Original Message ----- From: TOM LOUIETo: support@sign-fulltiltpokercomSent: Monday, February 26, 2007 5:22 PMSubject: $50000 giveawayhi, this is jenl88 again. at 2-14-2007 about 4am I was informed thattwo players visit try fulltiltpoker.com will get the $50000 giveaway.so I did it gave you all the informations ss # credit card # and allthe informations. it said the funds will deposit to my credit cardaccount. now I havent get it yet. it said if I dont get it yet I shoulde-mail to you after 5 business days. please let me know whathappen. thank you!!
  7. 7. Case #1 - Victim Apply Restrictions Review Know100 Respond to player. In this case we would add the web address to report Social Security Number fraud.(http://www.ssa.gov/oig/hotline/index .htm)
  8. 8. Email review – Victim or Informant? Case #2To: support@fulltiltpokercomSent: 03/03/07 8:14 PMSubject: Received this chat during tournament play…ACEPUTZ (Observer):========================================System: FullTilt Poker giveaway $50,000. The firsttwo players from this table who visit the websitewww.win50k-fulltiltpoker.com they will win $25,000.Hurry tilters!!! Admin : Chris Ferguson
  9. 9. Case #2 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
  10. 10. Email review – Victim or Informant? Case #3To: security@fulltiltpokercomSent: 03/03/07 8:17 PMSubject: scamMy name is Joseph Welcome..My Full tilt nicname is anvil1765 mylisted email address is anvil1765@yahoo.com. I was playing $10+111pm tourney game# 13906402 at table #33 when an observenames ACEPUTZ did the $50,000 give away scam....Just letting uknow
  11. 11. Case #3 - Informant Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker
  12. 12. Email review – Victim or Informant? Case #4To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: scamI received this message while playing poker at your site. Ina moment of stupidity I logged on to the site it looked likethe full tilt site so I gave them my login and e-mail but didnot give them my password on the next page it asked for netteller or credit card info and then I realized that I wasmaking a mistake. Do I need to change my login?
  13. 13. Case #4 – Victim Player informed us that they didn’t give password We do not need to place restrictions on account. Respond to player requesting they change their password just to be safe.
  14. 14. Email review – Victim or Informant? Case #5To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: Very URGENT!! Please helpI went to the website, and it was full-tilt poker website, ittold me that I am the second visitor and asked me for my Idand e-mail address. I filled it out and clicked next, and then itasks me for my epassporte ID and password. This is where Iam right now. I want to know if this offer is legit.Please reply ASAP.
  15. 15. Case #5 – Victim Player entered PlayerID and email, and was waiting for us to respond Assume player was impatient and entered details. Follow standard victim procedures
  16. 16. Email review – Victim or Informant? Case #6To: security@fulltiltpokercomSent: 03/03/07 8:28 PMSubject: possible scamThis was posted in the message part of the table during tournament13449279. I went to the site and they said congrats etc, fill outname, password, and e-mail address. I did and then it said youcould not put the money in my Full tilt account and offered optionslike paypal. That is when I quit the process.I changed my password to my account. My screename is 2007orBustand my e-mail address is overnightllc@aol.com.Please let me know i this was a fraud and if I need to do anythingfurther.
  17. 17. Case #6 – Victim Player entered PlayerID and email. However they had informed us that they had changed their password. Therefore account is secure. No need to place restrictions or reset password. Confirm for player that this was a hoax site, and thank them for changing password.
  18. 18. Reading Know100 Run a Know100 with a big threshold like 9999999 We are looking for a foreign login over the past few days. Clean logins Foreign Logins
  19. 19. Evidence of chip dumping
  20. 20. Restricting Account1. Select the ‘Security & Limits’ tab in WAT2. Check ‘No Play’, ‘No Mix, ‘No Deposit’, ‘No Transfer’, ‘No Chat’ and hit Submit and Accept.1 2
  21. 21. Reset Password On Player Summary page, select Reset Password. Enter ‘Hoax Site Victim – Resetting Password’
  22. 22. Notate account In WAT, notate account with: “HOAX: Victim of hoax site. No foreign logins found. Reset password and placed restrictions on account. Once player emails in confirming they have changed their password, please remove restrictions.”Note: Please ensure player doesn’t have any current chat related bans.
  23. 23. Sending Email We will be using templates, however it should be customized just like every other email If they mention a payment processor, provide their contact details. If they say a credit card, then get them to contact their bank Sympathize with the player Educate with links to our identity protection page.
  24. 24. Account used to spam hoax site1. Boot player from system.2. Notate account with: “Hoax Site victim – Used to spam hoax site”3. Restrict account.4. Send player an email.5. Follow handbook to have website removed Note: Do not TRAP account. This will only cause headaches for us.
  25. 25. Evidence of stolen funds Pause account IR the player explaining their account has been compromised and we are investigating. Route the follow-up to the fraud queue

×