Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5.16.1 handling a new hoax site

491 views

Published on

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

5.16.1 handling a new hoax site

  1. 1. Tiltproof Incorporated Document No. 5.16.1 Effective Date 04/27/2007 Handling a New Hoax Site Revision Date 07/27/2007 Approval GN1.0Purpose: This document establishes how to handle a new hoax site.2.0 1) Supervisors and above.PersonsAffected:3.0 1) Printable version: tpfs1nwworkflow$HANDBOOKPrintForms, Versions5.16.1 Handling a New Hoax Site.docChecklists,Flowchart:4.0Policy:5.0 A) Reporting a New Hoax SiteProcedure: 1) Alert the Hoax Team at <hoaxteam@tiltproof.ca> and CC <supervisors@tiltproof.ca> immediately if you become aware of a new hoax website. 2) A member of the Hoax Team or a Supervisor will do the following. 3) Go to <www.dnsstuff.com> and enter the web address into the “WHOIS” and “Abuse Lookup” fields. 4) Find out who is hosting the website, most likely Yahoo. Select “get results with the E-mail addresses” to find the contact email address for the hosting site. 5) Send the template email below to the contact email address/es with the appropriate CC: from the Fraudoperations@fulltiltpoker.com email address, and BCC: pmclaughlin@pocketkings.ie (You should never send email to any non-Tiltproof or non-Pocket Kings party from your personal Tiltproof.ca address.).
  2. 2. Tiltproof Incorporated 6) Follow the steps below while waiting for a reply (Section B). 7) Once you receive a reply from the company hosting the site saying that the website has been removed, please forward to <supsopsscsrs@tiltproof.ca>, <iimrich@ijilaw.com>, < fraudsquad@tiltproof.ca> if they weren’t CC:ed in the reply. a) CC the specific processor if the hoax site was asking for the particular processors account numbers. These are INTERNAL and not to be given to player’s.  NETELLER < Investigations@neteller.com >  MyWebATM < charles@opusfinancials.com >  ePassporte < brian.branam@epassporte.com >, and < annelies.manuel@epassporte.com >  Click2Pay < martin.osterloh@wirecard.com > B) Procedure to Follow While Waiting for a Reply 1) Alert the Supervisor to get a message out to the current shift about the site, and to suggest they review the PR document in the handbook about handling responses to hoax emails. C) Supervisor’s Procedure to Follow While Waiting for a Reply 1) Assign someone to run a chat scan for the hoax website every 5-10 minutes.  Run the ChatScan macro or manually do this by typing FTT_Followd chatscan 1 ".com" 1>chatscan.txt into the command prompt 2) Add the hoax website to the  Announcements Page  Huddle Notes  [S:FTP_Fraud_DepartmentHoaxHoax Site Log.xls]  White Boards (if needed) D) Email Template To: (If Yahoo) <reportabuse@yahoo-inc.com>, <abuse@yahoo-inc.com>, <copyright@yahoo-inc.com>, <domains-abuse@cc.yahoo-inc.com> Cc: <supsopsscsrs@tiltproof.ca>, <iimrich@ijilaw.com>, <hoaxteam@tiltproof.ca>, the processors should be CC’d when appropriate. Content: Hello, It has come to our attention that you may be hosting a site which is attempting
  3. 3. Tiltproof Incorporated to defraud customers of FullTiltPoker.com. Please review your hosting for: _____________________ XXXFOR SCAM SITESXXX This is a site which is attempting to "scam" users passwords for their FullTiltPoker logins, as well as many transaction processor websites (essentially online banks) such as NETELLER, ePassporte, PayPal, and Moneybookers. The site is also in breach of copyright laws. XXXFOR KEYLOGGING SITESXXX This site attempts to install malicious key-logging software onto unsuspecting players computers and is in breach of copyright laws. We request that you remove the offending site as expeditiously as possible. Please contact us with any concerns or questions. Thank you for your prompt cooperation in this matter. ********NAME******** On behalf of Full Tilt Poker E) Finding a Back End Server Location 1) Open the suspected hoax site 2) Right click the webpage 3) Select “View” 4) Select “Source” or “View Source” to bring it up in text form. 5) Save a copy of this in [S: FTP_Fraud_DepartmentHOAXScam Website Source Code] with the same name as the web address  Scam-websitedotcom.txt 6) If it is similar to our previous scam websites, it will have a “form” that sends information to another website. It will look similar to this:  <form action="http://00642EF.NETSOLHOST.COM/login.php" method="post"> 7) Follow the steps in “Reporting a New Hoax Site” with the web address located next to form action.  <http://00642EF.NETSOLHOST.COM/login.php> F) Investigating Players Affected by the Hoax Site 1) Create a new folder in [S:FTP_Fraud_DepartmentHOAX2007] named [Hoax Site mm yy]
  4. 4. Tiltproof Incorporated  Investigators save their know100s and all related files in this folder. 2) Start a spreadsheet tracker for all victims of this new hoax site. G) Spreadsheet “Account Security/Limits” Section 1) Confirm that the players account is clean with no foreign logins. 2) Open their account in WAT. a) Select the “Security & Limits” tab. b) Select “No Play”, “No Mixed Games”, “No Chat”, “No Deposit” and “No Transfer” for added security. c) Select “Submit.” 3) Email the player requesting that they reset their password and contact us back immediately. 4) Once the player writes back we can reinstate their account fully, and give them back all privileges to the account. 5) In the spreadsheet, highlight the players account green once they have confirmed that the password has been changed and the playing rights have been given back.6.0 Back End Server = is what the recent (Feb 2006) scammer used to record allDefinitions: of the account particulars. Basically there is the front end website which is where they direct everyone to go (www.500free-fulltiltpoker.com). Once they enter the information, they are redirected to another website that is hosted by a different company that is invisible to the human eye. This is a form of disguise by the scammer to prolong the exposure of the website and it also will protect the information the hoaxer has received for a longer period of time.7.0 July 27/07Revision BCC pmclaughlin@ July 20/07History: New Fraud Team email addresses and folders Edit to email template Added more restrictions to accounts in G) July 5/07 New Yahoo email added to template June 19/07 Send emails from the Operations addy April 24/07 Email supsopsscsrs not management. Email processors when needed. Template altered. April 12/07
  5. 5. Tiltproof Incorporated Template – no office ph# and added “On behalf of” to signature

×