SlideShare a Scribd company logo

Black hawk online games – facebook groups

Download as PPTX, PDF
D
dorisorr
1 of 19
Black Hawk Online Games – Groups Black Hawk Online Games has your back covered when it comes to online gaming -- from all sorts of multi-player online games to offline ones. Our constantly updated Blog features game reviews, console updates and latest installments (and cheats, when we feel extra generous).
http://www.facebook.com/pages/Black-Hawk- Online-Games/344980522231129
Recent Post by Black Hawk Reviews - Online http://www.facebook.com/notes/henrich-fritz/how-hosting-providers- can-battle-fraudulent-sign-ups/233169273476251 How hosting providers can battle fraudulent sign-ups Hosting providers are increasingly asking Spamhaus how they can prevent so-called "fraudulent sign-ups" -- new customers whose only intention is to spam, host malware, host botnet controllers, or engage in other activities that are forbidden by the hosting provider's acceptable use policy (AUP). Such customers normally target cheap VPS and cloud hosting with automated sign-up procedures. These customers know that their accounts will be terminated swiftly when the host becomes aware of their activities, so they usually use stolen credit cards or compromised Paypal accounts to obtain service. This allows them to hide their real identities and avoid spending their own funds.
Spamhaus has received several independent reports from hosting providers that the volume of such fraudulent sign-ups has increased dramatically in the past few months. Some hosting providers report that 50% of all new subscriptions are fraudulent -- every second subscription. No hosting company is immune, neither small local operations nor large multinational hosting firms with data centers on several continents. While Spamhaus' mission is to protect internet users and organizations from spam and other cyber-threats, we lack the resources and time to act as an abuse reporting service (FBL - Feedback Loop) or a consulting company. However, we would like to do what we can to help. This article provides some tips to help hosting providers prevent fraudulent sign-ups and increase the detection rate for such sign-ups. These tips are not a solution, but should help mitigate the damage and administrative costs caused by criminals.
Verify User Information First, create and implement a verification mechanism for automated sign-ups. It should verify at least some personal information from new subscriptions. For example:  Customer email address (by sending an email with a confirmation link) Customer phone number (for a mobile, by sending an SMS with a confirmation code, or for a land line, by making a verification phone call)
If you are unable to verify any of this information, place the account on hold until the customer contacts you and you can verify their identity by other means. If a criminal must provide an email address or telephone number that he answers, he must either risk identifying himself to you or move on to a less vigilant provider. You can also block subscriptions from customers who use phone numbers previously used in a fraudulent sign-up. While it is easy to compromise an email account, it is more difficult to compromise a phone number assigned to another person. Blacklist Abusive Customers Maintain a blacklist of the names, postal addresses, telephone and mobile numbers, and email addresses of customers who have violated your AUP, and check the blacklist for every subscription. Do not allow blacklisted customers or those using the same information to sign up for service with you again.
Include some or all of the following types of information on the blacklist:  First name  Last name  Postal address  Phone number  Mobile number  Email address  PayPal, Webmoney, etc. payment service data  IP address used to sign up  Browser (User-Agent) Blacklisted customers often try to sign up for service again under a new name and postal address, but frequently do not change the email address and often attempt to sign up from the same IP address. By using a blacklist, you can detect such sign-ups.
Have a strong Acceptable Use Policy (AUP) or Terms of Service (ToS) A key point in fighting abuse and fraudulent customers on your network is to implement a strong Acceptable Use Policy, also known as Terms of Service. If you are in the hosting business, it is vital to have an AUP. Without one, you leave yourself open to legal threats when you terminate services to abusive customers or refuse to allow a previously terminated customer to sign up again. Spammers specifically seek out hosts with weak AUPs, or hosts who are known to be lax on spam/security issues. Lack of an effective AUP permits them to abuse your network and then threaten to sue when you terminate their service.
Several hosts have excellent AUPs which, among other measures, allow the ISP to terminate a customer account upon receiving an SBL notification from Spamhaus. In addition, hosts that state clearly on their corporate web sites that they will fully cooperate with law enforcement and private anti-spam and security companies such as Spamhaus when their AUP is violated, discourage abusers from signing up in the first place. To help hosts revise or implement their AUPs, Spamhaus has set up a small tool: AUP Document Builder You can use this tool to create or revise an AUP for your company.
Active Netflow / Traffic Monitoring We have seen some cases where it is nearly impossible to determine that a customer is fraudulent when they sign up. In such cases, you may be able to detect the abuse after they sign up but before you get feedback reports from third parties such as Spamcop, Spamhaus or other security firms. You do this by actively monitoring network traffic for patterns that do not normally occur with legitimate use, but often occur when a user is spamming, hosting malware, or running a botnet from your network. For example, spammers and malware hosts frequently use a VPN to forward traffic from their permanent, back-end locations on your server to botnet or snowshoe spam cannons or web proxies on a compromised server.
They use stolen personal data obtained from an infected computer, or even the computer itself, to sign up. As soon as Spamhaus detects and reports abuse, the host terminates the account, but the spammer just signs up again using a different (stolen) identity. Often there is one constant amidst the changed identities: the VPN end node (back-end)! A host that monitors network traffic for connections to known blackhat VPN nodes can detect abusers quickly and prevent them from profiting from their abuse. Customer IP address verification When a new customer signs-up, you should check the IP address that they use against a number of blocklists, and either not accept or not activate any subscription that originates from an IP address that is listed on the Spamhaus SBL or XBL.
Spamhaus SBL: http://www.spamhaus.org/sbl/ Spamhaus XBL: http://www.spamhaus.org/xbl/ In addition, do not accept any subscriptions from Tor nodes. There are several Tor-DNSBL services that you can query before accepting a subscription. The benefit of these DNSBL checks (SBL/XBL/Tor) is that they are fast and can be done automatically.
Use Spamhaus DROP/EDROP to filter bad traffic A significant number of malware hosting sites and botnet control sites are in fact proxy nodes, forwarding traffic to a back-end server. These back-end servers are often hosted on rogue networks that are already listed on one of the Spamhaus Don't Route Or Peer Lists (DROP/EDROP). You can prevent these criminals from abusing your network by implementing DROP and EDROP on your network routers, and then denying all traffic from or to those listed IP addresses. The text-version of these lists is available free- of-charge. Spamhaus also offers a BGP feed (BGPf) for an annual fee.
Spamhaus DROP list: http://www.spamhaus.org/drop/drop.txt Spamhaus EDROP list: http://www.spamhaus.org/drop/edrop.txt Spamhaus DROP/EDROP listing policy: http://www.spamhaus.org/drop Spamhaus BGP feed (BGPf): http://www.spamhaus.org/bgpf
Geo-specific customer handling Frequently, small or medium sized hosting providers accept business from foreign customers without any limitation. Such providers are likely to be overwhelmed with fraudulent sign-ups, especially when they open for business or add a new VPS or cloud service. Criminals want to test how good or bad your abuse handling is. So -- before you start accepting business from foreign customers -- please be sure that you have sufficient abuse expertise and resources to deal with the increase in fraudulent sign-ups. If you deal with the initial spate of sign-ups quickly and effectively, before long the criminals will give up on you and move to a less prepared and knowledgeable service provider.
While many companies offer hosting with monthly billing, you might want to require foreign customers, especially customers from countries with high rates of online fraud and abuse, to sign up and pay for at least 6-months of service. If you also require a payment method that is not easily reversible for the first payment (such as wired funds or a cleared check), cybercriminals will usually avoid you. They do not want to pay for six months of service when they know that you will terminate their accounts as soon as you realize what they are doing. In extreme cases, you might also demand a scanned copy of a customer's passport. Several ISPs are requiring that for a few countries that have extremely high rates of fraud and abuse. However, be aware that some cybercriminals actually use stolen and forged documents to circumvent such security checks.
Abuse Desk Response Time While one part of a hosts responsibility is to keep cybercriminals away, the second part is to react quickly to abuse that gets past preventive measures. An understaffed and overwhelmed abuse desk will make your service attractive to cybercriminals. Hosts should null-route a customer's IP address upon a credible report of spam, malware hosting, or botnet activity until they can contact the customer and find out what happened. In cases of fraudulent sign-up, the customer usually will not respond to emails or return phone calls. If you make sure that your AUP or ToS allows you to suspend a user's access and null-route traffic upon credible reports of abuse, you will not risk legal action because you shut down an abuser. Simply state in your AUP/ToS that you reserve the right to null route the customer's IP address if you get credible abuse reports (e.g. botnet hosting, spammer sites, malware DNS etc).
Outsourcing fraud checks Some hosts do not have the time or resources to implement anti-fraud checks into their systems. There are companies that offer services that are specifically aimed towards these hosts. Spamhaus cannot endorse a specific service, but we strongly recommend using these if you're overwhelmed by criminals seeking hosting on your network.
Conclusion While it takes effort to keep cybercriminals away from your network, it takes even more effort to deal with the effects when you ignore abuse and abusers then flock to your network. It requires considerably more resources (human and financial) to stop abuse on a network after having ignored abuse issues. It will also cost more, partly because the "business" that abusers bring to your network is short-lived and they usually pay by using stolen credit cards or other fraudulent means, and partly because cleaning up a poor reputation takes time during which legitimate paying customers may avoid your network. To avoid this situation, you must find a good balance between abuse prevention and abuse handling.

Recommended

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Know your Fraudster: Preparing for the Post EMV Card-Not-Present Fraud
Know your Fraudster: Preparing for the Post EMV Card-Not-Present FraudKnow your Fraudster: Preparing for the Post EMV Card-Not-Present Fraud
Know your Fraudster: Preparing for the Post EMV Card-Not-Present FraudNoam Inbar
 
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...CDGcommerce
 
Lloyds Bank fraud guidance
Lloyds Bank fraud guidanceLloyds Bank fraud guidance
Lloyds Bank fraud guidanceDavid Atkinson
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Writing articles
Writing articlesWriting articles
Writing articlesMoMoRelaxing
 
CAN-SPAM for B2B-Marketers the-Opt-In-Misunderstanding
CAN-SPAM for B2B-Marketers the-Opt-In-MisunderstandingCAN-SPAM for B2B-Marketers the-Opt-In-Misunderstanding
CAN-SPAM for B2B-Marketers the-Opt-In-Misunderstandingthomasgarcia
 
FraudNet PowerPoint
FraudNet PowerPointFraudNet PowerPoint
FraudNet PowerPointcuanswers
 

Recommended

Deconstructing A Phishing Scheme
Deconstructing A Phishing SchemeDeconstructing A Phishing Scheme
Deconstructing A Phishing SchemeChristopher Duffy
 
Know your Fraudster: Preparing for the Post EMV Card-Not-Present Fraud
Know your Fraudster: Preparing for the Post EMV Card-Not-Present FraudKnow your Fraudster: Preparing for the Post EMV Card-Not-Present Fraud
Know your Fraudster: Preparing for the Post EMV Card-Not-Present FraudNoam Inbar
 
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...
Merchant Account Tips: Proven Methods for Reducing Online Credit Card Fraud &...CDGcommerce
 
Lloyds Bank fraud guidance
Lloyds Bank fraud guidanceLloyds Bank fraud guidance
Lloyds Bank fraud guidanceDavid Atkinson
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Writing articles
Writing articlesWriting articles
Writing articlesMoMoRelaxing
 
CAN-SPAM for B2B-Marketers the-Opt-In-Misunderstanding
CAN-SPAM for B2B-Marketers the-Opt-In-MisunderstandingCAN-SPAM for B2B-Marketers the-Opt-In-Misunderstanding
CAN-SPAM for B2B-Marketers the-Opt-In-Misunderstandingthomasgarcia
 
FraudNet PowerPoint
FraudNet PowerPointFraudNet PowerPoint
FraudNet PowerPointcuanswers
 
Internet scams
Internet scamsInternet scams
Internet scamsSurashree Sahasrabudhe
 
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...Mahmoud Elmekawy
 
Is this a scam.pdf
Is this a scam.pdfIs this a scam.pdf
Is this a scam.pdfAvaAmelia
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Irm 13-phishing
Irm 13-phishingIrm 13-phishing
Irm 13-phishingKasper de Waard
 
Fraud Prevention Guide
Fraud Prevention GuideFraud Prevention Guide
Fraud Prevention Guidecatherinecattles
 
Reduce your aml compliance workload
Reduce your aml compliance workloadReduce your aml compliance workload
Reduce your aml compliance workloadAlessa
 
Threats to data
Threats to dataThreats to data
Threats to data07holmeslia
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
Lm terms and conditions
Lm terms and conditionsLm terms and conditions
Lm terms and conditionsLIVEMNC COM
 
BBB Market Monitor: October 2020
BBB Market Monitor: October 2020BBB Market Monitor: October 2020
BBB Market Monitor: October 2020Better Business Bureau Serving Greater Cleveland
 
Active Insight Overview
Active Insight OverviewActive Insight Overview
Active Insight OverviewMike Telem
 
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 ConferenceAuthorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 ConferenceMoney 2Conf
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breachOregon Law Practice Management
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxprashanth73488
 
Cyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalCyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalSiphiwe Msibi
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Chargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for MerchantsChargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for MerchantsChargeback
 

More Related Content

Similar to Black hawk online games – facebook groups

3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...Mahmoud Elmekawy
 
Is this a scam.pdf
Is this a scam.pdfIs this a scam.pdf
Is this a scam.pdfAvaAmelia
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Reduce your aml compliance workload
Reduce your aml compliance workloadReduce your aml compliance workload
Reduce your aml compliance workloadAlessa
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfBhekumuzi Xaba
 
Lm terms and conditions
Lm terms and conditionsLm terms and conditions
Lm terms and conditionsLIVEMNC COM
 
Active Insight Overview
Active Insight OverviewActive Insight Overview
Active Insight OverviewMike Telem
 
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 ConferenceAuthorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 ConferenceMoney 2Conf
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxprashanth73488
 
Cyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalCyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalSiphiwe Msibi
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentationmbachnak
 
Chargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for MerchantsChargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for MerchantsChargeback
 

Similar to Black hawk online games – facebook groups (20)

Internet scams
Internet scamsInternet scams
Internet scams
 
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
 
Is this a scam.pdf
Is this a scam.pdfIs this a scam.pdf
Is this a scam.pdf
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Irm 13-phishing
Irm 13-phishingIrm 13-phishing
Irm 13-phishing
 
Fraud Prevention Guide
Fraud Prevention GuideFraud Prevention Guide
Fraud Prevention Guide
 
Reduce your aml compliance workload
Reduce your aml compliance workloadReduce your aml compliance workload
Reduce your aml compliance workload
 
Threats to data
Threats to dataThreats to data
Threats to data
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdfHow to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
How to Safeguard Your Business from Payment Fraud _ Regions Bank.pdf
 
Lm terms and conditions
Lm terms and conditionsLm terms and conditions
Lm terms and conditions
 
BBB Market Monitor: October 2020
BBB Market Monitor: October 2020BBB Market Monitor: October 2020
BBB Market Monitor: October 2020
 
Active Insight Overview
Active Insight OverviewActive Insight Overview
Active Insight Overview
 
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 ConferenceAuthorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
Authorized Push Payment Fraud & Scams | Money2Conf | Money 2.0 Conference
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
Cyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalCyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_Final
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
Chargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for MerchantsChargeback Mangement Solutions for Merchants
Chargeback Mangement Solutions for Merchants
 

Black hawk online games – facebook groups

  • 1. Black Hawk Online Games – Groups Black Hawk Online Games has your back covered when it comes to online gaming -- from all sorts of multi-player online games to offline ones. Our constantly updated Blog features game reviews, console updates and latest installments (and cheats, when we feel extra generous).
  • 3. Recent Post by Black Hawk Reviews - Online http://www.facebook.com/notes/henrich-fritz/how-hosting-providers- can-battle-fraudulent-sign-ups/233169273476251 How hosting providers can battle fraudulent sign-ups Hosting providers are increasingly asking Spamhaus how they can prevent so-called "fraudulent sign-ups" -- new customers whose only intention is to spam, host malware, host botnet controllers, or engage in other activities that are forbidden by the hosting provider's acceptable use policy (AUP). Such customers normally target cheap VPS and cloud hosting with automated sign-up procedures. These customers know that their accounts will be terminated swiftly when the host becomes aware of their activities, so they usually use stolen credit cards or compromised Paypal accounts to obtain service. This allows them to hide their real identities and avoid spending their own funds.
  • 4. Spamhaus has received several independent reports from hosting providers that the volume of such fraudulent sign-ups has increased dramatically in the past few months. Some hosting providers report that 50% of all new subscriptions are fraudulent -- every second subscription. No hosting company is immune, neither small local operations nor large multinational hosting firms with data centers on several continents. While Spamhaus' mission is to protect internet users and organizations from spam and other cyber-threats, we lack the resources and time to act as an abuse reporting service (FBL - Feedback Loop) or a consulting company. However, we would like to do what we can to help. This article provides some tips to help hosting providers prevent fraudulent sign-ups and increase the detection rate for such sign-ups. These tips are not a solution, but should help mitigate the damage and administrative costs caused by criminals.
  • 5. Verify User Information First, create and implement a verification mechanism for automated sign-ups. It should verify at least some personal information from new subscriptions. For example:  Customer email address (by sending an email with a confirmation link) Customer phone number (for a mobile, by sending an SMS with a confirmation code, or for a land line, by making a verification phone call)
  • 6. If you are unable to verify any of this information, place the account on hold until the customer contacts you and you can verify their identity by other means. If a criminal must provide an email address or telephone number that he answers, he must either risk identifying himself to you or move on to a less vigilant provider. You can also block subscriptions from customers who use phone numbers previously used in a fraudulent sign-up. While it is easy to compromise an email account, it is more difficult to compromise a phone number assigned to another person. Blacklist Abusive Customers Maintain a blacklist of the names, postal addresses, telephone and mobile numbers, and email addresses of customers who have violated your AUP, and check the blacklist for every subscription. Do not allow blacklisted customers or those using the same information to sign up for service with you again.
  • 7. Include some or all of the following types of information on the blacklist:  First name  Last name  Postal address  Phone number  Mobile number  Email address  PayPal, Webmoney, etc. payment service data  IP address used to sign up  Browser (User-Agent) Blacklisted customers often try to sign up for service again under a new name and postal address, but frequently do not change the email address and often attempt to sign up from the same IP address. By using a blacklist, you can detect such sign-ups.
  • 8. Have a strong Acceptable Use Policy (AUP) or Terms of Service (ToS) A key point in fighting abuse and fraudulent customers on your network is to implement a strong Acceptable Use Policy, also known as Terms of Service. If you are in the hosting business, it is vital to have an AUP. Without one, you leave yourself open to legal threats when you terminate services to abusive customers or refuse to allow a previously terminated customer to sign up again. Spammers specifically seek out hosts with weak AUPs, or hosts who are known to be lax on spam/security issues. Lack of an effective AUP permits them to abuse your network and then threaten to sue when you terminate their service.
  • 9. Several hosts have excellent AUPs which, among other measures, allow the ISP to terminate a customer account upon receiving an SBL notification from Spamhaus. In addition, hosts that state clearly on their corporate web sites that they will fully cooperate with law enforcement and private anti-spam and security companies such as Spamhaus when their AUP is violated, discourage abusers from signing up in the first place. To help hosts revise or implement their AUPs, Spamhaus has set up a small tool: AUP Document Builder You can use this tool to create or revise an AUP for your company.
  • 10. Active Netflow / Traffic Monitoring We have seen some cases where it is nearly impossible to determine that a customer is fraudulent when they sign up. In such cases, you may be able to detect the abuse after they sign up but before you get feedback reports from third parties such as Spamcop, Spamhaus or other security firms. You do this by actively monitoring network traffic for patterns that do not normally occur with legitimate use, but often occur when a user is spamming, hosting malware, or running a botnet from your network. For example, spammers and malware hosts frequently use a VPN to forward traffic from their permanent, back-end locations on your server to botnet or snowshoe spam cannons or web proxies on a compromised server.
  • 11. They use stolen personal data obtained from an infected computer, or even the computer itself, to sign up. As soon as Spamhaus detects and reports abuse, the host terminates the account, but the spammer just signs up again using a different (stolen) identity. Often there is one constant amidst the changed identities: the VPN end node (back-end)! A host that monitors network traffic for connections to known blackhat VPN nodes can detect abusers quickly and prevent them from profiting from their abuse. Customer IP address verification When a new customer signs-up, you should check the IP address that they use against a number of blocklists, and either not accept or not activate any subscription that originates from an IP address that is listed on the Spamhaus SBL or XBL.
  • 12. Spamhaus SBL: http://www.spamhaus.org/sbl/ Spamhaus XBL: http://www.spamhaus.org/xbl/ In addition, do not accept any subscriptions from Tor nodes. There are several Tor-DNSBL services that you can query before accepting a subscription. The benefit of these DNSBL checks (SBL/XBL/Tor) is that they are fast and can be done automatically.
  • 13. Use Spamhaus DROP/EDROP to filter bad traffic A significant number of malware hosting sites and botnet control sites are in fact proxy nodes, forwarding traffic to a back-end server. These back-end servers are often hosted on rogue networks that are already listed on one of the Spamhaus Don't Route Or Peer Lists (DROP/EDROP). You can prevent these criminals from abusing your network by implementing DROP and EDROP on your network routers, and then denying all traffic from or to those listed IP addresses. The text-version of these lists is available free- of-charge. Spamhaus also offers a BGP feed (BGPf) for an annual fee.
  • 14. Spamhaus DROP list: http://www.spamhaus.org/drop/drop.txt Spamhaus EDROP list: http://www.spamhaus.org/drop/edrop.txt Spamhaus DROP/EDROP listing policy: http://www.spamhaus.org/drop Spamhaus BGP feed (BGPf): http://www.spamhaus.org/bgpf
  • 15. Geo-specific customer handling Frequently, small or medium sized hosting providers accept business from foreign customers without any limitation. Such providers are likely to be overwhelmed with fraudulent sign-ups, especially when they open for business or add a new VPS or cloud service. Criminals want to test how good or bad your abuse handling is. So -- before you start accepting business from foreign customers -- please be sure that you have sufficient abuse expertise and resources to deal with the increase in fraudulent sign-ups. If you deal with the initial spate of sign-ups quickly and effectively, before long the criminals will give up on you and move to a less prepared and knowledgeable service provider.
  • 16. While many companies offer hosting with monthly billing, you might want to require foreign customers, especially customers from countries with high rates of online fraud and abuse, to sign up and pay for at least 6-months of service. If you also require a payment method that is not easily reversible for the first payment (such as wired funds or a cleared check), cybercriminals will usually avoid you. They do not want to pay for six months of service when they know that you will terminate their accounts as soon as you realize what they are doing. In extreme cases, you might also demand a scanned copy of a customer's passport. Several ISPs are requiring that for a few countries that have extremely high rates of fraud and abuse. However, be aware that some cybercriminals actually use stolen and forged documents to circumvent such security checks.
  • 17. Abuse Desk Response Time While one part of a hosts responsibility is to keep cybercriminals away, the second part is to react quickly to abuse that gets past preventive measures. An understaffed and overwhelmed abuse desk will make your service attractive to cybercriminals. Hosts should null-route a customer's IP address upon a credible report of spam, malware hosting, or botnet activity until they can contact the customer and find out what happened. In cases of fraudulent sign-up, the customer usually will not respond to emails or return phone calls. If you make sure that your AUP or ToS allows you to suspend a user's access and null-route traffic upon credible reports of abuse, you will not risk legal action because you shut down an abuser. Simply state in your AUP/ToS that you reserve the right to null route the customer's IP address if you get credible abuse reports (e.g. botnet hosting, spammer sites, malware DNS etc).
  • 18. Outsourcing fraud checks Some hosts do not have the time or resources to implement anti-fraud checks into their systems. There are companies that offer services that are specifically aimed towards these hosts. Spamhaus cannot endorse a specific service, but we strongly recommend using these if you're overwhelmed by criminals seeking hosting on your network.
  • 19. Conclusion While it takes effort to keep cybercriminals away from your network, it takes even more effort to deal with the effects when you ignore abuse and abusers then flock to your network. It requires considerably more resources (human and financial) to stop abuse on a network after having ignored abuse issues. It will also cost more, partly because the "business" that abusers bring to your network is short-lived and they usually pay by using stolen credit cards or other fraudulent means, and partly because cleaning up a poor reputation takes time during which legitimate paying customers may avoid your network. To avoid this situation, you must find a good balance between abuse prevention and abuse handling.