You are on page 1of 25

ABC of Hoax Site Investigation

What is a Hoax/Phishing Site?

A site designed to steal passwords / numbers / sensitive information. Disguised as a trustworthy entity so people fall for the scam

Hoax site history at Full Tilt

First hoax site appeared back in November 2005. A lot of money stolen in March 06. A lot of money stolen in Sept 06, however we were able to recover 90% Seeing a new hoax site every few days Majority of hoax sites appear to be from the same group. Very professional. Very few other phishing scams appear.

Our Job

Respond to all hoax/phishing related questions. Investigate accounts to see if they have been compromised. Forward any accounts that have had funds stolen to Fraud Queue in Kana

New Procedures

Handbook entry: Answer emails in Hoax Related queue Determine if player is informant or victim Place restrictions on account Respond to player addressing concerns and educate them

file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related%20 Emails.html

Email review Victim or Informant?


Case #1
----- Original Message ----- From: TOM LOUIE To: support@sign-fulltiltpokercom Sent: Monday, February 26, 2007 5:22 PM Subject: $50000 giveaway hi, this is jenl88 again. at 2-14-2007 about 4am I was informed that two players visit try fulltiltpoker.com will get the $50000 giveaway. so I did it gave you all the informations ss # credit card # and all the informations. it said the funds will deposit to my credit card account. now I haven't get it yet. it said if I don't get it yet I should e-mail to you after 5 business days. please let me know what happen. thank you!!

Case #1 - Victim

Apply Restrictions Review Know100 Respond to player.

In this case we would add the web address to report Social Security Number fraud. (http://www.ssa.gov/oig/hotline/index .htm)

Email review Victim or Informant?


Case #2
To: support@fulltiltpokercom Sent: 03/03/07 8:14 PM Subject: Received this chat during tournament play ACEPUTZ (Observer): ======================================= =System: FullTilt Poker giveaway $50,000. The first two players from this table who visit the website www.win50k-fulltiltpoker.com they will win $25,000. Hurry tilters!!! Admin : Chris Ferguson

Case #2 - Informant

Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker

Email review Victim or Informant?


Case #3
To: security@fulltiltpokercom Sent: 03/03/07 8:17 PM Subject: scam My name is Joseph Welcome..My Full tilt nicname is anvil1765 my listed email address is anvil1765@yahoo.com. I was playing $10+1 11pm tourney game# 13906402 at table #33 when an observe names ACEPUTZ did the $50,000 give away scam....Just letting u know

Case #3 - Informant
Send template XXX.XXX We thank these players for letting us know. Tell them how much we value players like themselves here at Full Tilt Poker

Email review Victim or Informant?


Case #4
To: security@fulltiltpokercom Sent: 03/03/07 8:28 PM Subject: scam I received this message while playing poker at your site. In a moment of stupidity I logged on to the site it looked like the full tilt site so I gave them my login and e-mail but did not give them my password on the next page it asked for net teller or credit card info and then I realized that I was making a mistake. Do I need to change my login?

Case #4 Victim

Player informed us that they didnt give password We do not need to place restrictions on account. Respond to player requesting they change their password just to be safe.

Email review Victim or Informant?


Case #5
To: security@fulltiltpokercom Sent: 03/03/07 8:28 PM Subject: Very URGENT!! Please help I went to the website, and it was full-tilt poker website, it told me that I am the second visitor and asked me for my Id and e-mail address. I filled it out and clicked next, and then it asks me for my epassporte ID and password. This is where I am right now. I want to know if this offer is legit. Please reply ASAP.

Case #5 Victim

Player entered PlayerID and email, and was waiting for us to respond Assume player was impatient and entered details. Follow standard victim procedures

Email review Victim or Informant?


Case #6
To: security@fulltiltpokercom Sent: 03/03/07 8:28 PM Subject: possible scam

This was posted in the message part of the table during tournament 13449279. I went to the site and they said congrats etc, fill out name, password, and e-mail address. I did and then it said you could not put the money in my Full tilt account and offered options like paypal. That is when I quit the process.
I changed my password to my account. My screename is 2007orBust and my e-mail address is overnightllc@aol.com. Please let me know i this was a fraud and if I need to do anything further.

Case #6 Victim

Player entered PlayerID and email. However they had informed us that they had changed their password. Therefore account is secure. No need to place restrictions or reset password. Confirm for player that this was a hoax site, and thank them for changing password.

Reading Know100

Run a Know100 with a big threshold like 9999999 We are looking for a foreign login over the past few days.
Clean logins

Foreign Logins

Evidence of chip dumping

Restricting Account
1.
2.

Select the Security & Limits tab in WAT Check No Play, No Mix, No Deposit, No Transfer, No Chat and hit Submit and Accept.

Reset Password

On Player Summary page, select Reset Password. Enter Hoax Site Victim Resetting Password

Notate account

In WAT, notate account with: HOAX: Victim of hoax site. No foreign logins found. Reset password and placed restrictions on account. Once player emails in confirming they have changed their password, please remove restrictions.

Note: Please ensure player doesnt have any current chat related bans.

Sending Email

We will be using templates, however it should be customized just like every other email If they mention a payment processor, provide their contact details. If they say a credit card, then get them to contact their bank Sympathize with the player Educate with links to our identity protection page.

Account used to spam hoax site


1.

2.

3. 4. 5.

Boot player from system. Notate account with: Hoax Site victim Used to spam hoax site Restrict account. Send player an email. Follow handbook to have website removed Note: Do not TRAP account. This will only cause headaches for us.

Evidence of stolen funds

Pause account IR the player explaining their account has been compromised and we are investigating. Route the follow-up to the fraud queue

You might also like