Fraud control

GW2

Active member
We have an user on our forum who has successfully defrauded another user of a substantial sum of money. He is more accurately described as a SCAMMER rather than a SPAMMER. He operates using several email addresses and two or three different (probably all fake) names to receive money via PayPal, Zelle, and Venmo.

I can use spam cleaner; but if I understand correctly, that only provides one email address to the StopForumSpam database. Is there some way I can provide additional email addresses, names, and IP information to the StopForumSpam database (outside of Xenforo)? I think doing so would be helpful to others.
 
Last edited:

Brogan

XenForo moderator
Staff member
You can sign up to SFS and submit reports directly.

However, ensure you are complying with their terms with regards to reporting spam.
 
  • Like
Reactions: GW2

GW2

Active member
You can sign up to SFS and submit reports directly.

However, ensure you are complying with their terms with regards to reporting spam.
Thanks, Brogan. I will need to read the SFS definition of spam. This is probably better characterized as fraud rather than spam.
 

Blackbeard

Well-known member
I would leverage Cloudflare, and block certain countries from able to login/register.
Use Xon's addon to block some VPN's.

Require each new member to be approved, and watch 5 or so posts and look at the IP's of each post.
If the IP's are all over the place, you can ask the user what the deal is as well.

I've also been looking at the DragonByte Security addon, to help identify people even further.
 

texkev

Member
Was your account used by the spammer as a normal account at some point then a spammer hacked it? This has happened to us, 4 times in 2 weeks on 2 forums. Basically, they gain access to an account, change the email and password. then post a sales ad. 3 of the 4 accounts were of users that had not been on the site, 1 user was active and warned us. I also know this is happening to some other forums, some folks I know, the same issue. The scammer gets into an account already registered on the site and takes over

Today it cost a few people a little money because the spammer also had an admin password from a mod. So folks had flagged it as a possible scam, and he posted as our admin saying he verified it was ok.

I am watching user logs right now, this will show if anyone changes an email and password. The emails look scammy and are easy to catch as are the IPs. I am going to look into the Dragonbyte software mentioned above.

Does anyone know if there is a way to throw someone back into moderation waiting so that we can approve any email or password changes?
 
Last edited:

GW2

Active member
Was your account used by the spammer as a normal account at some point then a spammer hacked it?
No, rather this was a financial transaction between two users of our forum....all done through their private XF conversation.

I would not describe this situation as SPAM. It is fraud. I want to do what I can to prevent this user from continuing to fraud others. There is probably nothing I can do to help our user (victim) who was frauded; however I hope to prevent the scammer from continuing his operation on our forum or elsewhere.
 

GW2

Active member
I would leverage Cloudflare, and block certain countries from able to login/register.
Use Xon's addon to block some VPN's.

Require each new member to be approved, and watch 5 or so posts and look at the IP's of each post.
If the IP's are all over the place, you can ask the user what the deal is as well.

I've also been looking at the DragonByte Security addon, to help identify people even further.
We are using the Geolite database to block certain countries. This scammer registered from a U.S. location, but is obviously using a VPN since he has used 20+ IPs over the past 10 days that are traceable to Bangladesh, Nigeria, and several states in the U.S. I will definitely look into Xon's add-on.

Interestingly, today I went to the Stop Forum Spam website to report this guy and found that he is already in the SFS database!!...same username and email address he used to register for our forum, but a different IP address. So it appears that SFS only looks at the IP address and not the username, otherwise he would have been blocked from registering on our forum...or am I missing something?
 

Mr Lucky

Well-known member
So it appears that SFS only looks at the IP address and not the username, otherwise he would have been blocked from registering on our forum...or am I missing something?
The forum SFS settings can look at the username as well as IP and email so it depends whether you have it configured for that. Some people don't as there are so many false positives for common names such as Jack or Kim.
 
Last edited:

GW2

Active member
Thanks. I think our SFS " warning flag" settings were set too high and the Count flag" days set too low which probably explains why the scammer was not detected.
 
Top