2. What is a Hoax/Phishing Site?
A site designed to steal passwords /
numbers / sensitive information.
Disguised as a trustworthy entity so
people fall for the scam
3. Hoax site history at Full Tilt
First hoax site appeared back in November
2005.
A lot of money stolen in March 06.
A lot of money stolen in Sept 06, however
we were able to recover 90%
Seeing a new hoax site every few days
Majority of hoax sites appear to be from
the same group. Very professional.
Very few other phishing scams appear.
4. Our Job
Respond to all hoax/phishing related
questions.
Investigate accounts to see if they
have been compromised.
Forward any accounts that have had
funds stolen to Fraud Queue in Kana
5. New Procedures
Handbook entry:
file://///tpfs1nw/workflow$/HANDBOOK/HANDBOOK/Initial%20Response%20for%20Hoax%20Related
%20Emails.html
Answer emails in Hoax Related queue
Determine if player is informant or
victim
Place restrictions on account
Respond to player addressing
concerns and educate them
6. Email review – Victim or Informant?
Case #1
----- Original Message ----- From: TOM LOUIE
To: support@sign-fulltiltpokercom
Sent: Monday, February 26, 2007 5:22 PM
Subject: $50000 giveaway
hi, this is jenl88 again. at 2-14-2007 about 4am I was informed that
two players visit try fulltiltpoker.com will get the $50000 giveaway.
so I did it gave you all the informations ss # credit card # and all
the informations. it said the funds will deposit to my credit card
account. now I haven't get it yet. it said if I don't get it yet I should
e-mail to you after 5 business days. please let me know what
happen. thank you!!
7. Case #1 - Victim
Apply Restrictions
Review Know100
Respond to player.
In this case we would add the web
address to report Social Security
Number fraud.
(http://www.ssa.gov/oig/hotline/index
.htm)
8. Email review – Victim or Informant?
Case #2
To: support@fulltiltpokercom
Sent: 03/03/07 8:14 PM
Subject: Received this chat during tournament play…
ACEPUTZ (Observer):
=======================================
=System: FullTilt Poker giveaway $50,000. The first
two players from this table who visit the website
www.win50k-fulltiltpoker.com they will win $25,000.
Hurry tilters!!! Admin : Chris Ferguson
9. Case #2 - Informant
Send template XXX.XXX
We thank these players for letting us
know. Tell them how much we value
players like themselves here at Full
Tilt Poker
10. Email review – Victim or Informant?
Case #3
To: security@fulltiltpokercom
Sent: 03/03/07 8:17 PM
Subject: scam
My name is Joseph Welcome..My Full tilt nicname is anvil1765 my
listed email address is anvil1765@yahoo.com. I was playing $10+1
11pm tourney game# 13906402 at table #33 when an observe
names ACEPUTZ did the $50,000 give away scam....Just letting u
know
11. Case #3 - Informant
Send template XXX.XXX
We thank these players for letting us
know.
Tell them how much we value players
like themselves here at Full Tilt Poker
12. Email review – Victim or Informant?
Case #4
To: security@fulltiltpokercom
Sent: 03/03/07 8:28 PM
Subject: scam
I received this message while playing poker at your site. In
a moment of stupidity I logged on to the site it looked like
the full tilt site so I gave them my login and e-mail but did
not give them my password on the next page it asked for net
teller or credit card info and then I realized that I was
making a mistake. Do I need to change my login?
13. Case #4 – Victim
Player informed us that they didn’t
give password
We do not need to place restrictions
on account.
Respond to player requesting they
change their password just to be
safe.
14. Email review – Victim or Informant?
Case #5
To: security@fulltiltpokercom
Sent: 03/03/07 8:28 PM
Subject: Very URGENT!! Please help
I went to the website, and it was full-tilt poker website, it
told me that I am the second visitor and asked me for my Id
and e-mail address. I filled it out and clicked next, and then it
asks me for my epassporte ID and password. This is where I
am right now. I want to know if this offer is legit.
Please reply ASAP.
15. Case #5 – Victim
Player entered PlayerID and email,
and was waiting for us to respond
Assume player was impatient and
entered details.
Follow standard victim procedures
16. Email review – Victim or Informant?
Case #6
To: security@fulltiltpokercom
Sent: 03/03/07 8:28 PM
Subject: possible scam
This was posted in the message part of the table during tournament
13449279. I went to the site and they said congrats etc, fill out
name, password, and e-mail address. I did and then it said you
could not put the money in my Full tilt account and offered options
like paypal. That is when I quit the process.
I changed my password to my account. My screename is 2007orBust
and my e-mail address is overnightllc@aol.com.
Please let me know i this was a fraud and if I need to do anything
further.
17. Case #6 – Victim
Player entered PlayerID and email.
However they had informed us that
they had changed their password.
Therefore account is secure.
No need to place restrictions or reset
password.
Confirm for player that this was a
hoax site, and thank them for
changing password.
18. Reading Know100
Run a Know100 with a big threshold like 9999999
We are looking for a foreign login over the past
few days.
Clean logins
Foreign Logins
20. Restricting Account
1. Select the ‘Security & Limits’ tab in
WAT
2. Check ‘No Play’, ‘No Mix, ‘No Deposit’,
‘No Transfer’, ‘No Chat’ and hit
Submit and Accept.
1 2
21. Reset Password
On Player Summary page, select
Reset Password. Enter ‘Hoax Site
Victim – Resetting Password’
22. Notate account
In WAT, notate account with:
“HOAX: Victim of hoax site. No foreign
logins found. Reset password and placed
restrictions on account. Once player
emails in confirming they have changed
their password, please remove
restrictions.”
Note: Please ensure player doesn’t have any
current chat related bans.
23. Sending Email
We will be using templates, however it
should be customized just like every other
email
If they mention a payment processor,
provide their contact details.
If they say a credit card, then get them to
contact their bank
Sympathize with the player
Educate with links to our identity
protection page.
24. Account used to spam hoax site
1. Boot player from system.
2. Notate account with:
“Hoax Site victim – Used to spam hoax
site”
3. Restrict account.
4. Send player an email.
5. Follow handbook to have website removed
Note: Do not TRAP account. This will only
cause headaches for us.
25. Evidence of stolen funds
Pause account
IR the player explaining their
account has been compromised and
we are investigating.
Route the follow-up to the fraud
queue