How to cooridinate reports of phishing and scams to an easily accessable and common location
Consider a single thread or category in the blogs for reporting suspected phishing, scams, and clarifying validity of surveys.
I reported a phishing scam I ran into today, and when I searched using related terms, I got a return of many of threads, and I ended up arbitrarily choosing one to report it in - @57 kindly pointed me to a link and CBC story on the phishing website from 2014.
I am suggesting that maybe these can be compiled into one thread, or the blog posts or maybe the new knowledge base (somewhere that we can post and ask questions about validity), and have them in one place rather than all over the place.
This one highlighted how an old phishing and well known scam can disappear then suddenly appear triggered in a new way.
I think I am going to lean towards any surveys that appear to be related to Rogers that I will check here before proceeding, as all the telecoms are common targets for scam email, texts, telemarketing, or pop up surveys. It is one of the challenges in that the telcom industry uses so much surveying of customers, and open advertising of cost and product comparisons and so forth, that they and as a result us are easy targets to this kind of thing.
Interesting thoughts. Speaking of scamming techniques, when scams are posted on or about the forum or company service, the scammers often use social engineering techniques to attack forum staff to ensure their publications are not removed, while posted objections by other forum members are indeed deleted. I noticed one of techniques they use is contacting forum staff in consequent circles.
Each post has "Report Content" link. When a scammer clicks than link and reports alleged abuse (which usually refers to a post with fair objections to the scam, fraud, or other forum rules violations by another forum member), it goes to a forum staff on duty. Once reviewed, no notes are usually left in that post or internal fields accessible to staff only that the post was reviewed, and a certain decision was made, such as to edit, delete, or leave as is, and why. As a result, if the scammer is unsatisfied since their demand was rejected or ignored, they just keep reporting the same post each day aiming to engage different staff until they got a favorable decision. I noticed that social engineering technique being abused quite often, and the scammers usually claim some sort of privilege or exclusivity rights at that.
To prevent such abuse on Rogers portal, and ensure uniformity of decisions made, I suggest to mark each post as "Reviewed by Staff", if the post was reported and then reviewed. Hidden notes can also be left briefly outlining the review results. This will ensure uniformity of such reviews, and prevent multiple repeat reviews by different staff members, canceling each others decisions, often unaware the post was already reviewed by another staff member and actioned. This co-ordination of member reports and staff actions will certainly help stopping social engineering, phishing, and scams attacks.
Re: How to cooridinate reports of phishing and scams to an easily accessable and common location
I want to add more detail suggestions allowing to effectively prevent described above social engineering attacks on forum staff:
- when a particular forum member clicks Report Content and submits the report, this link should remain inactive and no longer accessible for that member to prevent subsequent reports to varying forum staff;
- all PMs submitted by each member, once processed, should be linked to User ID and a particular post or threaddiscussed in that PM by the reviewer in Moderation Database. Next time the member submits another PM to a different staff member about the same issue, it should be linked to the same post and resolved the same way to ensure uniformity with the previous decision.
I think these software solutions would effectively prevent social engineering attacks on forum staff. Anyway, Moderation team should have a linkable Database of all PMs and Reports they receive to ensure proper record and timely uniform fair issue resolution. I wonder what Moderation Tools are at your disposal now, what you guys think about implementing these proposals?