What kind of scamming have you encountered on Bone Fish’s affiliate sites?
About 90% of the scamming on Bone Fish’s sites has come from Russian and African scammers. Russian scammers are primarily looking for people to send money to Russian women or to entice members to send airfares and give gifts, etc.
African scammers are slightly different in that they send out emails relating tales of woe and stating that they have a great deal of money sitting in a bank account in Uganda and are looking for assistance to transfer it into an overseas bank account for a percentage of the sum (or similar).
Bone Fish has tried to combat this matter by bringing on-board a full time risk manager whose sole purpose is to deal with the scamming issue. I would say that at the moment, it is probably our number one priority as it affects our reputation with banks, members and affiliates, who are obviously being hit by the chargebacks on a weekly basis.
Do you ever encounter any types of scamming through the affiliates? Do you ever have any scammers sign up as affiliates?
About three years ago, we had someone from India register as an affiliate. However, upon seeing the affiliate’s average sales rocket about twice as high as our own, we realized that something was wrong. Their conversion rate was about 40-50% instead of 10-15%. Fortunately, we caught them at an early stage and cancelled their account. That's the only scammer I know of who actually signed up as an affiliate.
At the end of the day we try to cut scammers out before they become affiliates. As a result, we don't allow – and we heavily screen – new affiliates from certain countries. For example, potential affiliates from Russia, India and Africa.
How do scammers affect the reputation of your sites and services?
Members that have belonged to the service for two or three years and see some form scamming going on do tend to inform us of the problem so that we can remove the scammer(s) from the site. But, if he/she is a new member who has just registered, it is a very awkward situation and it makes us look very unprofessional.
However, we do take measures to assure members that their information is safe and that they will meet genuine people on the site. We also take great measures to ensure that members are not contacted by scammers from Russia or Africa, because if they are contacted – especially within their first two or three weeks of being on the site – then it simply looks terrible.
What can the industry do to beat scammers?
Many a time I've looked on the internet for places that work like a “scammer central”. I've managed to find a few websites that list 5,000-7,000 members who are known scammers. However, I do not think that this is the right approach as it lists the names of the individual members (the scammers) that are contacting the members – not where they come from!
What I think the industry needs is a white list and a black list of IP ranges. For example, at Bone Fish Ltd we use an application on our credit card page that grabs the IP address. As such, we have blocked approximately 25% of all IP addresses in the world and still continually adding to the list on a regular basis. I’m hoping that this will catch some 95% of scammers.
With this in mind I don't think that having profiles of known scammers is the way forward. I think people need to sit down and actually look at the more technical side of it and determine where these people are actually coming from. Are they signing up in the UK, paying from Africa and then sending the messages from Africa? Or are they using IP masking tools to stop people from detecting their location? I think that these are the real issues rather than the specific members. I think we need to look at ISP and server-side solutions rather than having a great big database that's simply updated. Ideally, someone needs to put together a site from a technical point of view that will allow people to share techniques on how to block scamming.
Do you have any tips for smaller sites and services to beat scammers?
Yes, at Bone Fish Ltd we do employ a few measures that I am happy to share with you. I think the first thing smaller sites and services should do is get themselves an IP scanning tool which scans the IP addresses of all members that sign up to the site. Coupled with this, I would opt for one of the various merchants or banks on the internet, obtain a list of known high-risk countries and essentially impede all of these countries from being able to access the service – both on the credit card page and during the registration processes. (You have to remember that scammers can sign up in the UK and then pay through Africa, so special attention must be paid to these pages in particular).
The second thing I would recommend to smaller sites is a message frequency service which analyzes the number of messages a member sends out in a day. As such, owners of these sites can then analyze what is going out, and flag anybody who is sending 40 or 50 messages on a daily basis. This will help to assess who needs to be watched carefully and will essentially ensure that these members are not scamming other members. These are perhaps two primary things that will go a long way towards stopping scamming.
And finally, the third thing I would do is have an email centre which stops .fr and .ru from logging into the service. The Ivory Coast uses .fr and Russia uses .ru. However, this will only work until scammers figure out that they are being blocked. But for the time being, it will certainly get rid of inexperienced scammers. Because every little helps.