Hello! We have an ongoing (and potentially fraudulent) problem with online constituents being created with gibberish names and bogus addresses. AND there are never any orders associated with the new accounts. I cannot figure out the purpose, if this is a preemptive attempt at setting up fraudulent order, and are they BOT created. I run a New Record Summary report everyday, and everyday go through the list of new online accounts that were created the day before. The bogus accounts are pretty easy to spot, but sometimes number in the teens or twenties each day. I then go into each account and deactivate them, which can be quite laborious. Does anyone else have this issue and do you have any other way of dealing with them. More often than not, they have emails with the word stellard in the address. I have an ongoing ticket trying to find a pattern that might help create some preventative measures in keeping these accounts from being created. Any shared experiences are welcome.
Bringing this to the top. Have we figured out a way yet to stop these Stellard accounts from being created? We deactivated 70 over the weekend and have since had 5 more created in the past 2 days.
Hi Jessica. No sure-fire solution has been discovered or developed. Mayo Performing Arts Center has addressed fraud in a recent CRM assessment, which basically deals with three layers of what one might consider fraud. First is the creation of what I call bogus accounts (stellard emails) Then there are secondary resellers (scalpers) which while legally not fraud as long as there is no legislature to prevent third parties from reselling our tickets at exorbitant prices, none-the-less interfere with our ability to give good customer service and sell to customers legitimately priced tickets. Then there are "bad actors" who make last minute online purchases, using fraudulent credit cards, then those sales are disputed as fraud after the show has past. Implementing AVS (address verification service) in TNEW should take care of this third case of fraud, but there are certain defects in the current functionality of AVS. Using delayed eTicket delivery method helps combat scalper activity. Currently, we have not been able to keep bogus accounts from being created. Nor do we understand the reason for such accounts being created other than their potential use for future fraudulent activity. We do use RECAPTCHA which should prevent BOT activity in creating a new account. We also have a "terms and conditions" waiver that we require to be checked at the end of the order creation. If these people/BOTS are getting around RECAPTA and are intending to create fraudulent orders, it is possible that our terms and conditions waiver is preventing the person/BOT from creating an actual order. This would result in a bogus new account with no order. This is just a guess at what might be happening. Perhaps someone from Tessitura can weigh in on this? We just continue to run a daily report of new constituents and inactivate these bogus accounts. We also are able to find some of these last minute fraudulent sales and return them before the show occurs and before a fraud dispute can be issued.
You have summed up the "issues" perfectly. Like what is their end game with these stellard email addresses? Thanks for posting!
My assumption is that stellardl is a bot begin trained against recaptcha, and possibly TNEW sites specifically. The fact that they seem to do a variety of things, up to placing products in the cart, but never checking out suggests they're just probing how the sites works generally. That said, the kind of nonsense that they use to fill in names and addresses feels pretty human, in particular feels like a number of humans with different tolerances for spending time on creating aliases.
I also wonder if the "stellardl" "tell" isn't actually a way to watch internet forum activity to see if they are being detected on different platforms. Hopefully with these forums behind invitation-only accounts, we won't be letting them know.
I like Gawain Lavers's assumptions. They tally with my own assumptions. Now, that being said, how much we are assuming on top of assumptions on top of other assumptions and thus affecting our resulting surmises... I do not know. Suffice it to say I think we are all well sick of it, but not entirely sure how to stop it.
Thank you Gawain for your input. I too think there is a certain amount of human hands at work here. Thank you also for your thoughts on internet forum activity.
Not sure if this directly relates, but here is a recent article about fake account creation and getting around captcha. Microsoft just cracked down on it: This is from NBC news this week:
A U.S. court allowed Microsoft to seize several websites it said belonged to a Vietnamese operation that allegedly sold hundreds of millions of fake Microsoft accounts, an unusual step in the ongoing fight against online fraud and cybercrime.
Microsoft said in a blog post on Wednesday that the group operated at least four websites that were seized.
One site tied to the operation, Hotmailbox, was a popular source to buy fake Hotmail accounts, a service owned by Microsoft, in bulk. Microsoft said Hotmailbox frequently sold those to cybercriminals.
Microsoft’s decision to sue for custody of the site was in large part motivated by its inability to figure out how the scheme’s operators were so good at automating the CAPTCHA process, which is designed to stop automated bots from repeatedly making new accounts, according to Amy Hogan-Burney, head of Microsoft’s digital crimes unit.
“They are using tools that allow them to defeat CAPTCHA at scale. They are able to create a high volume of accounts that can appear to be, for a period of time, legitimate,” Hogan-Burney said in a video interview.
The alleged fraudsters behind the operation have figured out a way to make “a bot that actually solves the puzzle,” and sold around 750 million fake accounts, she said.
“I really want that discovery,” Hogan-Burney said. “I want to know what’s going on here, because that’ll actually make our products and services better.”
Microsoft has spent tens of millions of dollars fighting bots from abusing its service and trying to ensure only humans can create new accounts, it said in the complaint, filed Dec. 7 in the Southern District of New York federal court.
this is excellent info, thank you!!