February 8, 2023 | 16 minutes
Ep. 47 | Reimagining Cyber | Cyber Scams Breaking Hearts | Dan Winchester
[00:00:00] Dan Winchester: As soon as they can, the scammer is gonna try and move you away from the communication system run by the dating platform and onto some third party communication platform. And that's because they're eventually gonna get detected one way or another by the dating platform. They're gonna have their communication channel shut off and they're gonna lose the target that they've spent maybe days grooming.
[00:00:27] Rob Aragao: Welcome to the Reimagining Cyber Podcast, where we share short and to the point perspectives on the cyber landscape. It's all about engaging, yet casual conversations on what organizations are doing to reimagine their cyber programs while ensuring their business objectives are top priority. With my co-host, Stan Wisseman, Head of Security Strategist, I'm Rob Aragoa Chief Security Strategist and this is Reimagining Cyber.
[00:00:54] Rob Aragao: Stan, who do we have joining us for this episode?
[00:00:56] Stan Wisseman: Rob, our guest today is Dan Winchester. It's around [00:01:00] Valentine's Day. So we thought it would be interesting to take an angle on the dating game by examining scammers and fraudsters on dating app sites. And Dan is the co-founder of Scamlaytics. And Scamalytics has a focus on helping dating sites remove scammers from their site in real time.
[00:01:18] Stan Wisseman: And Dan, it's great to have you on us as a guest to help us understand this area a bit more. We haven't covered fraud or scammers at all on the podcast. And so it'd be great to, to dive into this area and specifically you have a focus around dating. Is there anything else about your background though you'd like to share with our listeners before we get started?
[00:01:36] Dan Winchester: Well, thanks for having me on. Stan and Rob. My, my background is in, online dating and I've been running an online dating service for 15 years. It was through running that, that I've got into a second business trying to defend dating services against scammers and fraud. So, so I've sort of seen both sides of the coin in a way.
[00:01:57] Dan Winchester: You know, I've run the dating service and [00:02:00] then I've also, now, you know, my main focus is in providing a business which helps other dating services protect themselves against online fraud and scammer
[00:02:09] Rob Aragao: So, let's kind of jump into this a bit. And if you think about it, right, when, when scammers are going after organizations, right, it ultimately can hurt.
[00:02:18] Rob Aragao: organization's reputation and, and bottom line as well. So I'd imagine, you know, it's especially true for these dating sites and apps. When you look at this, right? And you see that there are users of the apps, if they're using them and then there's, let's say one too many times where they're kind of getting burned, then it's a scam behind it.
[00:02:36] Rob Aragao: It's gotta be rather impactful and they'll move on to something else. What's your take on that? What have you seen through your experiences?
[00:02:43] Dan Winchester: Well, generally speaking, very few people actually end up getting scammed. So I think the reputational problem for dating services is not really that their users are getting scammed, it's that their users are encountering fake profiles, which are set [00:03:00] up by scammers and most users are, are kind of savvy enough to realise
[00:03:04] Dan Winchester: pretty quickly that they're dealing with a fake profile. I mean, a, a lot of users will just be able to tell just by looking at it. Mm-hmm. , that that's a fake profile. And maybe it's created by a scammer, or maybe it's created by someone who's just up to some mischief. Uh, and obviously that's a bad experience for that user.
[00:03:21] Dan Winchester: And ultimately most dating services are trying to move as many of their users as possible over to a subscription. And you're not gonna pay a subscription when the product you're subscribing to which is a database of singles actually looks like it's just full of junk and scammers. So there's a really good business reason why dating services wanna get rid of these scammers as quickly as possible.
[00:03:48] Stan Wisseman: No, that makes sense. Let's talk about the data side of the equation and online merchants re-using data for a variety of reasons to, you know, for example, you know, they, they may wanna evaluate customer needs to be able to better [00:04:00] position their products. They want to, you know, ensure they have regulatory compliance by looking at the data.
[00:04:06] Stan Wisseman: But collecting this data is just the first step, right? I mean, to effectively put it, to use, you also have to be able to organize and control the data in some way. And that can be a struggle for sort of some businesses, and I'm imagining that's true in the dating sites as well. How have you seen dating sites handle sensitive data that they're collecting?
[00:04:25] Stan Wisseman: So
[00:04:26] Dan Winchester: this is a really interesting area because there's a tension in, dating as there are many other sectors. The tension is really between privacy and safety. Users want to feel safe, but they also want to make sure that their privacy is respected. And yeah, you have to strike a balance in terms of what you do with user data.
[00:04:48] Dan Winchester: So you need to really be figuring out what's the minimum amount of data you can use in order to prevent the maximum amount of fraud. And some data is obviously more [00:05:00] impactful than others in detecting fraud, and some data has a higher impact in terms of the user privacy. So to give a really simple example, if you can detect fraud without reading any messages, that's fantastic because messages are probably the most private piece of information a user puts on a dating service.
[00:05:19] Dan Winchester: And the user may be happy to accept that as a compromise. You, you know, I, I wanna feel safe and you are managing to keep me safe without looking at my messages. So those are the kinds of kind of balancing decisions that services have to make.
[00:05:34] Rob Aragao: So, so Dan, let's kind of double click down on the data aspect a little bit more.
[00:05:39] Rob Aragao: and helping identify that scammers, you know, what are some of the different types of data elements, I guess you would say that you're collecting from these different dating services and apps and what else are you augmenting with additional data elements and sources to really help drive kinda high fidelity of, you know, reality that there is a specific scamming situation or some [00:06:00] sort of fraud going on here that help you pinpoint that.
[00:06:04] Dan Winchester: it's worth thinking about this in terms of what the, what the scammer is doing, how the scammers achieving, you know, a position where they can execute a scam. And they're almost always doing two things. So the first thing they're doing is they're misrepresenting who they really are. Mm-hmm.
[00:06:20] Dan Winchester: And the second thing they're doing is they're trying to move the target away from the dating service and onto some other platform where they will ultimately execute the scam. And so the data that's useful is often data that can help you confirm whether that user is actually who they say they are. Yeah. And a, a simple example might be if they say they're in one location, but their IP address places them in a different location.
[00:06:44] Dan Winchester: You know, that's useful information and to, to sort of, yeah answer the question about augmenting your data obviously once you've got an IP address, there's a whole host of other data sources you can then bring into play in order to, you know, just find out a bit more about that IP address. Is [00:07:00] it a regular internet connection?
[00:07:01] Dan Winchester: Is it, is it a hosting company? Is it a known proxy? And then what we do is we try and pull together blacklists of, of known risky data. So that might be a photo that has been used on many hundreds of fraudulent accounts. It might be an email address. It's been used time and time again. So those those data points are then effectively made available to lots of different data dating services.
[00:07:30] Dan Winchester: So fraud on one dating service helps another dating service, which might be a competitor detect fraud, you know, before it becomes a problem.
[00:07:39] Rob Aragao: Dan, just a little bit more on that, uh, curiosity. So do you actually also work with the, you know, the internet service providers, the hosting providers? You kind of mentioned this as it relates to some of the reputation of an IP and getting some of that information kind of flowing back and forth with what you're trying to accomplish.
[00:07:55] Rob Aragao: And what they're able to serve up with information that they know.
[00:07:58] Dan Winchester: We often have quite a tricky [00:08:00] relationship with the service providers themselves because they may not be taking as much action as we would like when fraud happens on their networks. And you know, some of these companies are obviously massive and it's quite hard to get them to, to really deal with these kind of issues.
[00:08:18] Dan Winchester: I would say we don't really have much contact with those companies themselves. Yes. Sometimes companies will come to us and say, we are aware we have a problem, and we, and we'd like help and we can obviously give them information about where the fraud's coming from on their network, which IP addresses, which they can then trace to bad actors within their customer base.
[00:08:40] Dan Winchester: So we do do some of that, but in the main. Using third party data to try and establish, as much information we can about the reputation of an IP address or the organization that's controlling it. And then we use that in combination with our own data based on the fraud reports that we are getting across our network [00:09:00] of dating services.
[00:09:01] Stan Wisseman: So this online fraud area, it, it can be a, a complicated crime sector, you know, and it's constantly evolving. Now criminals are becoming more sophisticated. I mean, tried and true methods probably always will be attempted, right? But methods are changing. Um, merchants need to stay on top of the latest threats and ensure that their strategies to address, the most pre pressing risks are, effective.
[00:09:29] Stan Wisseman: so as the, the pace and volume of fraud threats continue to increase, and as frauds find new ways to attack businesses, what are you seeing as far as some of the next forms of attack that are being applied.
[00:09:44] Dan Winchester: Well, in terms of IP addresses, Scamalytics actually doesn't just look at dating. We have all sorts of sectors, specifically when it comes to IP addresses.
[00:09:53] Dan Winchester: So that might be FinTech, banking, law enforcement, government classifieds, and right across the [00:10:00] board, one of the biggest challenges we are seeing is this movement of fraud from data center. IPs to what's often called residential proxies. A residential proxy will be where a regular internet connection used by just a normal domestic internet user, somehow gets carved out into a proxy by that third party company.
[00:10:23] Dan Winchester: And they might do that by providing some sort of software that user wants in exchange for acquiring a small portion of their internet connection
[00:10:33] Stan Wisseman: and probably agreed to it on their licensing agreement too, somehow to say, yeah, I'll accept that. Don't even realize they're accepting the exact fact that there may a proxy.
[00:10:42] Dan Winchester: Exactly and, you know, in the past, IP information's been really useful to detect fraud, and one of the things you can look at is we're expecting a, normal internet user and, and actually we're seeing a data center, so that's gonna up the fraud risk. But if you're seeing, [00:11:00] you know, just what looks like a normal internet user on an IP address that's belongs to a normal residential internet service provider, then it's very hard to put a risk score on that.
[00:11:13] Dan Winchester: That's, hard because you're gonna bring normal, regular users into that, into that risk score. So I would say that's the one of the biggest challenges moving forward. There's things you can do and, and, and things that we're, you know, having some success with. And I know across the industry it's, you know, it's, it's quite a big challenge.
[00:11:31] Dan Winchester: The companies that are offering these IP addresses are really big companies that are presenting themselves as, you know, high reputation companies providing a legitimate service. But definitely at our end, we are seeing that those IP addresses are, whatever the, the legitimate purpose is, we are seeing them being used for fraud.
[00:11:50] Rob Aragao: let's look a little bit into the future and the evolution of fraud detection. And what role are you seeing today in data analytics and specifically machine learning? Even the examples you were talking about of looking at an IP address, seeing what that person is doing, where they're doing it from, and then all of a sudden that's coming from some different part of the world as an example. How can we help from a machine learning perspective better isolate those type of issues and offload that to go into more complicated types of scenarios?
[00:12:25] Dan Winchester: We do a lot of machine learning stuff within Scamalytics, but I would always add a cautionary note that we find that the domain knowledge is way, way more useful than machine learning because when you're dealing with fraud, you've really gotta be attuned to false positives and it's so easy for machine learning systems to get into false positive feedback loops and things like that.
[00:12:54] Dan Winchester: where actually you’re detecting fraud and then you're starting to label the data [00:13:00] that you're learning from. Uh, and before you know it, yeah, you're potentially flagging relatively low risk data points as high risk data points. and there's obviously ways around that, but, without getting too technical it's quite hard to get really good labelled data in terms of fraud because it's pretty hard to know, you know, where absolutely all the fraud is. So, , we have big gaps in our data where you've scammers and genuine users, but you've got a massive gray area in the middle where could be a scammer.
[00:13:32] Dan Winchester: But could also be, you know, a genuine user and you can't really label that data. So that demand, that's where your domain knowledge comes in, into play. So I think the machine learning's, yeah, really good for the kind of simpler problems where you just need tons and tons of scale and you need to make some quick decisions.
[00:13:48] Dan Winchester: But I would definitely caution against these kind of black box models where you're getting an output and you're kind of not really sure how that decision's being made under the bonnet. [00:14:00] and then using that, you know, in production.
[00:14:03] Stan Wisseman: So Dan, I know you don't deal directly with the consumers of these dating apps, but in general, do you have advice of what a consumer of a dating app should be looking for? Uh, you mentioned again, experienced users probably recognize illegitimate profiles quickly, but are there, are there some tips of the trade as it were that you can share?
[00:14:28] Dan Winchester: A piece of advice that I always give out and, and I think this would keep the vast majority of people safe, is stay on the messaging system of the dating service.
[00:14:40] Dan Winchester: And the reason for that is twofold. First of all, as soon as they can, the scammer’s gonna try and move you away from the communication system, run by the dating platform and onto some third party communication platform. And that's because they're eventually gonna get detected one way or another by the dating platform.
[00:14:58] Dan Winchester: They're gonna have their [00:15:00] communication channel shut off and they're gonna lose the target that they've spent maybe days grooming. So they need to secure that communication channel, and the easiest way to do that is move to a different one and the other problem for the scammer is the dating service has got all these security systems in place to try and make sure that fraud isn't gonna happen to its users.
[00:15:21] Dan Winchester: Whereas a communication platform that's purely about communication- maybe is even focused on privacy - just isn't gonna have those sorts of systems in place. So the scammer is in a much stronger position in, in terms of then executing the scam. We hardly ever see scams executed on our client services.
[00:15:42] Dan Winchester: It's almost always executed away from the client service. So dating services provide messaging systems and most of those messaging systems are pretty good. So my advice would be to just stay on those messaging systems, don't leave them and really get to know someone before you agree to [00:16:00] move the conversation elsewhere.
[00:16:03] Rob Aragao: Well, Dan, thanks for coming on and sharing a lot of the insights within a specific area we've not come across and discussed in the past, so kind of, you know, looking at it from the, the scamming elements of what actually takes place in some of the different dating service apps that are out there.
[00:16:15] Rob Aragao: But even more importantly, for the audience to hear some of the specific kind of, these are the things you should really take into account as part of, you know, as you mentioned, stay within the app, stay within the messaging platform that they have. Don't go elsewhere cuz that's the first sign of, there's probably some sort of fraud activity happening behind this thing.