Spammers: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(20 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Spam is the Internet equivalent of junk mail - email you didn't ask for, and probably don't want. It's sent by spammers, usually using automated tools (aka: spam bots). Freegle members will often have their own spam filters to detect and remove spam. The following just covers what you can do as a moderator to reduce the chance of your Freegle group being used for spam.  
Spam is the Internet equivalent of junk mail - email you didn't ask for, and probably don't want. Freegle members will often have their own spam filters to detect and remove spam.  


Spammers attack Freegle either by sending spam to the group, or by collecting members email addresses from the posts they have made to the groups and using them to send spam.


====Sending spam to the group====
With the introduction of Freegle Direct Version 3, filters intercept most spam.


There are three ways this can be done:
Messages which might be spam appear in ModTools for review - Message>Review.


=====1. Spammer joins the group and sends spam=====
Instructions about how to treat these, and the legal framework are visible on the page, or if not, can be seen by clicking the Show help button.


You can combat this by:
Suspect email addresses can be reported in mod tools, using the Spammer button.


*Moderating new members until they have posted a valid OFFER. Many spammers join a group and immediately send a message - if you moderate new members then the spam will show up in your Pending queue. Don't reply to it, just delete it - replying to spam just tells the spammer that they've reached a human, which is what they're trying to do. Most spammers either aren't clued-up enough to send a valid OFFER to get off moderation before sending their spam.
Fuller details about possible SPAM Posts and people SPAMMING are below.<br>
See also https://discourse.ilovefreegle.org/t/spam-run/5438/10 for an explanation about the different treatment for spam messages and spammers.


*Requiring applications for membership to be approved. This means more work for you, but again, spammers generally aren't astute enough to provide a valid reason for joining. (link to 'pre-approving members' pros and cons here -not that i've written it yet or anything!) "This is labour intensive, but it's easy to make it happen automatically."


*Keeping an eye on the [[FCModSpammers]] group - report spammers to it, and actively remove reported spammers from your list. FCMODSpammers@yahoogroups.com Checking this manually is quite labour intensive, but it's easy to make happen automatically. Here is the relevant entry in the plug-in wiki: http://wiki.modplugin.org/index.php/Spammer_List


=====2. Spammer impersonates ("spoofs") an existing member, and sends spam which appears to come from that member=====


There's basically nothing you can do about this - it's quite easy to forge email and make it appear to come from a valid user (it doesn't require their Yahoo password). So if you see an existing user send spam, don't assume that they've done this personally -it may be that someone is impersonating them. Look at the members posting history to verify this, often very active members and even moderators are targeted by this kind of spammer. Place the user on moderation for a while, to allow you to catch any other such messages, and contact them gently to check.  
=== Modtools Main Menu ===
==== Options when posts are displayed ====
*
[[ File:newspam1.jpg ]]
*
===== Pending =====
*
[[ File:newspam2.jpg ]]
*
===== Approved =====
*
[[ File:newspam3.jpg ]]
*
Make your own judgement about whether this is a genuine and valid post. If you feel it is not then clicking the red Spam button will delete the post, and that information is used, behind the scenes, to train our spam filters.
*


=====3. Spammer hacks into a members email account and sends spam to the group=====
===== Review =====
*
[[ File:newspam4.jpg ]]
*
Automated system checks may result in a message being shown under Message Review. The reason a post has been flagged for review will be shown.  
Again make your own judgement about whether this is a genuine and valid post. If you feel it is not then clicking the red Spam button will simply delete the post, and provide information for our spam filters. Clicking the Not spam button will approve the post, or send it to Pending if the member is on moderation.
To submit a Spammer report see topic [[https://wiki.ilovefreegle.org/Spammers#SPAM_checking_before_submission| SPAM checking before submission]]
*


In this instance you will see when the email arrives in your inbox that their whole address book has been cc-ed. Again, put the member on moderation. You could contact them and let them know gently that their email account may have been hacked, there is an 'automated vacation reply' being sent out that they should switch off and they may wish to consider changing their password and running a full security scan on their computer.  
==== Options when members are displayed ====
*
[[ File:newspam5.jpg ]]
*
===== Approved Review button options available =====
*
[[ File:newspam6.jpg ]]
*
===== Member Review button options available =====
*
[[ File:newspam7.jpg ]]
*
Automated system checks may spot something unusual resulting in a person being shown under Member Review.
The Remove and Ban buttons only apply to your community.
If after reviewing their posting and chat history they seem OK then you can click Ignore.
If you are certain after thorough checking that the person is a spammer then, on their details under Members>Approved, use the Spammer button to submit a report for review. See topic [[SPAM checking before submission]] for guidance.
If you think they are fine, then please add a mod Note so that other moderators will see why.
The Whitelist button must only be used for people who have legitimate reasons to join many communities. An application for whitelisting would then be reviewed.


==== Harvesting member addresses and using them to send spam ====
There is no national rule about how many communities it is acceptable for one person to join, that is up to each community's discretion.  
*


A spammer joins the group, and then extracts email addresses from the message archive, or from emails that get sent to the group. They can then send spam directly to those addresses, without passing through your group. This approach has become more common among spammers who specifically target Yahoo Groups. There are even some spammers who tailor their spam just for Freegle groups so that it looks like they are replies to member's posts. Most often these emails try to trick your members into clicking on a link that is related to the item the member requested in a Wanted post.  
===== Chat Review =====
*
Example:
*
[[ File:newspam8.jpg ]]
*
Chat Review button options available:
*
[[ File:newspam9.jpg ]]
*


Because these spam emails don't go through Yahoo Groups, Yahoo isn't able to provide any mechanism to stop them. The FCModSpammers group has created a tool that can be run on your group to reveal which member accounts are being used to harvest your group emails. The spammer finder tool is available [https://yahoo-groups-spam.appspot.com/ here].  
Click on View Chat to see why the system has highlighted this chat.
A member may have included a telephone number, an email address or a website link for illustration which is fine. An offer to pay petrol money for an item to be taken to them is not suspicious and is a local community decision. In such instances you can approve the chat.
If you would rather the intended recipient does not see the chat then click Delete. If the chat is definitely spam then click Spam.
Use of the Approve and Whitelist button is as for the Whitelist button on Approved members.


The advice above for dealing with spammers who impersonate or hack into members' accounts can also help to identify the spammer member account harvesting addresses. There is also a feature on the plug-in called [http://wiki.modplugin.org/index.php/Membership_Crosscheck Membership Crosscheck]. With this feature you can check your membership list against that of a group that is nowhere near your own. Someone who is a member of multiple groups that are not close together might well be a spammer.  
We are legally allowed to do this (we have confirmed this with the regulator) for the purposes of detecting spam/scam. If we happen to find other violations of our rules, then we are allowed to act on them.


The [http://wiki.modplugin.org/index.php/Check_Recently_Joined_Members Check Recently Joined Members] feature allows you to identify people who've probably joined multiple groups at once, and who therefore need extra investigation to show that they're not spammers.  
You will see chat messages here for review if the recipient is a member of one of your communities. You might see some where the conversation is about a post on another community, because it's not possible for the system to tell reliably whether a message relates to a specific post, multiple posts, or no post at all.  It's fine to act on the message if you see it.


Check out also the pages on [[Grouply]] and [[FreebieJeebies]]  
==== Spammer details held by the system ====
Accessed via Modtools menu at the left:
*
[[ File:newspam10.jpg ]]
*
This shows the options:
*
[[ File:newspam11.jpg ]]
*
Confirmed Spammers - These are members who have been confirmed as spammers. These reports are reviewed before a member appears on this list. Once someone is on this list, they then would be banned from all Freegle communities and warning messages sent to anyone who has had correspondence with the scammer. <br/>
If you are certain that the person is not a spammer then submit a request for removal at https://discourse.ilovefreegle.org/c/tech/3. You must provide good reasons why this person should not be a Confirmed Spammer. Your request will be reviewed. <br/>
Pending Add – These are members who have reported as spammers by a moderator. These reports will be reviewed to decide whether to add them to the spammer list. Please remember that people may not be spammers even if they are reported. For example: <br/>
Members may join many communities because they are over-enthusiastic or have relatives in different places.<br/>
Mail can be spoofed or accounts can be hacked - so a member can appear to send spam but not be a spammer. <br/>
For someone to be added to the list they need to have clear intent to deliberately spam/scam, or be a massive multijoiner. Only a limited number of people have the ability to confirm or reject someone as a spammer. <br/>
Whitelisted - These are members who have been exempted from the spammer list. Generally they are people who have legitimate reasons to join many communities. <br/>
Pending Remove - These are members who are on the spammer list but someone has asked for them to be removed.
=== SPAM checking before submission ===
Before you click the white Spammer button you need to do some investigation:
You may get a post from a new member offering one of the known scammer items. <br/>
You may identify something from Chat or by some other means that the circumstances are highly suspect. e.g. “I have now moved to some_distant_location but courier fees to send it to you would not be expensive”. <br/>
Check the past posting and chat history of the member and how that person uses the community. <br/>


====Informing Members====
If they appear to make regular posts on the community that are offers and wanteds they are not likely to be spammers. Check a few chats, see if they have sent spam or scam type replies to people or are they genuinely arranging collections? If they are chatting normally, then they should not be reported. No member should be reported without a look to see what their past activity is.<br/>
An isolated incident of something doubtful should be resolved with the member or locally within your community. Their account may have been hacked or spoofed so check for that.<br/>
If it is a suspicious new member then Google their email address, or even just the bit before “@”, and see if anything shows up. <br/>
If a picture of an item attached to a post seems suspicious because it is not from a domestic setting then Google the image. <br/>
A link to a website in a post may be just a useful illustration so check it out. <br/>


There is an email you can send out to members [http://wiki.ilovefreegle.org/Suspending_spammer here.]
You should only be reporting genuine spammers or scammers and on rare occasions, someone we think could be a danger to other members. Even apparently strange people can be checked out to see what they are saying to members before being reported. <br/>
After doing the investigation above, if you consider that the person is a serious risk to Freegle then you should use the white Spammer button on the Member Details page to submit your report for review. Your report must include as much helpful evidence as possible. That report would then be reviewed and if it is considered that the person is a real scammer they would be added to the Confirmed Spammer List. <br/> Then they would be banned from all Freegle communities and warning messages sent to anyone who has had correspondence with the scammer. <br/>
If new facts come to light which show it to be a false alarm then the person can be removed from the Confirmed Spammer List, but they would then have to re-join a Freegle community.<br/>
The Spammer Team can be contacted directly at spammerlist@ilovefreegle.org if there are further queries.


====Mod Tools listing====
=== Procedure for Support Team when reviewing spammer submissions ===


To add known suspect email addresses to mod tools, fill in the form here - http://modtools.org/submitspammer.php
We cannot always rely completely on what the mods report, they aren't always right and some reports are a little exaggerated and vague, so they need checking properly to avoid adding someone innocent. If we just approve everything on another mods say so, there is little point in us being spam checkers. We need a checking procedure arranged between us.<br/>


When a spam report comes in the first thing to do is hold it, so nobody else tries to deal with it at the same time as you are checking it out. <br/>


Then copy the email address, or member number, of the reported member and go to support tools. In 'find member', paste the email or number and the membership pops up with all the info about how that person uses the community. <br/>


Back to [[Specific Problems]] or [[How To Deal With]]  
If they appear to make regular posts on the community that are offers and wanteds they are not likely to be spammers. Check a few chats, see if they have sent spammy or scam type replies to people or are they genuinely arranging collections? If they are chatting normally, then they should not be added to spam. No member should be added without a look to see what their past activity is. If they are not spammers then reject the report and drop the reporting mod an email to explain why and copy in Support so they know too. <br/>
 
We should only be adding genuine spammers or scammers and on rare occasions, someone we think could be a danger to other members. We have had a couple of weirdos pop up who were added for member safety. Even weird people can be checked out to see what they are saying to members before being added. <br/>
 
If a member is NOT to be added to the spammer list then email an explanation to the reporting moderator copying spammerlist@ilovefreegle.org<br/>
If a member IS to be added to the spammer list then email an explanation containing the spamming member email and the reason to spammerlist@ ilovefreegle.org<br/>
 
 
That is the fairest way to do it for the member concerned. There is nothing worse than losing all your communities and chats where you are in the middle of arranging collections.
 
 
Links:
email address for Spammers Team: spammerlist@ilovefreegle.org
*[[Specific Problems]]
*[[How To Deal With]]
*[[ModTools]]  


[[Category:Specific_Problems]]
[[Category:Specific_Problems]]
[[category:ModTools]]

Latest revision as of 11:16, 13 September 2022

Spam is the Internet equivalent of junk mail - email you didn't ask for, and probably don't want. Freegle members will often have their own spam filters to detect and remove spam.


With the introduction of Freegle Direct Version 3, filters intercept most spam.

Messages which might be spam appear in ModTools for review - Message>Review.

Instructions about how to treat these, and the legal framework are visible on the page, or if not, can be seen by clicking the Show help button.

Suspect email addresses can be reported in mod tools, using the Spammer button.

Fuller details about possible SPAM Posts and people SPAMMING are below.
See also https://discourse.ilovefreegle.org/t/spam-run/5438/10 for an explanation about the different treatment for spam messages and spammers.



Modtools Main Menu

Options when posts are displayed

Newspam1.jpg

Pending

Newspam2.jpg

Approved

Newspam3.jpg

Make your own judgement about whether this is a genuine and valid post. If you feel it is not then clicking the red Spam button will delete the post, and that information is used, behind the scenes, to train our spam filters.

Review

Newspam4.jpg

Automated system checks may result in a message being shown under Message Review. The reason a post has been flagged for review will be shown. Again make your own judgement about whether this is a genuine and valid post. If you feel it is not then clicking the red Spam button will simply delete the post, and provide information for our spam filters. Clicking the Not spam button will approve the post, or send it to Pending if the member is on moderation. To submit a Spammer report see topic [SPAM checking before submission]

Options when members are displayed

Newspam5.jpg

Approved Review button options available

Newspam6.jpg

Member Review button options available

Newspam7.jpg

Automated system checks may spot something unusual resulting in a person being shown under Member Review. The Remove and Ban buttons only apply to your community. If after reviewing their posting and chat history they seem OK then you can click Ignore. If you are certain after thorough checking that the person is a spammer then, on their details under Members>Approved, use the Spammer button to submit a report for review. See topic SPAM checking before submission for guidance. If you think they are fine, then please add a mod Note so that other moderators will see why. The Whitelist button must only be used for people who have legitimate reasons to join many communities. An application for whitelisting would then be reviewed.

There is no national rule about how many communities it is acceptable for one person to join, that is up to each community's discretion.

Chat Review

Example:

Newspam8.jpg

Chat Review button options available:

Newspam9.jpg

Click on View Chat to see why the system has highlighted this chat. A member may have included a telephone number, an email address or a website link for illustration which is fine. An offer to pay petrol money for an item to be taken to them is not suspicious and is a local community decision. In such instances you can approve the chat. If you would rather the intended recipient does not see the chat then click Delete. If the chat is definitely spam then click Spam. Use of the Approve and Whitelist button is as for the Whitelist button on Approved members.

We are legally allowed to do this (we have confirmed this with the regulator) for the purposes of detecting spam/scam. If we happen to find other violations of our rules, then we are allowed to act on them.

You will see chat messages here for review if the recipient is a member of one of your communities. You might see some where the conversation is about a post on another community, because it's not possible for the system to tell reliably whether a message relates to a specific post, multiple posts, or no post at all. It's fine to act on the message if you see it.

Spammer details held by the system

Accessed via Modtools menu at the left:

Newspam10.jpg

This shows the options:

Newspam11.jpg

Confirmed Spammers - These are members who have been confirmed as spammers. These reports are reviewed before a member appears on this list. Once someone is on this list, they then would be banned from all Freegle communities and warning messages sent to anyone who has had correspondence with the scammer.
If you are certain that the person is not a spammer then submit a request for removal at https://discourse.ilovefreegle.org/c/tech/3. You must provide good reasons why this person should not be a Confirmed Spammer. Your request will be reviewed.
Pending Add – These are members who have reported as spammers by a moderator. These reports will be reviewed to decide whether to add them to the spammer list. Please remember that people may not be spammers even if they are reported. For example:
Members may join many communities because they are over-enthusiastic or have relatives in different places.
Mail can be spoofed or accounts can be hacked - so a member can appear to send spam but not be a spammer.
For someone to be added to the list they need to have clear intent to deliberately spam/scam, or be a massive multijoiner. Only a limited number of people have the ability to confirm or reject someone as a spammer.
Whitelisted - These are members who have been exempted from the spammer list. Generally they are people who have legitimate reasons to join many communities.
Pending Remove - These are members who are on the spammer list but someone has asked for them to be removed.

SPAM checking before submission

Before you click the white Spammer button you need to do some investigation: You may get a post from a new member offering one of the known scammer items.
You may identify something from Chat or by some other means that the circumstances are highly suspect. e.g. “I have now moved to some_distant_location but courier fees to send it to you would not be expensive”.
Check the past posting and chat history of the member and how that person uses the community.

If they appear to make regular posts on the community that are offers and wanteds they are not likely to be spammers. Check a few chats, see if they have sent spam or scam type replies to people or are they genuinely arranging collections? If they are chatting normally, then they should not be reported. No member should be reported without a look to see what their past activity is.
An isolated incident of something doubtful should be resolved with the member or locally within your community. Their account may have been hacked or spoofed so check for that.
If it is a suspicious new member then Google their email address, or even just the bit before “@”, and see if anything shows up.
If a picture of an item attached to a post seems suspicious because it is not from a domestic setting then Google the image.
A link to a website in a post may be just a useful illustration so check it out.

You should only be reporting genuine spammers or scammers and on rare occasions, someone we think could be a danger to other members. Even apparently strange people can be checked out to see what they are saying to members before being reported.
After doing the investigation above, if you consider that the person is a serious risk to Freegle then you should use the white Spammer button on the Member Details page to submit your report for review. Your report must include as much helpful evidence as possible. That report would then be reviewed and if it is considered that the person is a real scammer they would be added to the Confirmed Spammer List.
Then they would be banned from all Freegle communities and warning messages sent to anyone who has had correspondence with the scammer.
If new facts come to light which show it to be a false alarm then the person can be removed from the Confirmed Spammer List, but they would then have to re-join a Freegle community.
The Spammer Team can be contacted directly at spammerlist@ilovefreegle.org if there are further queries.

Procedure for Support Team when reviewing spammer submissions

We cannot always rely completely on what the mods report, they aren't always right and some reports are a little exaggerated and vague, so they need checking properly to avoid adding someone innocent. If we just approve everything on another mods say so, there is little point in us being spam checkers. We need a checking procedure arranged between us.

When a spam report comes in the first thing to do is hold it, so nobody else tries to deal with it at the same time as you are checking it out.

Then copy the email address, or member number, of the reported member and go to support tools. In 'find member', paste the email or number and the membership pops up with all the info about how that person uses the community.

If they appear to make regular posts on the community that are offers and wanteds they are not likely to be spammers. Check a few chats, see if they have sent spammy or scam type replies to people or are they genuinely arranging collections? If they are chatting normally, then they should not be added to spam. No member should be added without a look to see what their past activity is. If they are not spammers then reject the report and drop the reporting mod an email to explain why and copy in Support so they know too.

We should only be adding genuine spammers or scammers and on rare occasions, someone we think could be a danger to other members. We have had a couple of weirdos pop up who were added for member safety. Even weird people can be checked out to see what they are saying to members before being added.

If a member is NOT to be added to the spammer list then email an explanation to the reporting moderator copying spammerlist@ilovefreegle.org
If a member IS to be added to the spammer list then email an explanation containing the spamming member email and the reason to spammerlist@ ilovefreegle.org


That is the fairest way to do it for the member concerned. There is nothing worse than losing all your communities and chats where you are in the middle of arranging collections.


Links: email address for Spammers Team: spammerlist@ilovefreegle.org