[Suggestion] A method to prevent Hacking Related Scams.

I know what many of you are thinking. You are thinking that there is no possible way (at least with no down side) to prevent a hacker from scamming a member on Sythe. I am here to tell you,"YES THERE IS."

What is a Hacking Related Scam?
A hacking related scam is when a sythe members account is hacked, then the hacker of the account uses that particular account to hack a sythe member.

Isn't that was the Dispute Section is for?
Yes, but the dispute section is for, well, disputes. Plus, a mod needs to approve your thread before it gets posted. And once the thread is approved, you still must wait for a mod to verify that you have been hacked before they can ban your account to prevent scams. This time period from once the hacker gets into the account, to when the user realizes the account is hacked, to the mod approving the thread, to the mod enacting the ban is way too long of a time period for a hacker to scam. We are giving them large amounts of time to get the scam done before the account gets banned.

So then what do we need to do?
We need to shorten that time period as much as we can to prevent any scams from happening. By preventing these scams, the owner of the account will not have to worry about paying any members back who were scammed and at the same time the community will not have to worry about being hacked.

THE SOLUTION:
The solution is a rather simple one. We allow users to email a specific email (such as [email protected]) that will trigger a ban for their account. Once a user is hacked, they can immediatly shut off their account to prevent any scams. Some may be thinking "What happens if the hacker hacks your email too?". If the hacker hacks your email too, why in the world would he want to shut down your account?? His goal is to use your account to scam. So, if a hacker has your email, it would be the same as if he had your email and there wasn't an email auto-ban option. Once the account owner gets his account back, he will post a dispute for the unban of his account. There are literally NO cons to this. If you think of any or would like a more in detail explaination of this suggestion, please post it in the thread.


SUPPORTERS:



NON SUPPORTERS:

 

What if a hacker simply dislikes the person they hack, thus purposefully getting the users' account banned with no intentions of scamming another person.

 

Better to have a hacker ban my account (which i can appeal) than scam members. Plus, while my email is hacked, I probably would want my sythe account banned until i get my email back (unless I want to fork over money that the hacker scammed)...

And remember, to know that you can email [email protected], you must be a Sythe member. So if a hacker (not on sythe) hacks my email, even if he does dislike me, he doesn't know that he can ban my account. And if he is a sythe member, he would be helping me by banning my account until i regain access to my email. Plus, how many people hack an email just to ban an account for the lols. Not many.. Their intention is most likely to scam. Plus, a large sum of people do not have the same email pass and Sythe pass, so the chances of a hacker having both access to both accounts is not small, but small enough.

 

If they hacked your email and the account was banned, how would you 'dispute' your ban? Sythe can't keep IP records of an email address that is used, and just because not many people 'only' hack accounts to get another user banned doesn't mean it wouldn't happen more after this suggestion if it were to be put into place.

 

Well think logistically. Someone would have to figure out how to code this, and then code it. Basically You'd have to figure out a way for the site to recognize that an email has been sent, search the database for that email, and then automatically ban someone. Considering we haven't even upgraded to vB4 yet and the tech admins appear to have quite limited time then this just isn't logistically possible.

 

@Inter - That idea has many flaws. One being, a person who hacks your email could find the sent email in your sent email box, and find the special email. They then have the power to ban ur acc from any email.

@Dipper - True. If my email got hacked as well then that is when I would head to the dispute section as my PLAN B. The thing people arnt understanding is that #1. Not many people will get both their Sythe and Email acc hacked at the same time. #2 The hacker of the email has no use for the email if he cannot hack the user's sythe acc. #3 It is the same now as it will be then. For example, as we speak, if someone get's their Sythe acocunt and email hacked, where are they going to go? To the Dispute forum. If this Suggestion is enacted and someones Email and Sythe account is hacked, where are they going to go? The dispute forum. BUT what this suggestion will do is it will stop ANY hackers who only have access to Sythe account, where as now, if you have access to the Sythe account you don't need access to the email, because you can just scam away.

@Emporer - Not true. If the suggestion is revised to a point of perfection, an admin should take the time to do it because it prevents scams. Also, we can always wait til vb4.

 

E-mails won't work, e-mail addresses can be faked easily.

Sorry, but you'll have to change your idea.

 

This comment confuses me. Yes, emails can always be faked. But how does this effect my suggestion. When I sign up for Sythe, I enter my email. Whenever the [email protected] account recieves an email from MY email (the one linked to my account) it will ban my account out of user request.

 

...or you could have a form with a security question and answer. If you enter the correct answer for your question, it bans your account, voila.

I can't see them doing this though, especially the way you want it done.

 

I think he was referring to the fact that spoofing an email address is extremely easy.

 

Seems like it is to far out of the way to be done. By the time you actually realize it is hacked the scamming has already happened and from my experience it doesn't take long time find a mod to tell about being hacked...

 

That is actually a rather good idea. Its the same concept of the email, but much simpler. What if we did this???

@bat - Very false statement. When I was hacked, I posted the dispute. It took 2 days for my account to finally get banned. Obviously the hacker had scammed by then. But, the hacker hadnt scammed when I found out I was hacked. Especially cause active users (the ones who are trusted enough to even get some1 to go first) will notice within a few hours.

 

I'm pretty sure people could deactivate mass accounts like this with spoofed emails and a list of well known members their accounts could potentially be shut down multiple times affecting their business on sythe. Such as somebody constantly spamming R2P's name as hacked.

 

THE Ban request must be sent from the EXACT email that is associated with the account. Just sending a name from anyones email would not do anything. Also, spoofing emails still has no effect on this idea.

 

It's pretty simple to send an email from any e-mail address you want even though it's not yours..

 

Posting a dispute is a lot different than contacting a mod directly. I know for a fact there are numerous mods on at all times of day. I only have a handful of mods added on MSN and there is one on 90% of the time. The fact is that this suggestion isn't viable because of the time that would be needed and all of the flaws in the system.

 

Please enlighten me why then hackers still scam EVERDAY on here.

@vi3 - Throw in the suggestion dialatic said and this method would not work. So i would email the sythe hack email from my email account, then it would reply (after checking if the email is correct) with a security question that I made.

 

It's a consequence of the internet. People get hacked all of the time, it isn't something that can easily be stopped. If I go to sleep and get hacked it doesn't take 20 minutes to use my account to scam. By the time I wake up and say 'Hey, I'm hacked' - I am already banned for scamming. Hacking prevention lies in making people aware of the exploits and how to protect themselves and when a hacking occurs make people aware of the signs of being hacked and make quick reactions when it is found out. There is no magic end to hacking scams, as I stated it is a consequence of malicious intent and the internet. Though honestly it isn't that hard to prevent being hacked. The only things that are unpreventable are security loopholes.

 

See here is where you are missing the point. This is not to prevent hackings. This is to prevent scams after hackings. Yes, maybe some will be asleep while they are scammed, but many will realize they have been hacked very quickly and this suggestion will give them an opportunity to stop the hacker. Even if the method isn't 100% perfect at stopping the hackers, the fact of the matter is, there is no con to the method. And even if we stop 3/5 hackers, that is better than 0/5. Especially because this method has NO risk involved. Worse case scenario is someone has to post a 3 sentence dispute to get unbanned. And even that scenario won't happen often AT ALL.

 

Yes it does... I spoof the headers of the email to make it appear to be sent from [email protected] (just an example obviously) then he is banned and has to go through an appeal to get his account unbanned thus losing business as people will think he his hacked and not buy from him when he is legitimately trying to sell.

Its not very hard to spoof your IP address let alone spoof an EMAIL HEADER.

The idea is flawed from the beginning and the actual solution is to not get hacked in the first place, because there are only two real ways to get hacked, downloading an infected file (whether you are stupid enough to do it directly or get it by a driveby which means you are silly enough to leave java on in your browser) or having an insecure password/email.

Of course the third option is that your email is your own domain and someone 5 years after it expires registers it to get your account but that's just petty.