Microsoft Researchers Slash Skype Fraud By 68% 114
mask.of.sanity writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform. The research (PDF) combined information from diverse sources including a user's profile, activities, and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection. The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate."
Re: (Score:2)
Don't kid yourself.
Just because you post AC and switch email accounts often doesn't mean they aren't tracking you. If anything actively trying to avoid being tracked probably draws more attention.
Re: (Score:2)
Re: (Score:1)
Here's my take. Microsoft got some data back from the NSA and are
now busy doing some parallel contruction to a) make that data operational
and b) make the operationalization optimal (effective use, good PR, etc.).
Re: (Score:1)
Just hit 46. Guess I still haven't grown up.
Re:Lovely (Score:5, Insightful)
Re: (Score:3)
Youth, as they say, is wasted on the young.
Re: (Score:2)
No, I'm part of the minority as well.
You're part of the problem, profiling people in to specific categories based on meta-data and implications of content you observe taken out of context.
Re: (Score:2)
And wow...I didn't know you were required on Skype to give real, honest, personally identifying information?!?! My account is under a pseudonym under a throw away email account...
Sure it is traceable, but not readily without some decent effort.
Arms Race Tips Toward Skype (Score:3)
So the arms race may be tilted in favor of Skype for now, but in 6 months we'll have an article "Fake profiles up 200% on Skype".
Re: (Score:1)
Not if the boffins have anything to say about it. Don't mess with the muthafukin boffins yo!
Re: (Score:2, Insightful)
absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
didn't get falsely flagged as a bot.
Re: (Score:2)
absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
didn't get falsely flagged as a bot.
That's assuming they are evenly distributed. My guess is that they are using usage patterns away from the norm so
a classroom would be fine while a tech user who is using skype for some atypical use might have a 50% chance of
getting zapped. This is unfortunately the way it is. Noone cares about the outliers unless there is money in it.
Walmart sells to the 80%. if you are trying to buy swimsuits in august good luck, it might be prime swimming season
but 80% of people have already bought swimsuits so walmart
Re: (Score:2)
absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
didn't get falsely flagged as a bot.
If we are to abstain from the use of any detection technology that has false positives we'd never use any of them at all since every detection technology has false positives and just for the record 5% is pretty good for any algorithm trying to detect complex patterns in large amounts of data. The effect that this will likely have is that Skype will hand much of the fraud detection over to the automated tools so that the case workers assigned to the fraud division can concentrate more on investigating indivi
Misleading headline. (Score:1)
The headline implies that the fraud has already been slashed.
But the story says it's just a research project where they were looking into techniques to combat fraud.
No fraud has been slashed yet.
Re: (Score:3)
* Stolen money from the accounts (you didnt use it before expiration) ...Go go Power Rangers, this year will be the year of Jabber on the desktop
* Centralize the traffic (no more P2P)
* Screwed client for Linux
* Removed "Now Llstening to..." status
Its not clear just what Microsoft did with the traffic.
Their page still insists [skype.com] they are using P2P for traffic but a centralized directory. I don't know how much I believe that.
The centralized directory is probably forced on them for CALEA [wikipedia.org] compliance, so that the NSA can track who calls who.
The Business Case for Microsoft to buy Skype never made any sense at all, and especially not at the price they paid. I suspect the NSA paid the entire bill to get Skype into someone's hands that could impose a level o
Re: (Score:2)
Its a miracle Skype still works on my Nokia N900 (Linux phone, much better than the Windows Phone crap Nokia are doing now and still with functional Skype or at least as functional as Skype on a phone can get)
Re: (Score:3)
Re: (Score:1)
Proper channels? Microsoft? Bwahahahaha.
Find me a link for any Microsoft product ever where you can get support from people other than other frustrated users.
Re: (Score:3)
Yeah, I've seen the request for re-authorization pop up after expanding ram too.
The first time, I groaned, because it meant a trip through the closet of despair looking for the original Cert Tag.
And further, I go through this every time I increase the memory on one of my virtual windows machines.
But you know what? Nothing needed entering. It found everything by itself. It was literally a "click through."
Me thinks thou doth protest too much.
Re: (Score:1)
Me thinks thou doth protest too much.
You're using the phrase incorrectly. That phrase doesn't mean "You're whining too much". Rather, it is an argument for attributing guilt. An archaic form of the more recent "He who denied it, supplied it".
Re: (Score:2)
Me think thou doth pedant too much.
Re: (Score:2)
The 5% figure makes me suspect that they are modeling behavior with a gaussian distribution, and looking for values in their metrics that deviate more than 2 standard deviations from the mean: the classic "95% confidence interval." With this criterion, one would expect, by chance, that 5% of all non-fraud situations to be caught in the net.
I don't think it's uncommon for fraud-detection businesses to live with a moderate false-positive rate like this. Increasing the confidence interval to, say, 99% (3 sta
That's nice. (Score:5, Informative)
So let me get this straight...
Your new filter works better than today's filter...against today's spam
But today's spam is designed to circumvent today's filter, and spammers will change their techniques as soon as you switch to the new filter.
This is the classic Antivirus problem, where new and unusual AV programs get great ratings until they become popular and virus developers start coding with them in mind.
And now you've also published how your new filter works, to make it even easier for spammers to circumvent your new filter. Great.
BAD MATH! (Score:5, Insightful)
Imagine that previous methods caught 10% of the fraudulent accounts. New tech improves that to 16.8%. It's a 68% improvement in the fraud detection rate, but only a 6.8% "slashing" of the fraudulent accounts.
(And 5% false positives is pretty horrific)
Re:BAD MATH! (Score:4, Informative)
TFS (and TFA, actually) are poorly phrased: the actual research article (the linked PDF) specifies (and I quote):
The aim of our work is to go beyond the present, sophis-ticated defenses, and to detect "stealthy" fraudulent users, namely, those that manage to fool those defenses for a relatively long period of time. Our concrete objective is to catch these stealthy fraudulent users within the first 4 months of activity. Our results indicate that, with our methods, we are able to detect 68% of these users with a 5% false positive rate; and we are able to reduce by 2:3 times the number of these users active for over 10 months.
So they didn't increase their detection rate by 68%, they increased it to 68%. And 5% false positive is pretty good: 95% confidence interval is standard in scientific research (outside things like physics which is able to achieve much much higher confidence by means of vastly larger data sets), which means a 5% false positive is exactly what you'd expect with proper scientific methodology ( based on a quick scan that seems to be exactly what they were aiming for). And of course higher false positive is actually better in the case of fraud detection than lower detection rate (since little is harmed by a false positive, while false negatives can directly result in people losing money).
Re: (Score:1)
5% false positive rate is horrible unless you assume there they are a sizable percentage of the total number of accounts.
With a 32% false negative rate, if there are more than ~13X more real accounts than fraudulent accounts, you'll ban more legitimate people than fraudulent accounts.
Re: (Score:2)
A 5% false positive rate is far too high for any broad screening application. For example if 5% of all Skype accounts are scam accounts, then when you lump those in with the 5% false positives, you're no more likely than chance to correctly label someone as a scammer.
Re: (Score:2)
validate email addresses... (Score:1)
Hopefully their research concluded that they should validate email addresses. I have about a dozen Skype accounts (though I never use the service) because of fraudulent account sign ups. The simple act of validating email addresses prior to issuing an account would fix this. Hell, even a product targeted at the lowest common denominator (Facebook) has managed to figure that out.
Don't want a legitimate account (Score:5, Insightful)
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
I'm a loner and a loser and my credit score is 830. So I don't think your reasoning will hold out.
Re: (Score:2)
You missed the point.
Your credit score being 830 makes you a successful member of society, by definition.
A low credit score is a verdict, you are a looser and a loner, true or not, it doesn't matter, the consequences are the same for you.
Re: (Score:3)
Pretty soon people will correlate creditworthiness etc to the distribution of known friends and their credit scores.That algo will mark you as loner, possibly a loser.
Too late. That ship has sailed.
http://money.cnn.com/2013/08/2... [cnn.com]
http://www.pcworld.com/article... [pcworld.com]
Re: (Score:2)
I suffer from MPD (mutlipe personality disorder) and I want to know which of me is the real one and yes, I'm as serious as a heart attack folks yet Google has never been able to answer this question to my satisfaction.
Google is polite enough not to answer that question. Believe me they already know.
They simply don't want to become the arbiter of your internal problems.
But here's a good solution: Move to the EU, or even South America. MPD(DID) is largely a creation of the North American psychiatric professionals, and is openly scoffed at in other parts of the world. Even the majority of psychiatrists are beginning to doubt the whole thing [muohio.edu].
Should be the first rule of internet safety. (Score:2)
90% of my online accounts are fake, even this one.
That's exactly what all parents should teach kids to do: Don't talk to strangers (whether online or in the real world. And especially don't give them true real-life information. And remember - to your kids, Zuckerberg and the Google kids giving out "free" internet services are just as much strangers as a guy in an unmarked van handing out free candy to kids. I thought that's just basic parenting skills; and one of the first rules anyone teaches kids.
Re: (Score:3)
90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy,
First, let me point out that anyone who has even one facebook account, let alone multiple, is probably staring at an empty barn and marveling at how clean it smells after all the horses have run away.
I too use multiple accounts, but not to preserve my privacy, simply my sanity. Gmail/Hotmail/Yandex are all smart enough to figure out that its all the same person. (Something about the fact that they come from the same IP addresses, I suppose)...
Its not a privacy issue, its a preserve my sanity issue. Last t
Re: (Score:3)
Its not a privacy issue, its a preserve my sanity issue. Last thing I need to do is have my brokerage accounts mixed in with my work accounts and my /. account. I don't really care that each of these companies know I'm the same dude.
But I never allow myself to believe I'm pulling any wool over anyone's eyes.
I think you may have missed the point of the GP a bit. Yes, I agree that his strategies for "privacy" may be a little flawed, depending on how much "privacy" he is actually expecting.
On the other hand, I'm not sure that he's trying to "pull any wool over anyone's eyes." This seems to be a common accusation whenever anyone says they want to have multiple online identities -- it's as if there's something "false" or "lying" or "hypocritical" or "fake" about this. (Zuckerberg, in particular, is on record f
Re: (Score:2)
Actually, no. IP addresses (at least IPv4 ones) are completely useless for detecting this because there are many legitimate reasons why one IP address may log into multiple acconts simultaneously.
The most common reason? Multiple people!
With families on facebook, Ho
Re: (Score:2)
Your examples of a NATed interface may apply for large households, but I don't live in a large household, and even though I have multiple
devices, they ALL still log into the same accounts at the same time. So whether I'm out and about on my Cell phone, (on my carrier's IP) or on a Linux machine in my house, its still the same set of multiple Gmail Accounts connecting in rapid succession.
Rather than obfuscating identities, if anything, there is more than enough information there to allow Google (or any one
Re: (Score:1)
Just use a fake `real name`. These companies have no way of knowing what your real name is. In real life, your real name is whatever you decide it is.
5% of false positive (Score:2)
Re: (Score:2)
I really doubt they're going to send a SWAT team in for an Internet post... hold on, someones at the door.
You see... (Score:3, Informative)
In other news (Score:1)
Microsoft has made it possible to now record 100% of all conversations and store them indefinitely for the nsa
Laugh (Score:1)
Hmmm I seem to recall a complaint that the NSA (and others) couldn't break Skypes' encryption and wanted help.
https://www.schneier.com/blog/... [schneier.com]
It was popular with the crooks.
http://www.theregister.co.uk/2... [theregister.co.uk]
Then an investment group Silver Lake Partners gained controlling interest.
http://en.wikipedia.org/wiki/S... [wikipedia.org] (interesting crew there)
Then no more complaints or request for help by the NSA.
A couple years later Skype was acquired by Microsoft,
http://www.microsoft.com/en-us... [microsoft.com]
It's a fascinating coincidence.
Re: (Score:2)
Nope.
I've often suspected we, the US tax payer indirectly purchased Skype to get it into cooperative hands. EBay couldn't handle the task.
Microsoft played ball. They got Skype for free, a platform they didn't need, haven't a clue what to do with, and haven't improved.
But they did add tracking of meta data by routing all directory services through their servers.
And any call they are interested in, surprise, gets special routing, because Microsoft controls all the directory nodes.
Someday the Edward Snowden of
No, the fraud is Skype itself (Score:2)
Skype charged my credit card $60 a year after I cancelled my phone number. It somehow got un-cancelled. They gave no warning and just charged it, and won't respond to any of my requests for a refund. I've cancelled it again, but who's to say they won't do it again next year? I never agreed to recurring charges. (I never do for any service.)
Re: (Score:2)
Talk to your credit card company?
Re: (Score:2)
The charge just cleared today and I'll be disputing it tomorrow.
What is skype fraud? (Score:5, Insightful)
I've only used skype a few times. What is skype fraud?
My understanding of skype is it's basically a video phone using your general purpose computer.
I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.
What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.
Re: (Score:2)
Even better, you can block all calls from people who are not already on your contact list. And by setting your privacy options appropriately, you can reduce the messages you get asking to be added to your contact list to a handful of spammers a year who explicitly search for you by email or mobile phone number. Apparently not enough people do this.
Re: (Score:3)
I also don't get what this fraud is. People robbing other people's Skype credit?
Slashdot editors are supposed to fill in such details, isn't it?
Re: (Score:2)
I've only used skype a few times. What is skype fraud?
My understanding of skype is it's basically a video phone using your general purpose computer.
I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.
What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.
I imagine by fraud it's what happened to my wife over a hotmail account that looked just her yahoo account. Someone phished details about us, created a hotmail account with the same userid, broke into the yahoo account, stole and imported the contact list to hotmail and then erased the list in yahoo, then using the hotmail fraud account, sent out a bunch of spam asking for money to my wife's contacts and colleagues (saying we were stuck in Mexico or something). The letter was very well done, including the
The collaterial cost of wadging unwinnable wars (Score:2)
Yep, I'm sure everyone who a machine deems to be undesirable is just going to sit quietly on the sidelines and take no further action like any self respecting fraudster/scammer/spammer always does.
Unless algorithms are smarter than humans and you have a monopoly on such algorithms expect humans to adopt and continue with their bullshit only now they will be much harder to systematically "classify". All the while during this unwinnable evolution of war real people continue to be flagged and collateral dama
Skype Email (Score:1)
Fixed it by breaking Skype (Score:1)
I've seen a bunch of reports that Skype is asploding ten minutes into a call since the last update. Perhaps they fixed the problem of fraud by making it impossible to successfully complete a call. It's the Microsoft way!