Forgot your password?
typodupeerror
AI

Microsoft Researchers Slash Skype Fraud By 68% 114

Posted by Unknown Lamer
from the fraudsters-respond-with-fraud-bots dept.
mask.of.sanity writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform. The research (PDF) combined information from diverse sources including a user's profile, activities, and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection. The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate."
This discussion has been archived. No new comments can be posted.

Microsoft Researchers Slash Skype Fraud By 68%

Comments Filter:
  • by ScottCooperDotNet (929575) on Monday January 20, 2014 @09:07PM (#46020021)

    So the arms race may be tilted in favor of Skype for now, but in 6 months we'll have an article "Fake profiles up 200% on Skype".

    • by Anonymous Coward

      Not if the boffins have anything to say about it. Don't mess with the muthafukin boffins yo!

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
      imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
      didn't get falsely flagged as a bot.

      • by Wycliffe (116160)

        absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
        imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
        didn't get falsely flagged as a bot.

        That's assuming they are evenly distributed. My guess is that they are using usage patterns away from the norm so
        a classroom would be fine while a tech user who is using skype for some atypical use might have a 50% chance of
        getting zapped. This is unfortunately the way it is. Noone cares about the outliers unless there is money in it.
        Walmart sells to the 80%. if you are trying to buy swimsuits in august good luck, it might be prime swimming season
        but 80% of people have already bought swimsuits so walmart

      • absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
        imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
        didn't get falsely flagged as a bot.

        If we are to abstain from the use of any detection technology that has false positives we'd never use any of them at all since every detection technology has false positives and just for the record 5% is pretty good for any algorithm trying to detect complex patterns in large amounts of data. The effect that this will likely have is that Skype will hand much of the fraud detection over to the automated tools so that the case workers assigned to the fraud division can concentrate more on investigating indivi

  • by Anonymous Coward

    The headline implies that the fraud has already been slashed.

    But the story says it's just a research project where they were looking into techniques to combat fraud.

    No fraud has been slashed yet.

  • That's nice. (Score:5, Informative)

    by pushing-robot (1037830) on Monday January 20, 2014 @09:27PM (#46020171)

    So let me get this straight...

    Your new filter works better than today's filter...against today's spam

    But today's spam is designed to circumvent today's filter, and spammers will change their techniques as soon as you switch to the new filter.

    This is the classic Antivirus problem, where new and unusual AV programs get great ratings until they become popular and virus developers start coding with them in mind.

    And now you've also published how your new filter works, to make it even easier for spammers to circumvent your new filter. Great.

  • BAD MATH! (Score:5, Insightful)

    by CapOblivious2010 (1731402) on Monday January 20, 2014 @09:31PM (#46020207)
    Improving detection by 68% != Reducing fraud by 68%

    Imagine that previous methods caught 10% of the fraudulent accounts. New tech improves that to 16.8%. It's a 68% improvement in the fraud detection rate, but only a 6.8% "slashing" of the fraudulent accounts.

    (And 5% false positives is pretty horrific)
    • Re:BAD MATH! (Score:4, Informative)

      by Baloroth (2370816) on Monday January 20, 2014 @10:23PM (#46020577)

      TFS (and TFA, actually) are poorly phrased: the actual research article (the linked PDF) specifies (and I quote):

      The aim of our work is to go beyond the present, sophis-ticated defenses, and to detect "stealthy" fraudulent users, namely, those that manage to fool those defenses for a relatively long period of time. Our concrete objective is to catch these stealthy fraudulent users within the first 4 months of activity. Our results indicate that, with our methods, we are able to detect 68% of these users with a 5% false positive rate; and we are able to reduce by 2:3 times the number of these users active for over 10 months.

      So they didn't increase their detection rate by 68%, they increased it to 68%. And 5% false positive is pretty good: 95% confidence interval is standard in scientific research (outside things like physics which is able to achieve much much higher confidence by means of vastly larger data sets), which means a 5% false positive is exactly what you'd expect with proper scientific methodology ( based on a quick scan that seems to be exactly what they were aiming for). And of course higher false positive is actually better in the case of fraud detection than lower detection rate (since little is harmed by a false positive, while false negatives can directly result in people losing money).

      • by Anonymous Coward

        5% false positive rate is horrible unless you assume there they are a sizable percentage of the total number of accounts.

        With a 32% false negative rate, if there are more than ~13X more real accounts than fraudulent accounts, you'll ban more legitimate people than fraudulent accounts.

      • by Sockatume (732728)

        A 5% false positive rate is far too high for any broad screening application. For example if 5% of all Skype accounts are scam accounts, then when you lump those in with the 5% false positives, you're no more likely than chance to correctly label someone as a scammer.

      • I do not think that you are using CI correctly. The paper does not make any use of it either. CI and false positive rates are not connected. You could have a 95% CI for false positives, for example: CI(P(positive|false)))= 0.1 - 0.2. That means that 95% of all parameters, centered around the observed value, that can create the observed sample are within that interval. Also if you are using a 95% or 99% CI is an a priori decision not dependent on sample size or model accuracy.
  • Hopefully their research concluded that they should validate email addresses. I have about a dozen Skype accounts (though I never use the service) because of fraudulent account sign ups. The simple act of validating email addresses prior to issuing an account would fix this. Hell, even a product targeted at the lowest common denominator (Facebook) has managed to figure that out.

  • by Jack Griffin (3459907) on Monday January 20, 2014 @09:41PM (#46020297)
    90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy, I have multiple hotmail, gmail and Facebook accounts specifically for this purpose. Sure the NSA types might see through this, but the average marketing agency won't. In real life, you can separate your worlds. My wife's circle of friends know me, but they don't know my friends, same goes for work 'mates', extended family etc. I have the power to keep things separate. It seems this choice is being slowly removed in online life as every web service demands you use your real name. Who wants to live in a world where everyone knows everything? We need a right to anonymity online.
    • Re: (Score:2, Interesting)

      Pretty soon people will correlate creditworthiness etc to the distribution of known friends and their credit scores.That algo will mark you as loner, possibly a loser.
      • I'm fine with that, I have enough money/credit for my lifetime, I'm just wondering if our children will have the same luxury?
      • I'm a loner and a loser and my credit score is 830. So I don't think your reasoning will hold out.

        • by Meeni (1815694)

          You missed the point.

          Your credit score being 830 makes you a successful member of society, by definition.

          A low credit score is a verdict, you are a looser and a loner, true or not, it doesn't matter, the consequences are the same for you.

      • by icebike (68054)

        Pretty soon people will correlate creditworthiness etc to the distribution of known friends and their credit scores.That algo will mark you as loner, possibly a loser.

        Too late. That ship has sailed.

        http://money.cnn.com/2013/08/2... [cnn.com]
        http://www.pcworld.com/article... [pcworld.com]

    • 90% of my online accounts are fake, even this one.

      That's exactly what all parents should teach kids to do: Don't talk to strangers (whether online or in the real world. And especially don't give them true real-life information. And remember - to your kids, Zuckerberg and the Google kids giving out "free" internet services are just as much strangers as a guy in an unmarked van handing out free candy to kids. I thought that's just basic parenting skills; and one of the first rules anyone teaches kids.

    • by icebike (68054)

      90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy,

      First, let me point out that anyone who has even one facebook account, let alone multiple, is probably staring at an empty barn and marveling at how clean it smells after all the horses have run away.

      I too use multiple accounts, but not to preserve my privacy, simply my sanity. Gmail/Hotmail/Yandex are all smart enough to figure out that its all the same person. (Something about the fact that they come from the same IP addresses, I suppose)...

      Its not a privacy issue, its a preserve my sanity issue. Last t

      • Its not a privacy issue, its a preserve my sanity issue. Last thing I need to do is have my brokerage accounts mixed in with my work accounts and my /. account. I don't really care that each of these companies know I'm the same dude.

        But I never allow myself to believe I'm pulling any wool over anyone's eyes.

        I think you may have missed the point of the GP a bit. Yes, I agree that his strategies for "privacy" may be a little flawed, depending on how much "privacy" he is actually expecting.

        On the other hand, I'm not sure that he's trying to "pull any wool over anyone's eyes." This seems to be a common accusation whenever anyone says they want to have multiple online identities -- it's as if there's something "false" or "lying" or "hypocritical" or "fake" about this. (Zuckerberg, in particular, is on record f

      • by tlhIngan (30335)

        I too use multiple accounts, but not to preserve my privacy, simply my sanity. Gmail/Hotmail/Yandex are all smart enough to figure out that its all the same person. (Something about the fact that they come from the same IP addresses, I suppose)...

        Actually, no. IP addresses (at least IPv4 ones) are completely useless for detecting this because there are many legitimate reasons why one IP address may log into multiple acconts simultaneously.

        The most common reason? Multiple people!

        With families on facebook, Ho

        • by icebike (68054)

          Your examples of a NATed interface may apply for large households, but I don't live in a large household, and even though I have multiple
          devices, they ALL still log into the same accounts at the same time. So whether I'm out and about on my Cell phone, (on my carrier's IP) or on a Linux machine in my house, its still the same set of multiple Gmail Accounts connecting in rapid succession.

          Rather than obfuscating identities, if anything, there is more than enough information there to allow Google (or any one

    • by Threni (635302)

      Just use a fake `real name`. These companies have no way of knowing what your real name is. In real life, your real name is whatever you decide it is.

  • What happens if you get caught in 5% fake positive? An e-mail asking for confirmation or a SWAT RAID?
    • I really doubt they're going to send a SWAT team in for an Internet post... hold on, someones at the door.

  • You see... (Score:3, Informative)

    by Chompjil (2746865) on Monday January 20, 2014 @10:12PM (#46020505)
    Hangouts is doing wonders for me now so I dont mind if my skype account is shut down
  • by Anonymous Coward

    Microsoft has made it possible to now record 100% of all conversations and store them indefinitely for the nsa

  • by koan (80826)

    Hmmm I seem to recall a complaint that the NSA (and others) couldn't break Skypes' encryption and wanted help.

    https://www.schneier.com/blog/... [schneier.com]

    It was popular with the crooks.

    http://www.theregister.co.uk/2... [theregister.co.uk]

    Then an investment group Silver Lake Partners gained controlling interest.

    http://en.wikipedia.org/wiki/S... [wikipedia.org] (interesting crew there)

    Then no more complaints or request for help by the NSA.

    A couple years later Skype was acquired by Microsoft,

    http://www.microsoft.com/en-us... [microsoft.com]

    It's a fascinating coincidence.

    • by icebike (68054)

      Nope.
      I've often suspected we, the US tax payer indirectly purchased Skype to get it into cooperative hands. EBay couldn't handle the task.
      Microsoft played ball. They got Skype for free, a platform they didn't need, haven't a clue what to do with, and haven't improved.
      But they did add tracking of meta data by routing all directory services through their servers.
      And any call they are interested in, surprise, gets special routing, because Microsoft controls all the directory nodes.

      Someday the Edward Snowden of

  • Skype charged my credit card $60 a year after I cancelled my phone number. It somehow got un-cancelled. They gave no warning and just charged it, and won't respond to any of my requests for a refund. I've cancelled it again, but who's to say they won't do it again next year? I never agreed to recurring charges. (I never do for any service.)

  • by mcmonkey (96054) on Monday January 20, 2014 @11:14PM (#46020905) Homepage

    I've only used skype a few times. What is skype fraud?

    My understanding of skype is it's basically a video phone using your general purpose computer.

    I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.

    What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.

    • by jrumney (197329)

      Couldn't I do the same with skype, never answer if I don't know who is calling?

      Even better, you can block all calls from people who are not already on your contact list. And by setting your privacy options appropriately, you can reduce the messages you get asking to be added to your contact list to a handful of spammers a year who explicitly search for you by email or mobile phone number. Apparently not enough people do this.

    • by tgv (254536)

      I also don't get what this fraud is. People robbing other people's Skype credit?

      Slashdot editors are supposed to fill in such details, isn't it?

    • by rsborg (111459)

      I've only used skype a few times. What is skype fraud?

      My understanding of skype is it's basically a video phone using your general purpose computer.

      I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.

      What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.

      I imagine by fraud it's what happened to my wife over a hotmail account that looked just her yahoo account. Someone phished details about us, created a hotmail account with the same userid, broke into the yahoo account, stole and imported the contact list to hotmail and then erased the list in yahoo, then using the hotmail fraud account, sent out a bunch of spam asking for money to my wife's contacts and colleagues (saying we were stuck in Mexico or something). The letter was very well done, including the

  • Yep, I'm sure everyone who a machine deems to be undesirable is just going to sit quietly on the sidelines and take no further action like any self respecting fraudster/scammer/spammer always does.

    Unless algorithms are smarter than humans and you have a monopoly on such algorithms expect humans to adopt and continue with their bullshit only now they will be much harder to systematically "classify". All the while during this unwinnable evolution of war real people continue to be flagged and collateral dama

  • They say this, but someone signed up for Skype on my email account. They just put my email in, (they were Arabic) and for the next 2 weeks I got Skype spam, so I reset this persons account, logged in then I emailed their support, they said sorry, but I asked how they allowed it without verifying it, "just the way it is and it'll probably take 2 weeks for the batch processes to delete your info"
  • I've seen a bunch of reports that Skype is asploding ten minutes into a call since the last update. Perhaps they fixed the problem of fraud by making it impossible to successfully complete a call. It's the Microsoft way!

The only thing cheaper than hardware is talk.

Working...