I'm curious if there are any best-practices that can be followed to avoid customers being targeted by scammers in communities facilitated by Lithium. For example, one major technology company uses Lithium for their customer support forums. They allow brand-new accounts to send private messages to other customer accounts. Those PMs then arrive in the customer's email looking very much like legitimate correspondence from the company. Scammers are using this to send fraudulent phone numbers, where they pretend to be support. They then charge the customer for fake support contracts or fool them into installing malware. Their forum shows several instances of people who've fallen for it.
To get the ball rolling, I would suggest that brand new accounts (or likely any user account) shouldn't be able to send a private message. It's more dangerous than it's worth.
What other changes could be made to limit the ability of scammers to pray upon users? Is there a list somewhere?
DON'T TRUST WHAT YOU SEE BELOW, WE MIGHT HAVE LED A CROOK RIGHT TO YOU isn't a great message to be sending to a customer, especially at a time when they're looking to address a problem. We wouldn't put wording like that in ad copy or other customer facing material.
It would be fascinating to see some data on larger boards on the usage of private messages. How many messages are actually useful in solving the customer's problem (and restoring feelings towards the company) vs how many are: scams, negative voices ("Good luck getting that fixed! What a stupid question! Send me your picture!"), or incorrect answers that leave the customer further confused. I'd think all of these things would be better addressed in the open.
For companies that still decide PMs are worth it, are there any tools in the works (or available now) for applying machine learning to Private Messages and routing messages that score as scams or abusive to a moderator?
Well, I was just sharing our approach to this, which works well enough in our case. We have chosen our wording carefully so users can identify a potentially scammer better. We know some fake companies/employees pretend to offer support as it came from us, this has been a common practice especially in the US.
I am sure there are many other ways to go about this and surely better as well. I guess he type of solution here also depends on your industry and the severity and consequences of such a scammer.
Good luck on your investigation
@bentwookie - Along with what @Wendy_S and @DanK mentioned, it is not always a great idea to have your newly registered users (some of which could be spammers) send the PM to other users. However, since a lot of genuine users want to send the PM to the mods, how about restricting them to sending a PM to only selected people, i.e. the mods until they reach a certain rank? That way, you won't have to worry about putting a note on the PM page and the genuine users won't have any issues to get what they are looking for.
All great points. Seems like big chunks of the problem could be mitigated, though no doubt the problem is always changing.
For as many messages I'm sure Lithium powered boards process, it sure seems like a nice machine learning problem.
We do our best to signpost which members are staff and which aren't - from the rank, the rank icon, the colour of their name, and even a page showing off who is who and what they do - and all staff private messages have this link in their signature:
But we have the opposite problem, where from time to time people ask our moderators to confirm that a member of staff is a member of staff!
We see those fake tech support numbers from time-time. Best to just ban them when they come up. In the UK the free phone prefix is 0800 - so we see O8OO pop-up a lot. Add to a PM Content Filter and disallow the message from being sent.
Welcome to the Technology board!Curious about our platform? Looking to connect on social technology? You've come to the right place!