Showing results for 
Show  only  | Search instead for 
Did you mean: 

Best practices to avoid scammers on large customer support boards?

I'm curious if there are any best-practices that can be followed to avoid customers being targeted by scammers in communities facilitated by Lithium. For example, one major technology company uses Lithium for their customer support forums. They allow brand-new accounts to send private messages to other customer accounts. Those PMs then arrive in the customer's email looking very much like legitimate correspondence from the company. Scammers are using this to send fraudulent phone numbers, where they pretend to be support. They then charge the customer for fake support contracts or fool them into installing malware. Their forum shows several instances of people who've fallen for it. 


To get the ball rolling, I would suggest that brand new accounts (or likely any user account) shouldn't be able to send a private message. It's more dangerous than it's worth. 


What other changes could be made to limit the ability of scammers to pray upon users? Is there a list somewhere?

7 Replies 7

Great topic.

I know we have had issues in our English forum with exactly the same asyou described. What we did was float an alert text in the PM inbox for users warning them for scammers and how to identify them.
I think your idea is good too and can be achieved already by denying the Permission to use private messaging for new users. But this may pose a challenge when legit users need to have a conversation with a moderator or support representative. Would love to see others share their feedback. good discussion!

Happy Sunday!
Learning from others and helping where I can!
Community Passionista!

DON'T TRUST WHAT YOU SEE BELOW, WE MIGHT HAVE LED A CROOK RIGHT TO YOU isn't a great message to be sending to a customer, especially at a time when they're looking to address a problem. We wouldn't put wording like that in ad copy or other customer facing material. 


It would be fascinating to see some data on larger boards on the usage of private messages. How many messages are actually useful in solving the customer's problem (and restoring feelings towards the company) vs how many are: scams, negative voices ("Good luck getting that fixed! What a stupid question! Send me your picture!"), or incorrect answers that leave the customer further confused. I'd think all of these things would be better addressed in the open. 


For companies that still decide PMs are worth it, are there any tools in the works (or available now) for applying machine learning to Private Messages and routing messages that score as scams or abusive to a moderator?



Well, I was just sharing our approach to this, which works well enough in our case. We have chosen our wording carefully so users can identify a potentially scammer better. We know some fake companies/employees pretend to offer support as it came from us, this has been a common practice especially in the US.


I am sure there are many other ways to go about this and surely better as well. I guess he type of solution here also depends on your industry and the severity and consequences of such a scammer. 


Good luck on your investigation


Learning from others and helping where I can!
Community Passionista!

We block PMs for new users until they attain a certain rank, which requires several public actions. This is done via a role that our support team will remove if they are going to ask a customer to send a PM.

Our rank system also highlights new users as they start as Just Registered and, again, must participate several times to get an actual rank (we use level ranks). So it is really clear who is a new user.

@bentwookie - Along with what @Wendy_S and @DanK mentioned, it is not always a great idea to have your newly registered users (some of which could be spammers) send the PM to other users. However, since a lot of genuine users want to send the PM to the mods, how about restricting them to sending a PM to only selected people, i.e. the mods until they reach a certain rank? That way, you won't have to worry about putting a note on the PM page and the genuine users won't have any issues to get what they are looking for.

Varun : Weaving magic with Khoros!

Recent Ideas: Advanced Private Messages | Rewarding Module | Badges for Threads

All great points. Seems like big chunks of the problem could be mitigated, though no doubt the problem is always changing. 


For as many messages I'm sure Lithium powered boards process, it sure seems like a nice machine learning problem. 


Hi @bentwookie


We do our best to signpost which members are staff and which aren't - from the rank, the rank icon, the colour of their name, and even a page showing off who is who and what they do - and all staff private messages have this link in their signature:


But we have the opposite problem, where from time to time people ask our moderators to confirm that a member of staff is a member of staff! 


We see those fake tech support numbers from time-time. Best to just ban them when they come up. In the UK the free phone prefix is 0800 - so we see O8OO pop-up a lot. Add to a PM Content Filter and disallow the message from being sent. 


Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.