{"id":9286,"date":"2017-09-14T20:56:52","date_gmt":"2017-09-15T04:56:52","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/14\/news-3059\/"},"modified":"2017-09-14T20:56:52","modified_gmt":"2017-09-15T04:56:52","slug":"news-3059","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/09\/14\/news-3059\/","title":{"rendered":"Crowdsourced fraud and kickstarted scams"},"content":{"rendered":"<p><strong>Credit to Author: William Tsing| Date: Thu, 14 Sep 2017 16:00:50 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-19676 size-medium aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/fraud-300x147.png\" alt=\"\" width=\"300\" height=\"147\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/fraud-300x147.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/fraud-600x294.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/fraud.png 1272w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Crowdsourced funding opportunities via Kickstarter, Patreon, and GoFundMe have removed many structural roadblocks for people to access capital quickly and conveniently. But they\u2019ve also lowered the barrier to entry for many very old scams. So how do you tell the difference between a great cause or project to contribute to and a digital confidence scam? What\u2019s outright fraudulent, and what\u2019s just a company with poor organizational skills? Let us take a look at pitfalls on two crowdfunding platforms.<\/p>\n<h3>GoFundMe<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-19674 size-medium alignleft\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_653360188-300x200.jpg\" alt=\"\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_653360188-300x200.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_653360188.jpg 500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><em>Gofundme.com<\/em> primarily serves personal projects and donation pages, or other campaigns that otherwise don\u2019t fit the more common commercial model found on Kickstarter. Funding requests cover a wide range of needs, from community sports groups to disaster relief, to education and medical care (for US users). It sounds like a great use of crowdfunding, but when it comes to fraud, things start to get a little iffy. Here\u2019s what GoFundMe\u2019s terms of service (ToS) have to say about its giving campaigns.<\/p>\n<blockquote>\n<p><em>GoFundMe has no control over the conduct of, or any information provided by, a Campaign Organizer or a Charity, and GoFundMe hereby disclaims all liability in this regard to the fullest extent permitted by applicable law.<\/em><\/p>\n<\/blockquote>\n<p>So as far as they\u2019re concerned, buyer beware. But as a platform, they do have some minimal obligations, as well as some additional rules to not run afoul of some onerous regulations. To summarize their ToS, here\u2019s what you can&#8217;t raise money for:<\/p>\n<ul>\n<li>Drugs<\/li>\n<li>Weapons<\/li>\n<li>Any financial product<\/li>\n<li>Gambling<\/li>\n<li>Hate speech<\/li>\n<li>Porn<\/li>\n<li>Legal defense<\/li>\n<li>Fraud<\/li>\n<\/ul>\n<p>But wait a minute \u2013 how can fraud be on the list if they say they won\u2019t vet campaigns? Because these categories largely are about liability and are included to absolve the platform of after-the-fact responsibility. The first four categories can place GoFundMe under regulatory scrutiny, however, and are most likely patrolled by counter-fraud algorithms. If you\u2019d like to know what GoFundMe considers fraud, you can go to their page on the subject, which oddly does not say anything on the matter. They do have a fraud report form, but it requires proof of intentional deception on the part of the organizer. You can go to <em>gofraudme.com<\/em> for examples of how difficult that is.<\/p>\n<h3>Kickstarter<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-19673 size-medium alignleft\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_562076299-300x274.jpg\" alt=\"\" width=\"300\" height=\"274\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_562076299-300x274.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_562076299-600x547.jpg 600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Kickstarter does a little bit better regarding fraud, requiring that the creators have an actual production plan and prototype to show backers, and <a href=\"https:\/\/www.kickstarter.com\/rules\/prohibited?ref=rules\" target=\"_blank\" rel=\"noopener\">prohibits an extensive list<\/a> of backer rewards. Most important is the <a href=\"https:\/\/www.kickstarter.com\/help\/faq\/creator+questions#faq_41823\" target=\"_blank\" rel=\"noopener\">list of creator requirements<\/a>, in particular:<\/p>\n<blockquote>\n<p><em>You [must] have an address, bank account, and government-issued ID based in the country that you&#8217;re creating a project in.**<\/em><\/p>\n<\/blockquote>\n<p>This single requirement raises the barrier to entry for most scammers and gives Kickstarter tools to track and permanently deal with scams that make it into the platform. Further, they claim to vet projects to make sure they meet with company guidelines before they go live. This is great for the vast majority of online scams that are blatantly fraudulent. Their track record on projects whose vetting require domain expertise is considerably worse.<\/p>\n<p><a href=\"https:\/\/securitysnakeoil.org\" target=\"_blank\" rel=\"noopener\">SecuritySnakeOil.Org<\/a>\u00a0 is a site devoted to scammy information security projects on Kickstarter. Most of the projects on review combine open source hardware or software, expansive marketing claims, and entry level security flaws. From &#8220;unhackable&#8221; routers made from a Raspberry Pi running a years old build of Debian, to products that advertise &#8220;A custom operative system (OS) to avoid hacking&#8221;,<em>\u00a0<\/em>what most of these share is an inability to vet them properly with a lack of domain expertise. That is, if you don&#8217;t know anything about the field, you would have difficulty evaluating their marketing claims, and the project creators don&#8217;t do a lot to help.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-19675 size-medium aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/armortap-300x197.png\" alt=\"\" width=\"300\" height=\"197\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/armortap-300x197.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/armortap-600x394.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/armortap.png 1340w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Even more legitimate projects, such as\u00a0<a href=\"https:\/\/www.kickstarter.com\/projects\/1867980701\/armortap-make-any-internet-connection-private-and\/description\" target=\"_blank\" rel=\"noopener\">this<\/a> Wi-Fi router with a built in VPN that blocks ads at the perimeter (Neat!), provides no details about any specific technology used in the product. So without adequate, accessible information on what you&#8217;re backing, how can you possibly make a safe choice?<\/p>\n<h3>What to do about it<\/h3>\n<p>Both GoFundMe and Kickstarter offer organizers the ability to link their Facebook account to their pitch. For GoFundMe, this allows you to see if the organizer is, in fact, someone connected to the cause and in a reasonable position to get the funds to the right place. For Kickstarter, Facebook can provide a name to look up an organizer\u2019s employment history (or lack thereof.) But a better question to ask for a project involving an actual product would be this: Are the owner\u2019s claims physically possible?<\/p>\n<p>And lastly, the question that has protected people from fraud for time immemorial: <em><strong>Is this too good to be true?<\/strong><\/em><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/crowdsourced-fraud-kickstarted-scams\/\">Crowdsourced fraud and kickstarted scams<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/crowdsourced-fraud-kickstarted-scams\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: William Tsing| Date: Thu, 14 Sep 2017 16:00:50 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/crowdsourced-fraud-kickstarted-scams\/' title='Crowdsourced fraud and kickstarted scams'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/09\/shutterstock_516590809.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Crowdsourced funding opportunities via Kickstarter, Patreon, and GoFundMe have removed many structural roadblocks for people to access capital quickly and conveniently. But they\u2019ve also lowered the barrier to entry for many very old scams. So how do you tell the difference between a great cause or project to contribute to and a digital confidence scam? Let us take a look at pitfalls on two crowdfunding platforms.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/\" rel=\"category tag\">Cybercrime<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/social-engineering-cybercrime\/\" rel=\"category tag\">Social engineering<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/419\/\" rel=\"tag\">419<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/crowdsourcing\/\" rel=\"tag\">crowdsourcing<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/donation-scam\/\" rel=\"tag\">donation scam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fraud\/\" rel=\"tag\">fraud<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/gofundme\/\" rel=\"tag\">GoFundMe<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/kickstarter\/\" rel=\"tag\">Kickstarter<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/patreon\/\" rel=\"tag\">Patreon<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/scam\/\" rel=\"tag\">scam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/tos\/\" rel=\"tag\">ToS<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/crowdsourced-fraud-kickstarted-scams\/' title='Crowdsourced fraud and kickstarted scams'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/09\/crowdsourced-fraud-kickstarted-scams\/\">Crowdsourced fraud and kickstarted scams<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10593,11881,4503,14748,9751,14749,14117,14750,3985,10510,11320],"class_list":["post-9286","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-10593","tag-crowdsourcing","tag-cybercrime","tag-donation-scam","tag-fraud","tag-gofundme","tag-kickstarter","tag-patreon","tag-scam","tag-social-engineering","tag-tos"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9286"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9286\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}