Microsoft Researchers Slash Skype Fraud By 68%

mask.of.sanity writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform. The research (PDF) combined information from diverse sources including a user's profile, activities, and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection. The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate."

Arms Race Tips Toward Skype

[ScottCooperDotNet]

So the arms race may be tilted in favor of Skype for now, but in 6 months we'll have an article "Fake profiles up 200% on Skype".

Re:Arms Race Tips Toward Skype

absolutely not. 5% false positive is terrible, and will create a lot of negative feelings for the platform.
imagine a teacher trying to use skype with a class of 20 or more. it would be very rare if someone
didn't get falsely flagged as a bot.

That's nice.

[pushing-robot]

So let me get this straight...

Your new filter works better than today's filter...against today's spam

But today's spam is designed to circumvent today's filter, and spammers will change their techniques as soon as you switch to the new filter.

This is the classic Antivirus problem, where new and unusual AV programs get great ratings until they become popular and virus developers start coding with them in mind.

And now you've also published how your new filter works, to make it even easier for spammers to circumvent your new filter. Great.

BAD MATH!

[CapOblivious2010]

Improving detection by 68% != Reducing fraud by 68%

Imagine that previous methods caught 10% of the fraudulent accounts. New tech improves that to 16.8%. It's a 68% improvement in the fraud detection rate, but only a 6.8% "slashing" of the fraudulent accounts.

(And 5% false positives is pretty horrific)

Re:BAD MATH!

[Baloroth]

TFS (and TFA, actually) are poorly phrased: the actual research article (the linked PDF) specifies (and I quote):

The aim of our work is to go beyond the present, sophis-ticated defenses, and to detect "stealthy" fraudulent users, namely, those that manage to fool those defenses for a relatively long period of time. Our concrete objective is to catch these stealthy fraudulent users within the first 4 months of activity. Our results indicate that, with our methods, we are able to detect 68% of these users with a 5% false positive rate; and we are able to reduce by 2:3 times the number of these users active for over 10 months.

So they didn't increase their detection rate by 68%, they increased it to 68%. And 5% false positive is pretty good: 95% confidence interval is standard in scientific research (outside things like physics which is able to achieve much much higher confidence by means of vastly larger data sets), which means a 5% false positive is exactly what you'd expect with proper scientific methodology ( based on a quick scan that seems to be exactly what they were aiming for). And of course higher false positive is actually better in the case of fraud detection than lower detection rate (since little is harmed by a false positive, while false negatives can directly result in people losing money).

Re:More Evil From Microsloth

[CohibaVancouver]

You forgot to write "Micro$oft."

Don't want a legitimate account

[Jack+Griffin]

90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy, I have multiple hotmail, gmail and Facebook accounts specifically for this purpose. Sure the NSA types might see through this, but the average marketing agency won't. In real life, you can separate your worlds. My wife's circle of friends know me, but they don't know my friends, same goes for work 'mates', extended family etc. I have the power to keep things separate. It seems this choice is being slowly removed in online life as every web service demands you use your real name. Who wants to live in a world where everyone knows everything? We need a right to anonymity online.

Re:Don't want a legitimate account

[Jack+Griffin]

I'm fine with that, I have enough money/credit for my lifetime, I'm just wondering if our children will have the same luxury?

Re:Don't want a legitimate account

[icebike]

90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy,

First, let me point out that anyone who has even one facebook account, let alone multiple, is probably staring at an empty barn and marveling at how clean it smells after all the horses have run away.

I too use multiple accounts, but not to preserve my privacy, simply my sanity. Gmail/Hotmail/Yandex are all smart enough to figure out that its all the same person. (Something about the fact that they come from the same IP addresses, I suppose)...

Its not a privacy issue, its a preserve my sanity issue. Last thing I need to do is have my brokerage accounts mixed in with my work accounts and my /. account. I don't really care that each of these companies know I'm the same dude.

But I never allow myself to believe I'm pulling any wool over anyone's eyes.

Re:Don't want a legitimate account

[icebike]

Pretty soon people will correlate creditworthiness etc to the distribution of known friends and their credit scores.That algo will mark you as loner, possibly a loser.

Too late. That ship has sailed.

http://money.cnn.com/2013/08/2...
http://www.pcworld.com/article...

Re:Don't want a legitimate account

[AthanasiusKircher]

Its not a privacy issue, its a preserve my sanity issue. Last thing I need to do is have my brokerage accounts mixed in with my work accounts and my /. account. I don't really care that each of these companies know I'm the same dude.

But I never allow myself to believe I'm pulling any wool over anyone's eyes.

I think you may have missed the point of the GP a bit. Yes, I agree that his strategies for "privacy" may be a little flawed, depending on how much "privacy" he is actually expecting.

On the other hand, I'm not sure that he's trying to "pull any wool over anyone's eyes." This seems to be a common accusation whenever anyone says they want to have multiple online identities -- it's as if there's something "false" or "lying" or "hypocritical" or "fake" about this. (Zuckerberg, in particular, is on record for saying that people who want multiple online identities have some sort of fundamental "lack of integrity.")

But, come on. In real life, people always have "multiple identities." They talk differently to their kids than they do to the people at work. And they say different things to the guys at the bar than they do to the old ladies at church. There is nothing hypocritical or dishonest about this -- it just reflects different social conventions for different circumstances.

It makes sense to try to replicate this experience in an online environment, but many companies like Facebook and Google and others are making it increasingly difficult. I talk to people all the time who complain about how their boss friended them on Facebook or something, and now they have to be increasingly careful about what they say. It's not like they want to actually "hide" anything from their boss -- but being under constant surveillance by someone from work means that misunderstandings can happen or things could be misinterpreted... so it makes people nervous. This trend also sees to be leading teens away from Facebook, since they don't want their parents seeing what they do. (And yes, there are ways to manage posts and things so they aren't visible to everyone, but when you have the number of "multiple identities" to different people that a normal person does in real life, it can be unwieldy.)

Anyhow, the point is that keeping different parts of your life separate IS a "privacy issue." This is NOT about having secure walls around your private data -- just about keeping things reasonably separate, so your work and your home and your social life don't all necessarily have to blend into one thing. Or so you can have a "professional online presence," but also a place where you are slightly less formal. Some people may like having only one online identity; others may find it more convenient to have more than one. (Some actually find it necessary for their safety.)

Re:Lovely

[rmdingler]

Don't fall for it. Growing up is a Pyrrhic Victory.

You see...

[Chompjil]

Hangouts is doing wonders for me now so I dont mind if my skype account is shut down

Re:Lovely

[GumphMaster]

Youth, as they say, is wasted on the young.

What is skype fraud?

[mcmonkey]

I've only used skype a few times. What is skype fraud?

My understanding of skype is it's basically a video phone using your general purpose computer.

I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.

What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.

Re:What is skype fraud?

[tgv]

I also don't get what this fraud is. People robbing other people's Skype credit?

Slashdot editors are supposed to fill in such details, isn't it?

Re:Aha, coming soon: slash user base by 68%

[icebike]

* Stolen money from the accounts (you didnt use it before expiration)
* Centralize the traffic (no more P2P)
* Screwed client for Linux
* Removed "Now Llstening to..." status ...Go go Power Rangers, this year will be the year of Jabber on the desktop

Its not clear just what Microsoft did with the traffic.
Their page still insists they are using P2P for traffic but a centralized directory. I don't know how much I believe that.

The centralized directory is probably forced on them for CALEA compliance, so that the NSA can track who calls who.
The Business Case for Microsoft to buy Skype never made any sense at all, and especially not at the price they paid. I suspect the NSA paid the entire bill to get Skype into someone's hands that could impose a level of tracking on it that met their needs. They had to get it out of Ebay's hand, because they were incompetent. Microsoft was the only company willing to play ball, add the tracking, preserve an appearance of security and fake encryption, and in return for doing that, they get a platform for free, bought by government funds, washed through Microsoft's opaque accounting.

There still exist Skype clients for Linux, but I don't know a single self respecting knowledgeable Linux user who would put that crap on their machine.

But seriously, Now Listening to? Do you really think anyone cares what you are listening to?
Once you get past your Narcissism, you'll get over scrobbling addiction.

Re:So they mistakenly tell 1:20 people to fuck off

[icebike]

Yeah, I've seen the request for re-authorization pop up after expanding ram too.
The first time, I groaned, because it meant a trip through the closet of despair looking for the original Cert Tag.
And further, I go through this every time I increase the memory on one of my virtual windows machines.

But you know what? Nothing needed entering. It found everything by itself. It was literally a "click through."
Me thinks thou doth protest too much.