#33 - My stolen identity is cheating on my wife

I woke up registered on an online dating app.

It was kinda odd, as I didn’t remember doing it.

Not to mention I’ve been in a happy relationship of 13 years now.

“Did you sign me up for a dating app as some kind of a joke?”, I asked my better half.

The passive-aggressive stare I got back told me it was a mistake.

So I took a closer look.

Someone definitely used my email to sign up for “Coffee Meets Bagel” under my name. Wait, are they using my pictures as well?

I tried downloading the app–immediately notifying my partner, obviously–to see if I can access the account.

But weirdly, logins aren’t even connected to emails. You could either log in with Facebook or directly with a mobile number.

This got me anxious: Is there someone impersonating me who’s in the process of scamming people right now? What if I get blamed for it?

I didn’t really know what to do. I tried contacting the customer support via email, but got a generic auto-reply.

A day later I got an email that “my account” was frozen. But the scammers already opened a new one with the same details.

Here’s how it looked in my inbox:

It was pretty surreal watching my identity being stolen just in front of my eyes without being able to do much.

By sheer chance, in the very same week I got to meet the team behind ​Musubi​. A team of experts in the space that recently launched their AI moderating product for dating apps and other digital services.

They weren’t surprised. “This happens all the time”, they told me.

I’ve shown ​Alice Goguen Hunsberger​ the screenshot above and this is what she had to say about the fraud topology:

Looking at this, it definitely seems like:

- At least 3 accounts were created with your email

- 2 of those 3 were suspended, yet they were able to create another account with the same email right away

- Weirdly it looks like at the end, even after 2 were frozen, you were still getting 2 of every email, so it's possible that one was frozen and then unfrozen in addition to the one that was never frozen. Not a good look, especially if the third account remained frozen and all were under the same email.

- They didn't get back to you same-day which left time for another account to be created (yet again)

This was my impression as well. Especially surprising was the fact that multiple accounts can exist with the same email.

And even more so, as Alice mentioned, while some of them are frozen!

You gotta ask yourself, if the same email was used, what other assets were linking all accounts? I could imagine that device and phone numbers were also the same, at the very least.

Speaking of which, it’s not even clear why the scammers chose to use my email. They weren’t required to go through any email verification, so why bother?

The only thing I can think of is to use an account with proven history to bypass any risk checks at signup.

In any case, here are some best practices Alice shared with me, with which I totally agree:

A few learnings / best practices I'd pull from this:

- If an account is frozen, all metadata linked to the account should also be frozen, such as email, IP address, device ID, phone number, etc.

- Customer support tickets should feed into moderation systems so emails like yours are prioritized and looked at quickly.

- Email verification!

- Don't allow two accounts at the same time with the same email address.

What’s the big deal?

Okay, yeah, it’s a cool story: a fraud expert whose identity got stolen. But this is linkedin post material, not newsletter material.

And still, why did I choose to dedicate a TSFS issue to discussing it?

Because what starts as identity theft on a dating site, usually turns very quickly to romance scams and then to APP fraud.

And who’s bearing the damages? The victims and FIs/Fintechs.

Thing is, while these scams originate on dating sites, we see how poorly most of them are equipped with detecting and properly stopping them.

That’s not a surprise given they are not exposed to any damages or scrutiny.

Will that change any time soon?

From what we’ve seen so far, it’s hard to imagine. But what I think is possible, is to exploit the collaborative potential that hides here.

Think about it - what have we actually seen here? It appears that upstream in the scam journey, fraudsters are acting carelessly.

Imagine how much data we can gather about both fraudsters and victims in such cases. What if we could expose it downstream to block monetization attempts?

The challenge here, as always, is to foster collaborations that don’t seem trivial at first sight.

In fact, last year we saw a ​huge announcement​ from Facebook, Match.com, Coinbase, and others about launching an anti-scam alliance exactly for this reason.

(What happened outside the PR story is still unclear).

In that regard, we often talk about the convergence of the Fraud and Cybersecurity spaces. But what about Fraud and Trust & Safety?

Except for a few organizations, these teams usually don’t find themselves collaborating much, if they even exist both in the same business.

But maybe it’s time to explore such initiatives more seriously with the rise of romance scams, pig butchering schemes, and other forms of APP Fraud.

Am I being too optimistic here? Probably…

I just wish my identity wasn’t out there doing who knows what.

Have questions or feedback? Reply to this email, I read all messages.

In the meantime, that’s all for this week.

See you next Saturday.

P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:

Free Discovery Call - Unsure where to start or have a specific need? Schedule a 15-min call with me to assess if and how I can be of value.
​Schedule a Discovery Call Now »​

Consultation Call - Need expert advice on fraud? Meet with me for a 1-hour consultation call to gain the clarity you need. Guaranteed.
​Book a Consultation Call Now »​

Fraud Strategy Action Plan - Is your Fintech struggling with balancing fraud prevention and growth? Are you thinking about adding new fraud vendors or even offering your own fraud product? Sign up for this 2-week program to get your tailored, high-ROI fraud strategy action plan so that you know exactly what to do next. ​
Sign-up Now »

Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!