Categories
Tech

Account hijackers

If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.

Google described their efforts to minimize harm to users due to email account hijacking:

“Our security team…saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to…detect whether a log-in is legitimate, beyond just a password.”

Less than 1% of spam emails make it into a Gmail inbox.

The number of compromised accounts decreased by 99.7% since 2011. That’s impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!

The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.

120 Signals

I suspect that Google’s methods are analogous to those used by the U.S. Department of Health & Human Services’ Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.

How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.

Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.

I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona’s state-administered Medicaid/Medicare program, monitoring program performance and quality of care.

Categories
Tech

Minor mysteries of spam

Information overload has been one of my recent concerns. Spam certainly exacerbates the situation! I am spared the worst of spam, due to the minimal traffic on my websites, although I was treated to a glut of spam from around the world immediately after I posted that skateboard video a few months ago.

Categories
Tech

Spam Expands In Space-Time

As data usage expands into new dimensions, from 2-D print to the internet and now geolocation, spam will tag along.

Foursquare is offering an essentially useless promotion, a Starbucks frappuccino special that is taking on a distinctly spam like aspect: It’s a low-value offer available only to a tiny number of people.

Tod Maffin noted that the ubiquity of Starbucks, with the chain’s next-to-worthless Foursquare offer, poses a serious challenge to the app’s usefulness. It is location spam, LBS spam or “Something You Aren’t Interested in Nearby!”

There are more Starbucks in this city than stop lights. One intersection even has two Starbucks! That means that pretty much any time you use Foursquare in Vancouver, you’re going to get an offer from Starbucks.

Problem is, the Starbucks offer is lousy. It’s only for the person who has checked in the most — and even then, it’s a cheap offer: $1 off a limited number of their cold beverages.

Negative benefits

Apparently the law of diminishing returns from too much advertising can move on to a second phase of dis-utility, which actually drives customers away. This is an even worse outcome than not advertising at all!

Forrester gives the concept some in-depth coverage: Foursquare Advertising Getting Less Interesting.