Jordan Reid is the founder and host of the lifestyle site Ramshackle Glam. Two weeks ago she added another title to this list—identity theft victim. It was only through a lucky happenstance that Reid was alerted to the fact that her well-known and highly trafficked site was up for sale by a hacker.
As Reid states in her own post on what happened she’d always heard of identity theft and cyberhacking but her attitude had always been, “It could never happen to me. And even if it did … I didn’t exactly understand why it was such a huge deal.”
Reid quickly, and unfortunately, did discover why this type of theft was not only a “huge deal” but put her entire business and livelihood at risk. A hacker had taken control of her domain name plus all the site content, and could have rerouted everything to a different location.
Reid was able to get her site back, “But only after the involvement of fifty or so employees of six different companies, middle-of-the-night conferences with lawyers, FBI intervention and what amounted to a sting operation … ”
What sticks out the most in her story, is that like most of us might do, she ignored two notifications that could have alerted her to the problem. They were precisely the type of notices that fraud prevention insiders look at as a possible indication of trouble, or at least, would be cause for a closer look.
The first was an unusual email from someone interested in the purchase of her site. The second was a notification from YouTube that someone had accessed her account from a different location—a notification she disregarded—assuming she or her husband had just logged in from someplace accidentally.
The email from YouTube was especially significant. At iovation we consider location discrepancy a possible risk indicator for fraud. Obviously, YouTube also considers this possible risky behavior, which is why the original notice was sent to Reid. This is a great example of why it’s so important for businesses to understand what normal behavior and usage looks like for their account-holders. One of the factors iovation’s device reputation technology assesses for fraud risk is the number of allowed devices, or the location of the device, per account. Reid’s experience illustrates why it’s important to pay attention to uncharacteristic behavior when assessing the risk involved with a transaction. YouTube seems to have some good rules in place that alert their account-holders of activity that could be an indication of fraud.
You can read about the entire process Reid went through to get her site back on Ramshackle Glam. It’s a very good reminder to pay attention to notifications that many people have come to think of as spam but are indications of a possible fraud trouble. It also illustrates why businesses need to have fraud prevention tools in place to protect their accountholders. In the end, the heroes of this story are Reid herself and the FBI.