Fraud Review Processes

Last Updated: October 3, 2024

Overview

This document outlines the processes for handling fraud reviews, including manual reviews and auto-lock situations. All reviews should be conducted following the Authentication and Security documentation guidelines.

Manual Review Process (Tier 2)

When Manual Review is Requested

1. A "Manual Review Requested" email is received
2. Open the Sales Account (SA) and perform an account review as outlined in the Authentication & Security documentation
3. Determine if the account is suspicious or OK

If Account is Suspicious or Uncertain

1. Set Account Verification from the Security Dropdown
2. Mark the "UnderReview" radio button and leave "Reasonable Person" notes
3. If a circle back is needed:
   • Do not send info on these fraud subject tickets to user
   • Place the ticket in T2 on hold for 7 days for a second manual review
   • Use your "Reasonable Person" gauge to determine if the account is OK, needs more time, or is confirmed fraud that requires closing

If Account is OK

• Set Manual Review as Verified
• Leave a note stating the account looks OK
• No circle back ticket needed

Auto Lock Process (Tier 2)

When User is Auto-Locked

1. A "USER LOCKED - Spam Check Failed" email is received
2. Open SA and perform an account review as outlined in the Authentication & Security documentation
3. Determine if the account is suspicious or OK

If Suspicious

• Set Account Verification from Security Dropdown
• Document findings appropriately

Common Fraud Indicators

Red Flags to Watch For

• All caps for name - Often suspicious
• "Sunshine Brigade" patterns:
  • Heavy use of words like "sun," "sunshine," "sunny"
  • BDC headers/footers in templates
  • Variant names using "85 and Sunny"
• Wire transfer requests in templates or communications
• Mentions of Newport Beach (associated with known fraud groups)
• Non-standard payment requests (Venmo, bank transfers instead of credit cards)
• Odd or weird property names (Home 1, 2, 3)
• Suspicious communication history in inbox/sent items
• Cross account issues- same credit card paying OR bill, same BDC or ABB account (queries)

Known Fraud Entities

The following names and patterns are associated with known fraud:

• Marlis Murek
• Diana Dinca
• Christian/Costatin/Costain (Mr Magnificent)
• Ping/Ming/Mingda Chen
• Rene Sisters Gang
• Gulf Paradise Vacations LLC
• Sunshine Brigade variants

Account Review Checklist

Use this checklist when reviewing accounts for potential fraud:

Important Notes

Phone Number Verification

Use the oldest phone number found in the audit log. Check the User Audit Log (ORU) and go back as far as possible to find the original phone number used.

Level 3a Account Ownership Disputes

This process is currently under review. An internal upload option is being added. The Authentication documentation will be updated to reflect these changes. Reference: Ticket #1019223000002027894

"Reasonable Person" Standard

When deciding whether to request ID for suspected scammers, use your "Reasonable Person" judgment. Consider:

• Severity of red flags
• Number of suspicious indicators
• Account history and activity
• Potential impact on legitimate customers

See the Authentication & Security documentation for more guidance.

Ongoing Improvements

• Continue analyzing fraud patterns to identify commonalities and trends
• Review SA panel data to build better fraud detection queries
• Monitor for new fraud patterns and update this documentation accordingly