Ask HN: What are service providers' responsibilities to prevent fraud?

2 pointsimpendia26d ago2 comments

A scammer just attempted to phish several attendees at a scientific conference. They falsely claimed to be affiliated with the conference, and asked for their credit card numbers.

The request was made via a document signing service which is apparently legitimate. The email came from the signing service's domain.

I got in touch with their customer service, and they refused to claim any responsibility: "We do not take responsibility for the actions or communications of companies that choose to use our service. If the email you received originated from an external organization, any concerns about its content or legitimacy should be addressed directly with that organization, as the document's sender and owner."

Obviously I am not going to correspond with a scammer for any reason.

Is this legal?? Do I just need to accept that this is the world we live in?

2 comments

bell-cot26d ago

Does it seem plausible that the scammers got the conference attendees' email addresses by scraping the conference web site? Or is the organizers' registration data compromised? This is a separate issue from the Doc-U-Scam.con legal situation... but it'd be far easier for the attendees to apply some heat to the conference organizers.

Otherwise, this sounds similar to scam emails that I regularly receive. (No conferences involved.) So I'd bet the situation is "legal", at least in the sense that nobody with real power cares to shut it down.

Idea: If some of the targets were from large institutions, and some of their credit cards were company-/govt-/university-issued, then suggest that they tell their email admins to globally block everything from Doc-U-Scam.con, to protect their institutions from fraud. If enough email systems bounced everything from those folks, then it'd seriously damage their business model.

impendiaOP26d ago

Yes, they likely scraped the conference web site.

Academia, at least in math, has a tradition of being public. Conferences will advertise at least the list of speakers, and sometimes the full list of attendees. This is widely considered a good thing; people trying to decide whether to go to a conference will want to know who else will be there.

Moreover, the conference organizers have sent out multiple emails to the attendees warning that scammers were targeting them, and emphasizing that there were no third parties legitimately involved.

So I can't and don't fault them.

j / k navigate · click thread line to collapse