New Topic Reply Subscription Options |
Stalking/Hijacking
Forums: General Discussion | |||
|
|||
Participant: Log in to see names |
Wednesday, April 23, 2014 at 6:50 PM
Last week we learned that one of our female classmates was being stalked. (The stalking preceded this classmate joining our site.) My classmate reported that the stalker bragged to her he had joined the site by hijacking a name. Prior to getting notice of the problem, we had not made identity verification a step in registering to the site. After learning of the situation, I promptly a) identified what I concluded to be the hijacked name, b) changed the site preference setting to require the identity be confirmed, and c) placed a notice of the new policy on the homepage. I then confirmed my conclusion regarding the hijacked name. I removed the hijacked name and then reentered his information. This afternoon we received notice that a woman "joined" our site. The notice included the first, maiden and married names of the “member” and a changed email address. I did some half-ass verification and approved the new member. I then wrote “her” an email that bounced. I then called the woman whose name I believed was hijacked. She confirmed she hadn’t joined the site. I then deleted the name from the class roster, following which I replaced her name on the class list. I am pretty sure the same person who hijacked a name last week is the same person who tried to hijack a name today. With that as a background, I have a couple of questions. First, if I do not accept someone’s registration attempt, what needs to happen so the real person can register at a later time? Do I have to delete/replace the person’s name? Does Class Creator wait until the registration is accepted before sending the opt-in email? In the situation today, the hijacked name was a site member for about an hour. Had Class Creator sent an opt-in email? Did it bounce? If an opt-in email bounces, does Class Creator let the administrator know beyond the notification of bounced emails that appears on the homepage? What techniques do administrators use to identify/verify hijacked names? Barry Levinsky
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 3:13 PM - Response #1
1) In the verification area of the profile you are given a chance to delete the false registrant and reset the account. Name stays on list awaiting real classmate. 2) Yes we send the opt in email prior to verification. Most of the time it's the real person joining so we do want that email to go out immediately. Even if it's a hijacker, all the hijacker is doing is confirming they have access to some email box. This has nothing to do with the verification process though and isn't an issue. 3) The person might have been a member, but they were an unverified member. I.E. they couldn't see any private info (just what the public can see) and couldn't do much of anything else either. Non verified classmates can do virtually nothing. Same answer as #2 on the opt in email. Yes it was sent, but if a hijacker verifies they have access to some email box, doesn't have anything to do with the verification process. 4) If the opt in email sent to the hijacker bounced you would have received a bounceback notice. 5) You can see bounced email notices on your home page as you stated, as well as in the Email the Class area. 6) The surest way is to call the person on the telephone. Some admins send an email with a question or two. Some admins just look at the profile and go "Yep, this has got to be real" and approve it. If somebody is telling school stories that ring real, posting pictures or videos that look real, that's usually enough for most admins to click the approve button.
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 4:46 PM - Response #2
Thanks for the info and the follow-up details. Security of our info and site is "Job 1" for all admins.
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 5:59 PM - Response #3
We do likewise. We don't ever want our classmates to feel their security/privacy has been compromised.
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 6:11 PM - Response #4
Along similar lines, when we have someone claiming to be a 'class member' wanting to join, but did not graduate, we ask a few 'leading questions' of the person wanting to join. Sad state of affairs that we have to take these measures, isn't it?
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 6:17 PM - Response #5
Hey Barry,
|
||
|
|||
Participant: Log in to see names |
Thursday, April 24, 2014 at 6:22 PM - Response #6
One of the questions I ask is where did they live when they went to our school. I have all our classmates names & address in Book that was provided to everyone at the school during there time there. Also I will ask several classmates if they remember the individual. Simple questions will catch someone up,
|
||
|
New Topic Reply |
Subscription Options: Have all new forum posts sent directly to your email. |
Subscription options are available after you log in. |