Monday, June 25, 2012

Warning: Affiliate Account Hacker Update

Warning: Affiliate Account Hacker Update
A Vietnam-based man by the name of Ly Duc Trong has succeeded in scamming multiple affiliates out of earnings by hacking into affiliate accounts. Before falling victim to he or another hacker, here is what affiliates need to understand about his methods and steps they can take to secure themselves from losing earnings to scammers.
Ly Duc Trong Hacker Method
Ly Duc Trong has been stealing from affiliates by accessing their affiliate accounts and changing their payment details in order to have payments sent to him. “bb1web” on the Gaming Portal Webmasters Association forums notes that the hacker appears to only target accounts with small balances in an effort to go unnoticed.
The hacker has changed payment details to his address in Vietnam in order to request cashouts to be sent to his various e-wallet services. Most commonly, he has used WebMoney as he gets paid instantly and they do not ask to verify a name. Other methods used to receive payments incLyde player account transfers, Neteller, bank transfer, and PaySpark.
Details of the payment information he has been using can be seen in the image below.
It remains unclear precisely how Ly Duc Trong is able to access so many affiliate accounts. One CAP affiliate suggested to us in an interview that the hacker could be a former affiliate manager.
Hackers have also been known to socially engineer their way into receiving secure data. They do this by pretending to be someone inside the company who should be able to access the info and then making someone else within the company provide it to them.
It may also be possible that Ly Duc Trong is simply penetrating affiliate systems through conventional hacking methods and acquiring user password data. This possibility is somewhat unlikely however as affiliate programs would probably discover these flaws quickly and fix them immediately.
In an instant messenger conversation with an anonymous affiliate, “bb1web” ascertained that the hacker has created Yahoo! email accounts using the same username as affiliate accounts and then emailed affiliate managers inquiring about payment. This information gives weight to the theory that Ly Duc Trong is socially engineering his way into affiliate systems.
“bb1web” also notes that the PaySpark account being used to receive payments by the hacker is likely four years old which suggests he has possibly been hacking affiliate accounts undetected for years.
What You Need to Do
There are a few things affiliates need to do in order to secure themselves online and make the efforts of hackers like Ly Duc Trong less fruitful.
All of these safeguards should be followed:
1.    Diversify passwords. The biggest mistake affiliates can make is using the same login and password for all accounts. Affiliates need to protect themselves by using different passwords and logins for each and every affiliate account.
2.    Use secure affiliate programs. There is no replacement for an affiliate program that does their end of the work in preventing hackers by using a secured https login system and dispatching automatic emails when sensitive account info has been updated.
3.    Check income statements. Much of Ly Duc Trong’s success has been built on affiliate apathy towards smaller account balances. Affiliates need to keep an eye on their income and verify that payment methods are correct before requesting distributions. Invest a couple of hours each month into looking over the small details of your income data.
What Affiliate Programs Need to Do
The Ly Duc Trong hacker scandal is a black eye on affiliate programs. Unfortunately, many vulnerabilities on the part of affiliate programs are being exploited through these hacking efforts. He should have never been able to operate as successfully as he has if affiliate programs took the following security measures:
1.    Offer a secured login portal. Sites that use an https login make life vastly more difficult on hackers since data on intercepted transmissions is encrypted. Imagine trying to read a book with every letter on the page scrambled around. It’d be impossible. This is effectively what https does to hacking efforts. All affiliate programs should switch to https. Unfortunately there are many that have failed to do so. Affiliate programs that utilize https include AffActive,Rewards Affiliates and Party Gaming.
2.    Dispatch automatic emails following account changes. There is no excuse for bells and whistles not going off at affiliate program headquarters when an affiliate’s account info suddenly changes to a Vietnamese name and address. Affiliates should receive automatic emails whenever sensitive account information has been changed.
3.    Stop using WebMoney. Affiliate programs need to take WebMoney wallet out as a payment method. It is too easy for scammers to collect money through this service as payments are instant and no ID is required to receive funds.
4.    Educate affiliates. Affiliate programs should view the Ly Duc Trong scandal as an opportunity to educate their affiliates on measures they can take to prevent hackers from being able to do this to someone else.
5.    Search for Ly Duc Trong info. Affiliate managers need to search through their system to see if any accounts have been compromised by Ly Duc Trong. A post on Gaming Portal Webmasters Association by “mickey417″ contains helpful information that affiliate managers should be on the lookout for.



Post a Comment