I just found out today that there was a scammer on my forum. They had zero public interactions (post/likes) but would chat message members who were looking to buy certain items and pretend that they owned them. This looks to have happened to over a dozen users until one messaged me about the suspicious individual.
Without this tip, I’d have no way of knowing this was happening. Is there anything in place that could help flag individuals who are TL0 but direct message/chat with multiple members?
I’m also thinking about adding a little blurb that pops up in DM and chat similar to this one:
I believe Trust Tier #1 is required to send personal messages, unless the settings may have been changed for that. If it’s possible to adjust that to a higher tier I would recommend that as a first step.
Otherwise that may be a feature request to notify a moderator or administrator if many messages are being sent by a new user, that may be possible to do that.
Users at trust level 0 cannot …
Send personal messages to other users*
Although the chat system may have different requirements than the messages.
Also you could implement a policy similar to the one here at Meta that any kind of marketplace solicitations must be made in a public forum post, not messages. Then most likely you would be notified earlier about there is that kind of spam/scam activity occuring.
I see, thanks for the advice. It does appear that I’ve changed the default settings on the one called “direct message enabled groups” and opened messages for everyone.
Allow users within these groups to create user-to-user Personal Chats. Note: staff can always create Personal Chats, and users will be able to reply to Personal Chats initiated by users who have permission to create them.
This seems like a heavy-handed approach for my situation (which is why I probably changed it in the first place). I think it block way more false positive situations than the one I’m worried about.
I think making all deals public is also a smart choice but I have a feeling it will not be a compatible approach with the culture of the community I’m working within. In our case, people are making public offers to buy things and this scammer has taken advantage of that knowledge to solicit those individuals to say they have what they are looking for. I think people really value doing the negotiations privately though.
Thanks again for the suggestions. If it really becomes a common problem I’ll set that setting back to default or work on a warning theme component like I described.
With the personal message feature people can add a moderator or staff member to that if they become aware they are talking to a scammer.
Some more talk about that feature is in this other thread here, about the opposite kind of situation where it can be considered poor etiquette to add someone new to a message thread without asking permission. However that may be intentional for exactly this kind of situation you have described, to be able to alert that there is a scammer, since if messages are encrypted then moderators can’t access them even if they are flagged.
It would need a bit of tweaking, but if you have the Data Explorer plugin installed you could create a modified version of the " Who has been sending the most messages in the last week?" query to only report for TL0 users and then run it every so often to see who’s sending a lot of messages.
If you wanted you could even add to the query to generate a report showing relative volumes of messages vs posts for a user, e.g. Fred has sent 25 messages and not posted any topics/replies.