My Stolen Identity is Cheating on My Wife

This story happened a few months ago. I woke up registered on an online dating app. Now it was kind of odd, because I didn't really remember doing that, and not to mention, I've been in a happy relationship for 13 14, years now. Did you sign up? You signed me up to a dating app as some kind of a joke. I asked my better half, and the passive aggressive stare I got back told me it was a mistake. So I took a closer look. Someone definitely used my email to sign up for Coffee Meets Bagel under my name. Wait, are they using my pictures as well? I tried downloading the app to see if I can access the account immediately notifying my partner, of course. But weirdly, logins aren't even connected to email. You could either log in through Facebook or directly with a mobile number. Okay, this got me anxious. Is there someone else impersonating me who's in the process of scamming people right now? What happens if I get blamed for it? Honestly, I didn't really know what to do. I tried contacting customer support through email, but I only got this generic auto reply, and I didn't really think I’d get much from them. Anyway, a day later, I got an email that my account was frozen, and guess what? The scammers already opened a new account with the same details, and here's how it looked like in my inbox. I gotta say, it was pretty surreal watching my identity being stolen just in front of my eyes without being able to do much about it. By sheer chance, on the very same week, I got to meet the team behind Musubi. They are experts in the space and recently launched their AI moderating product for dating apps and other digital services, and they weren't surprised. This happens all the time. They told me, I've shown Alice from the team the screenshot you've just seen. And she wrote back saying, looking at this, it definitely seems like A. At least three accounts were created with your email B. Two, of these three were suspended, yet they were able to create another account with the same email right away, and see, weirdly, it looks like at the end, even after two were frozen, you were still getting two of every email. So it's possible that one was frozen and then unfrozen, in addition to the one that was never frozen, not a good look, especially if the third account remained frozen and all were under the same email. Lastly, she writes they didn't get back to the same day, which left time for another account to be created yet again. And this matched my impression. I found it especially surprising that multiple accounts can exist with the same email, and even more so, as Alice mentioned, while some of them are frozen. Now you’ve got to ask yourself, if the same email was used, what other assets were linking all of these accounts? And I could imagine that the device and the phone number were also the same at the very least. And speaking of which, it's not even clear why the scammers chose to use my email. They weren't required to go through any email verification, so why bother anyway? The only thing I can think of is they wanted an account with proven history to bypass any risk checks that sign up. In any case, here are some best practices Alice shared with me, with which I totally agree. A few learnings best practices I pulled from this, if an account is frozen, all metadata linked to the account should also be frozen, such as email, IP address, device ID, phone number, etc, customer support tickets should fit into moderation systems so email like yours are prioritized and looked at quickly. Email verification, a big one, don't allow two accounts at the same time with the same email address. Okay, yeah, it's a cool story, a fraud expert whose identity got stolen, all right, but this is LinkedIn post material, not necessarily a full video. And still, why did I choose to dedicate an entire video to discussing it? Because what starts as identity theft on a dating site usually turns very quickly to romance scams and then to app fraud and who's bearing damages the victims and the financial institutions. Thing is, while these camps originate on dating sites, we see how poorly both of them are equipped with detecting and properly stopping them. So it's not a surprise, given they are not exposed to any damages or scrutiny. Will that change anytime soon from what we've seen so far? It's hard to imagine. But what I think is possible is to exploit the collaborative potential that hides here. Think about it. What have we actually seen here? It appears that upstream in the scam journey, fraudsters are acting carelessly, and imagine how much data we can gather about both fraudsters and victims in such cases. What if we could expose it downstream to block monetization attempts. The challenge here, as always, is to foster collaborations that don't seem trivial at first time. In fact, last year, we saw a huge announcement from Facebook venture.com Coinbase and others about launching an anti-scam Alliance. Exactly for this reason, by the way, I'll say I'm not exactly sure what happened with it outside of the PR story, but still, in that regard, we often talk about the convergence of fraud in cybersecurity spaces. But what about fraud and trust and safety? Except for a few organizations, these teams usually don't find themselves collaborating much, if they even exist in the same business together. But maybe it's time to explore such initiatives more seriously with the rise of romance scams and pig butchering scams and other forms of app fraud. Am I being too optimistic here? Probably I just wish my identity wasn't out there doing who knows what.