Data says: Fraudsters don’t say thanks
By Sarah Beldo /
28 Jan 2016
Part of the magic of using machine learning to detect fraud is how the technology can reveal unexpected patterns among what may at first seem like completely unconnected data points.
At Sift Science, our machine learning technology identifies fraudsters and scammers so our customers can focus on creating an even better experience for their good users. We look at a vast array of signals to do what we do – we’re talking thousands of individual data points, some of which may (on the surface, at least) sound pretty unrelated to fraud.
But when we analyze all these signals in real time, it helps us paint an extremely nuanced picture of fraudsters by behavioral, identity, and network patterns. Fraudsters are experts at sniffing out and avoiding overly obvious fraud filters, but machine learning can pick out overlooked details. Shipping and billing address don’t match? There could be plenty of reasons why not.
Addresses don’t match AND the account is less than four minutes old AND it’s an unusually high order value? Probably a fraudster.
In our recent analysis, we’ve found that one of the potential signals of fraud lies in word choice. Yep, word choice.
Through an analysis of over 1.5 million messages taken from a mix of legitimate and fraudulent users, we found some interesting nuggets. Here are a few of them:
R U surprised?
Fraudsters, like most people who are trying to do something quickly, use shortened text speak in their typed communications. No time to use full words when there’s money to be stolen (muahahaha)!
In our analysis, we found that messages using the abbreviation “r” are (r?) 2.5x more likely to be fraud. Meanwhile, “u” on its own makes a message 2.8x more likely to be shady. And “ur” ups the fraudiness quotient by 3.8x.
Feeling :/ about this one
Facebook’s research on LOLs and emojis was pretty fascinating for realizing that kids these days are moving away from written language altogether to simply use pre-made pictures for communication. They also won’t stay off my lawn.
While we didn’t look at emojis in our research, we did look at their more primitive cousin, the emoticon. In fact, we found a single emoticon jumped out as being particularly suspicious: the winking frowny face. ;(
Why would someone use a winky frowny face? What is it trying to communicate? “I’m sad yet not really – and we’re both in on the joke”? In any case, if you use this enigmatic emoticon, we found that you’re 12x more likely to be a fraudster.

Mispelings and tipos
Within modern norms of communication, sometimes it can be hard to know if someone has legitimately mistyped something, or if they’re deliberately shortening a word. (Pro tip: Yes, that is indeed an acceptable defense the next type you send out a typo in a work email.)
However, in our analysis, we found some obvious typos that hint at fraudiness:
- happend = 22.5x more likely to be a fraudster
- wierd = 4.05x more likely
- wich = 2.59x more likely
Just like mom said…
It seems that politeness and clean language really do give insight into your character – or, at least, your intentions to commit fraud.
For example, we discovered that having a potty mouth is a pretty strong indicator of fraudiness. Messages containing “fuck” were a whopping 32x more likely to come from a malicious user (surprise, surprise).
And these guys don’t seem to be into manners. According to our research, saying “thank you” in your message makes you 36x less likely to be a fraudster. You’re welcome.
Related
Sarah Beldo
Sarah Beldo was the Director of Content Marketing at Sift.