I recently had a signup with some very strange contact information, IP address from Africa, and the billing address was in California.

Before activating the account I did some research and had multiple communications with the customer. Even the CVV2 code matched up from the billing.

Well I guess I should have followed my initial instincts, shortly after the accounts were setup I received a couple of complaints. I started monitoring the site (all in my TOS) and found they were doing something called the "Mercury Lottery" scam.

Since then I've locked their accounts down, reported the fraud to the FBI, and put up a warning page on the websites.

Do you think these pages over step the bounds of what I'm allowed to be doing?