Verifying Identities and Payment Practices Online
In a previous post, I explained various schemes to scam people out of their money. The best protection against any of these schemes is to verify that you are really dealing with who you think you are.
There are two types of scammers:
- Scammers, who don’t try too hard, on the assumption that they’ll eventually find a victim who is gullible enough. These sort of scams are fairly easy to spot, as I’ll explain below.
- Impostors, who impersonate a reputable person, such that people who actually check the names of the people they are dealing with are fooled into thinking they are doing business with the real person, whereas all their exchanges and transactions happen with the impostor. These types of scam are much harder to uncover.
Note that the presence of any one of these warning signs alone doesn’t mean that you’re dealing with a dishonest person. All these signs combined with a few online checks that I’ll explain below, however, strongly point to a scam attempt.
Your alarm bells should ring if you receive an inquiry that contains the following:
- The email was sent from a free account such as gmail, yahoo, etc.
While this is not necessarily in itself an indication that the request is a scam/spam-email, it’s a strong indication in combination with the other signs below. I have, in fact, several good direct clients that write via gmail, but I know them from other sources, therefore I know that they are legitimate. Most of my other clients, however, write via their corporate accounts.
- A proper salutation is missing and the email is sent to my email-address via bcc.
This points to the fact that this is a mass scam attempt.
- The request is written in really, really bad English, despite the fact that the sender claims to have a source text in English and claims to have a name indicative of a native English speaker.
- The request does not contain any contact information aside from a generic email address and possibly a phone number in a strange country.
This is in general a strong indicator that the email is a scam/phishing attempt. Everybody has an address and phone number and most people have a website these days. A name such as “Maria Brown”, which is essentially un-Googleable because it’s too generic, immediately raises red flags. If somebody really wants a translation, even if they’ve never bought a translation before, they give a name and address and possibly other contact information so that the provider can contact the translation buyer with the quote. A name and address can also be used to search for that buyer online and verify his/her existence, as I’ll explain below.
- They steal a reputable person’s credentials. In this post I explain how to safeguard yourself against this.
- They modify the contact details to display their own contact information, possibly with a fake name.
- If they are smart, they use an email address and possibly a domain name that very closely resembles the original address and domain.
I myself fell victim to this once, when I got contacted by somebody purporting to be a project manager of a reputable agency. I checked out the agency and did my research, but what I did not notice was that the inquiry was sent from an email address ending in .net instead of the agency’s .com. That is, the email came from email@example.com instead of firstname.lastname@example.org. Of course, when I checked out the agency, their website was at http://www.translationagency.com. The scammers had simply temporarily bought the domain name translationagency.net, since domain names are fairly cheap these days.
But what if you receive a serious inquiry, from a person/company whom you searched for and found online, with apparently proper contact information?
You should still check out the potential client more thoroughly. For one, they could impersonate somebody else, or for another, they could be one of those black sheep on the translation market who never pay (and get away with it!).
Typically, impostors proceed as follows:
How can you check whether an email/inquiry is legit if scammers buy domain names left and right?
You can check the domain name via Whois, and you can check the IP-address the inquiry was sent from. This is done as follows:
- Visit http://centralops.net/co/DomainDossier.aspx
- Type the domain name into the search box, and check the options “domain whois record” and “network whois record”. The rest of the options may be a bit confusing, unless you’re an internet wiz. But then you wouldn’t be reading this part of the post, would you?
- The Domain Whois Record tells you who registered the domain and who is its administrator, along with their address and telephone number. This is important if you receive an inquiry from somebody supposedly from the US, but in reality they’re actually sitting someplace else.
- The Network Whois Record tells you the IP-address range of that domain. Every computer on the web has an IP-address, uniquely identifying the computer’s location and the computer itself (just like a phone number). It consists of 4 numbers separated by 3 dots, e.g. 18.104.22.1689 (Of course, this is not a real IP-address, because it’s out of range, but this is the format). This is important because you can check whether the email that was sent really came from this domain, as I’ll explain in the next step. This is optional, because it does not always provide more information. The Domain record should already give you lots of information.
- If you don’t want to check the email IP-address, skip the next 2 steps. Otherwise, go to your email program or webmail and display the header information. Here’s a good list compiled by Google explaining for various email/webmail programs how to display the header. When you have displayed the header, do not panic. Instead, read on.
- You can safely ignore everything except the lines that start with Received:. These lines represent a list of all the servers/computers through which the message traveled on its way to you. The top “Received”-line is your own system. The last “Received:”-line at the bottom is the computer where the message was sent from. You want to check this one again at http://centralops.net/co/DomainDossier.aspx (yes, the search box also works with IP-addresses). Of course, this may or may not correspond to the information you obtained from the domain name, because in this day and age, some people reroute their emails through other interfaces.
You should now have a pretty good idea who contacted you and from where. Armed with this information you can do further research, see below, if the contact is a translation agency.
Doing Business with Agencies – Payment Practices
Anybody with a computer and internet access can open a translation agency today, from anywhere in the world. While there are many very reputable agencies out there, there are also any number of fly-by-night “agencies” who are only looking to make a quick buck at the expense of translators and end clients.
Therefore, if you are a translator and are doing business with agencies, it pays to become a member of various online forums that discuss payment practices or to subscribe to databases that list the payment practices of various agencies. Here’s a list of forums and databases I consult regularly:
- The Payment Practices database (fee-based)
- ProZ Blue Board (overview is free, details are fee-based)
- Zahlungspraxis Yahoo group (free, very active, mostly for German-speaking countries/translators)
- WPPF Yahoo group (free, medium level of activity)
- Translationagencypayment Yahoo group (free, low level of activity)
- Translation agencies business practices LinkedIn group (free, medium level of activity)
- Unacceptable Translation Rates Naming & Shaming LinkedIn group (free, low level of activity)
These are just a few among many, and your mileage may vary. I personally rely most on the Payment Practices database and found the Zahlungspraxis Yahoo group quite useful.