Category Scams

A not so new kind of scam – email spoof

So, the following arrived in my inbox today, allegedly sent from me, to me.

Email spoof scam

Further down in that longwinded text, they demand a payment in Bitcoin to release my email domain from the hack. I immediately checked the header to see whether my account has indeed been hacked. Of course it hasn’t, they just spoofed my email address, quite elaborately I might add.

Google has a pretty nifty tool to analyze email headers, so that you don’t have to wade through a bunch of code. You simply copy the header in its entirety, as shown below, and let Google do the analysis.

Header analysis

Here’s the result:
Header analysis result
 

 

The originating IP address, 103.35.109.142, is apparently in Bangladesh, in the Dhaka region, as one can find out via https://www.iplocation.net, for example.

I sent a complaint to the original service provider to report the abuse. Let’s see what happens.

Scam warning: US National Court Interpreters Database (NCID) email scam

The following was sent to me from a colleague, and I am hereby spreading the word.

To: All Individuals Listed in the National Court Interpreter Database
Re: Interpreting-NCID Scam 

The Administrative Office of the United States Courts (AO) was advised on January 22nd, 2018 that interpreters in several states received a scam email requesting money in exchange for being listed in the judiciary’s National Court Interpreter Database (NCID), which is used by federal courts to locate contract interpreters. This message, purportedly sent by AO Director James C. Duff, requested that interpreters wire money through Western Union to an individual in Iowa. The email is fraudulent and not connected with the United States courts or with Director Duff. 

The judiciary has never required that individuals pay a fee to be listed in the NCID. To become listed in the NCID, follow the steps described here: http://www.uscourts.gov/services-forms/federal-court-interpreters/national-court-interpreter-database-ncid-gateway.

The AO is working to make the relevant law enforcement agencies aware of this scam and we ask that you notify us at NCID_Help@ao.uscourts.gov if you receive this fraudulent email.

Scam Alert! Corporate Compliance Services

Today, another scam reached my inbox, my postal mail box, to be precise. A letter by “Corporate Compliance Services” sent me a “Labor Law Compliance Request Form,” notifying me that I am required to pay $84.00 to comply with federal law 92 USC Sec. 999 etc. etc. and so on and so forth.

Corporate Compliance Services scam

Corporate Compliance Services scam

Obviously, they messed with the wrong translator again, because in this case it was nearly immediately clear that this was a scam, as an internet search instantly revealed.

Clue number 1: The scammers sent the notice to my home address, not my business address. I use my business address for every single correspondence with all government entities and agencies, except my personal tax return. All business-related correspondence with city, county, and federal agencies as well as my clients goes through my business address.

Clue number 2: While the letter looks really elaborate, in the front and in the back, even more official than some correspondence I received e.g. from the IRS, they misspelled the word “address.” No goverment agency misspells a word on an official form. Some individuals might send out misspelled posts on social media, but no form I have ever seen contained such a blatant spelling error.

I was tempted to reply to the fake “notice” with a letter instructing them to deduct the fee from my Nigerian bank account, but alas, several deadlines are looming. Plus that would confirm my personal address.

Fraudulent website update – happy ending

A bit over a month ago, I discovered thanks to Google Alerts, that a fraudulent website was using my business name and excerpts of my copyrighted website content without my permission to advertise their dishonest services. The site has been taken offline a few weeks ago and has been offline ever since.

Site offline

Fraudulent site offline

Here is the timeline of my actions which led to this positive outcome, which may help you if you are ever in a similar situation.

Step 0: Set up Google Alerts

If I hadn’t set up several Google Alerts to inform me whenever my name or my business name appears on a new site online, I would have never known about the impostors. I wrote a blog post about how to do that here.

Step 1: Post a disclaimer on my website

I posted an alert immediately after the discovery of the fraudulent website, in which I disassociated myself and my business from the website and all its activities. If I had had the slightest suspicion, that the impostors could contact my existing clients or solicit new clients under my name outside of that website, I would have also proactively contacted my existing clients and posted another alert/disclaimer on all my public and semi-private social media and professional accounts.

Step 2: Find out who is behind the website

Unfortunately, this step proved to be quite difficult, because the real host of the website was hidden under several layers of anonymized entities. I began by looking at the internet registry information, which you can find via any Whois domain service, for example http://centralops.net/co/DomainDossier.aspx. The domain and the network whois record indicated that this particular website was registered in Panama. Unfortunately, contacting the registrar (see step 3) proved not very useful, because they claimed they were only responsible for registering the domain name, not for the content. I was referred to another entity in China, which also claimed not to be responsible for the content.

However, the domain name registrar was helpful enough to suggest to run a ping traceroute, which gave me the domain name and the IP address of the entity that actually hosted the content on their servers. One such service is for example http://ping.eu/traceroute/. The last entry of the route is the IP address and domain name of the server that I was looking for. With this information, I went back into the Whois domain lookup and got the record of the actual host. The host is supposedly based in Canada, but the IP address of the server is actually located in Utah, USA, as an IP location service such as https://www.iplocation.net revealed. Now I had enough legal ammunition to take action.

Step 3: Cease and desist letter

After peeling back all the layers of the onion, I sent a very official sounding cease and desist email to the aforementioned hosting service. Actually, I had sent cease and desist letters to all the involved parties/layers, but although I received nearly immediate responses, they just referred me to the next layer. But when I sent a cease and desist letter to the hosting service, the site got taken down the very next day, although I never received a response from the hosting service!

Regarding the content of the cease and desist letter, I looked up a template online for the proper legal phrases. I mentioned that my business name, which was used fraudulently, is registered in the State of California (since 2010), and that the content of my website, which was used without my permission, is copyrighted. More on that below. I was prepared to take further action, but luckily, this was not necessary.

Step 4 (not taken): Invoke US copyright law

According to US Copyright law, all work is under copyright the moment it is created and fixed in a tangible form, without actually having to register for a copyright. Aside from the standard “All rights reserved” disclaimer on my website, I also use a WordPress plugin to take snapshots of the content that I deem worthy of copyright. This serves as “fixing it in a tangible form,” as required per the US copyright law quoted above. There are many such plugins available.

If the site had not been taken down, I was prepared to send a takedown notice according to the US Digital Millennium Copyright Act to the service provider that was hosting the offending site. The steps to send a DCMA takedown notice are described here. Luckily, this was not necessary.

All is well that ends well. I want to thank my colleagues who helped me peel back the layers of this fraudulent onion. I hope that I can help other people in a similar situation by sharing this experience. I also hope that potential criminals will be sufficiently deterred to try something similar in the future.