To piggyback on my previous article about scams and how they work, I wanted to talk about the scam attempts that I’ve encountered in the last few months and how I managed to avoid falling for them. These attempts have taught me how to articulate what to watch out for, and how well education about scams WORKS! I hope sharing these stories will help others to avoid falling for similar traps, and I’m grateful for others who have shared their stories too.
Impersonating Another Profile
In April this year, I very nearly fell victim to a scam on Instagram. Thankfully I had just finished writing an article about romance scams for Crime Watch Canada in March, so once the warning bells went off, I already knew how to investigate it.
I follow a small business account on Instagram on my personal account. They’re one of the witchy creators I admire, and they make really great makeup, spell jars, bath salts, etc. While I haven’t been able to purchase anything yet, I do appreciate their work.
The night I found out my grandfather had died, I coincidentally received a private message from them offering to do a reading for me. They said the spirits had told them that I needed a reading. They asked for $100, which is a pretty reasonable industry charge. I was broke and couldn’t really afford it, so I offered an exchange of services: I could provide a review of their services in exchange for the reading. Given the timing of the conversation and my rates, it seemed like an equal exchange. They declined and offered to accept anything I could afford, so I excused myself while I went and checked my bank account.
Here’s where the warning bells started to go off.
They started to get really pushy about getting the money NOW before they would do the reading. They refused to consider waiting until I had more income. I genuinely was checking all my accounts to see if I could spare anything, but the two to fifteen minutes of waiting seemed to be too long for them.
Then when I said I was ready to send the money, they sent a link to a PayPal account with a name that didn’t match the business owner. It was at this point I got really suspicious.
I searched on Instagram for the business profile, then messaged them privately to ask if this was a scam. It seemed likely considering that the private reading conversation was not through that business account. Then I saw in their stories that someone had been impersonating their account and offering readings. Soliciting private readings is not part of their business practice, this was a scam attempt affecting many of their customers, and they had tried to report the account with no success yet.
Checking again, the fake account had copied everything over into the new account. The profile picture, bio, and multiple posts were copied over, they had lots of followers, etc. The only visible difference was that there was an underscore at the end of the account name.
The real business owner replied to me shortly after I found their story, confirming the interaction was fraudulent, apologizing profusely, and expressing frustration that this was still happening.
I reported the fake account to Instagram as impersonating someone I knew, then messaged the scammer back apologizing and saying I couldn’t afford it after all and would not be taking the offer. Then, I blocked and deleted the account, so they couldn’t correspond with me again.
Copyright Infringement Scam
In June, after I wrote the scam article here, I received an email sent through my website accusing me of copyright infringement and threatening to sue if I didn’t take the company’s photos down. I couldn’t track the original email because it had gone through a form on my website, but it looked pretty legit.
Form Submission - Contact Form - thewordeater.com Dmca Copyright Infringement Notification email
Sent via form submission from The Wordeater
Name: [redacted]
Email: [redacted, matched the name]
Subject: thewordeater.com Dmca Copyright Infringement Notification email
Message: Hello, Your website or a website that your organization hosts is infringing on a copyright-protected images owned by our company [company Name]. Take a look at this report with the links to our images you utilized at thewordeater.com and our earlier publication to find the proof of our copyrights. Download it right now and check this out for yourself: [link for a google drive document] I believe that you intentionally infringed our rights under 17 U.S.C. Section 101 et seq. and can be liable for statutory damage as high as $110,000 as set forth in Section 504 (c) (2) of the Digital Millennium Copyright Act (DMCA) therein. This message is official notice. I demand the elimination of the infringing materials mentioned above. Please take note as a company, the Digital Millennium Copyright Act requires you to remove and disable access to the infringing content upon receipt of this notice. In case you do not stop the utilization of the aforementioned copyrighted materials a law suit will be initiated against you. I have a good belief that use of the copyrighted materials described above as presumably violating is not approved by the copyright proprietor, its legal agent, as well as law. I declare, under consequence of perjury, that the information in this notification is correct and hereby affirm that I am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed. Very truly yours, [name redacted] Legal Officer [company Name] [company website] 06/01/2022
Now, the names and email address looked legit, and there’s lots of legalese in there so it looks pretty scary, but here’s the thing.
This is my stomping ground!
I’m a librarian up to date on copyright, and I’m familiar with general legal processes. There are a bunch of grammatical errors that wouldn’t be found in a legitimate legal order. At best, I could conclude this “Legal Officer” is grossly incompetent at their job.
This was on my art website. I have a blurb on my website clarifying that I own the copyright to all images on my website unless attributed otherwise. I do my best to provide citations to all outside creators as my general practice. I knew if this was a legitimate complaint, I would win the lawsuit without even trying. I have lots of documentation and dates behind every picture on my website, and I can recall where I got the pictures not owned by me because I cite the creator.
I recognized the company name that supposedly was threatening to sue me as an accounting software company based in New Zealand. Now I knew for sure it was fraudulent, because I definitely didn’t use any of their photos.
The company name was consistently presented as company Name, not Company Name. See how they avoided their own copyright infringement?
What the hell was with that link to Google Drive?? That’s a terrible way to serve notice.
I almost replied to the scammer to ream them out, but instead, I contacted the Company Name by searching on their website and emailing them. They directed me to a place to report the phishing attempt with their company (for reference, look for “Security” or “IT Support” on the company website). I also reported the phishing email to my website company where the form had come from.
Updating website security
I had been receiving annoying emails about broken links on my website (“click this link, it’s broken! We can fix it for you!”) for a few months already before this. To avoid scary emails like this in the future, I added a reCAPTCHA feature to the contact form on my website. This prevents bots from using the contact form and means any emails will have to pass the basic CAPTCHA test before I receive them.
This addition seems to be working, as I haven’t gotten any further scam attempts through my website since then.
Art Sale Email Phishing Scam
Since I started pushing for more art sales and commissions, I was excited to see an email in my inbox first thing yesterday morning requesting assistance with art sales!
The email subject was a little alarming: in all caps it just said “WEDDING ANNIVERSARY GIFT”.
However, the email address and name looked legit, and the spelling wasn’t too bad. I have been trying to make more art sales. Altogether it seemed pretty reasonable in the first couple of read-throughs.
Hello There,
How are you doing? My name is [Last Name First Name] from [City ST]. I have been on the lookout for some artworks lately in regards to my and my wife's anniversary which is just around the corner. I must admit you're doing quite an impressive job. You are undoubtedly good at what you do.
With that being said, I would like to purchase some of your works as a surprise gift to my wife in honour of our upcoming wedding anniversary. It would be of help if you could send some pictures of your piece of work, with their respective prices and sizes(bearing in mind that my budget is within $500-$5000)which are ready for immediate sale.
I look forward to reading from you.
Best Regards,
[First Name].
My first thoughts were:
“Oh boy I’m glad I’ve already started documenting all my artwork so I can sell it!”
“That budget looks pretty reasonable, I can probably send 3-4 works in an Xpresspost envelope…”
“Hm… I remember reading about art sale scams somewhere recently…”
When I re-read the line, “I must admit you’re doing quite an impressive job. You are undoubtedly good at what you do,” I felt like something was weird. Why do they need to “admit” I’m amazing when they’re asking to buy my work?
Also what kind of job does he do that has him sending emails at 4 am on a weekday?
How did he get this email? It wasn’t through my website or contact forms this time, but sent directly to my email. Except I’ve been using a different email for my public email recently.
That’s a couple of flags, so I decided to investigate. I started by looking for the person who sent the email. There is actually a person named [First Name Last Name] based in [State] but they live in a different town. They’re a CEO or something so the budget checks out. But then I noticed the little details that give away a scam attempt. The scammer introduced themselves with their last name first, then their first name. Weird. No comma between the city and the state abbreviation. Maybe lazy, but weird. They look forward to “reading from you”. Eh? And they spelled “honour” the Canadian way too, though they’re supposedly based in the US.
These little things aren’t that significant on their own. But altogether like that? Very bizarre. I really felt like if someone with this kind of budget would reach out for art they’d have some kind of profile online, but I couldn’t find a matching profile on any social media.
Then I remembered the suggestion of copying and pasting text into google, to see if it comes up as some kind of script. I copied the first paragraph and pasted it into google.
Bingo. We got a match.
“Here is the scam email we received. I’ve numbered what I took as hints that it was a scam:
***
Hello There,(1)
My name is [removed] from Washington DC. I have been on the lookout for some artworks lately in regards to I and my wife’s anniversary which is just around the corner. I stormed on some of your works which i (2) found quite impressive and intriguing. I must admit your (3) doing quite an impressive job. You are undoubtedly good at what you do. (4)
With that being said, I would like to purchase some of your works as a surprise gift to my wife in honor of our upcoming wedding anniversary. It would be of help if you could send some pictures of your piece of works (5), with their respective prices and sizes, which are ready for immediate (or close to immediate) sales. My budget for this is within the price range of $500 to $5000.
I look forward to reading from you in a view to knowing more about your pieces of inventory. As a matter of importance, I would also like to know if you accept check as a means of payment.
Regards,
[name]
***”
Some details have been changed. The location is different, and the request for a check part has been removed. The grammar in my email is a little cleaner and ‘honor’ is spelled differently. But it’s nearly word for word the same email.
The author who reported this scam also pointed out the lack of names other than the sender’s name allowing the scammer to copy/paste to mass recipients, and the excessive but unspecific flattery (“I must admit you’re very good at what you do”) as signs of the scam attempt.
For those who aren’t familiar with art sale scams, the idea is to build rapport leading to the transfer of money/goods. At some point during the sales process, they probably would have tried to charge me excessive amounts of money for international shipping, used a fraudulent cheque or money order to pay, or something to that effect.
Again, I did not respond to the scammer to avoid giving them any more information, and instead, I reported it as a phishing attempt to the affected parties. In this case, it was sent through Gmail, so I reported it as phishing there.
Not Today, Scammers!!
Watching for these red flags has already proved to be helpful:
Unsolicited interpersonal interaction
A short time limit: Real buyers will understand how turn-around time works and will be flexible as long as you communicate well
Language causing some kind of strong emotional response
The transfer of money
A request to click on a link
Inconsistencies between names, emails, or companies represented
The feeling that something is off
Knowing how to investigate suspicions has been helpful too:
Check contact information - names, email addresses, company names
Google the names to see if they look legitimate
Type links into a browser rather than clicking on internal links
Google the text to see if it comes up in a scam report somewhere
Use a second platform to reach out to the person or company. At best, they can confirm the correspondence, at worst they will want to know about the scam attempt. They may already be aware of similar attempts and have a procedure in place for reporting scam attempts.
As a new small business owner, I’m being very cautious about scams and encouraging others to learn and do the same. During the pandemic, many small businesses have shifted to more online orders vs. in-person orders, and online scams have jumped in tandem. They range from phishing emails or fraudulent accounts like I experienced, to malware embedded in files or links. Besides following best practices for records management and staying educated, businesses that maintain a collection of customer information may need to invest in cyber liability insurance, in case scammers somehow get into that data.
Remember, falling for a scam is not an indication of one’s intelligence. Scammers are good at what they do. As these examples demonstrate, being aware and educating each other is our best protection against scammers.
References:
“Don’t Be Fooled By Email Scams: How To Spot And Avoid Fraud” by Artwork Archive. No date. https://www.artworkarchive.com/blog/don-t-be-fooled-by-email-art-scams-how-to-spot-and-avoid-fraud
Artist Warning: 5 Ways to Recognize an Email Scam” by CherieDawn Haas, Outdoor Painter. No date, circa 2018. https://www.outdoorpainter.com/artist-warning-5-ways-to-recognize-an-email-scam/
“Avoid And Report Phishing Emails” by Gmail Help. No date. https://support.google.com/mail/answer/8253?hl=en
“Fraud Prevention Month Raises Awareness After A Historic Year For Reported Losses” by Royal Canadian Mounted Police. February 28, 2022. https://www.rcmp-grc.gc.ca/en/news/2022/fraud-prevention-month-raises-awareness-a-historic-year-reported-losses
“Calgary Business In Damage Control Mode After Losing Cash, Customers To Scammers” by Tomasia DaSilva, Global News. August 16, 2022. https://globalnews.ca/news/9064359/calgary-business-in-damage-control-mode-after-losing-cash-customers-to-scammers/