·

photo credit: IMG_0835 via photopin (license)

How my online identity got stolen

Tags: ,

I’ve been blogging for a while now, so sometimes I get questions in my mailbox from people looking for some help. I never mind helping someone, and if the question is good, I even write an article about it.
So when I got an e-mail a couple of weeks ago of someone looking for some help, I wasn’t too surprised. But then some things started to smell kind of fishy…

You’ve got mail!

It all started with an e-mail I got a couple of weeks ago. It looked something like this:

Hi Giel,

Hope you are well, i got your contact details from your website. I have just sent you an  email on UPWORK, to invite you to have a chat about some front end development work that we require on our Magento Website. Below is a copy of the message i sent. I have also attached an outline brief of the job that we require. It would be great to chat ( email / skype )

The e-mail was accompanied with a Docx document and an enormous copy/pasted text from the job he presumably posted on something called ‘UPWORK’. The e-mail even stated:

I also understand that freelance work operates around “day jobs”, family life and social commitments , and i appreciate that many skilled guys like yourself  offer their services in what should often be leisure time for themselves and their families. I am happy with that, and realistic in my expectations of your own commitments.

Now, I never mind helping people, but this request seemed to me that somebody just thought I could create an entire Magento website for them for free, just because I like to blog about Magento! Needless to say, I didn’t reply …

How about we give you SSH access to our server?

Then something strange happened: All of a sudden I got an e-mail where I was added to a mail conversation with some other developers and they wanted to send me usernames and passwords to give me SSH access to their server.
Now hold the phone! Is this guy serious? I didn’t even reply to his previous e-mail and all of a sudden he is giving me access to their servers? I’d better reply to that first mail he sent to me, letting him know that I have no interest in helping him.

So I looked up that first e-mail I got a week earlier, and I replied:

Sorry for the late response. I’m sorry to inform you that I don’t have time to help you with your problem right now. I have a fulltime job during the week and in the evenings my leisure time is very spare. If you’re looking for a company to do a complete webshop I could introduce you in the company where I work (http://www.happy-online.nl). Let me know if you’re interested in that.

There! That’s that! Done! At least, that’s what I thought.

You’ve got mail! Again!

2 hours later I got a mail that started to give me the feeling that something more was going on:

Hi Giel,

I thought you accepted our contract on “Upwork” ? To make the changes to the product page on [website]*

Sorry to hear if you are no longer able to do that, but i thought [Name A]* and [Name B]* were setting you up access on our new development server ?

If you could just confirm, if this help with the product page is no longer something you can do ?

*: Names and website are removed for privacy reasons

Accepted our contract on what?!? What is this?!? Trying to keep my cool, I replied:

I never accepted any contract. I don’t even know what ‘upwork’ is. I don’t even do freelance work anymore since 2012. I’m just a full time employee at a webdevelopment agency in the netherlands. Aren’t you confusing me with someone else?

While I was waiting for their response, I thought it was time to do some research …

Upwork

Never heard of it, what is it? So I navigated to Upwork.com. Aah… It’s one of those sites where companies can look for freelancers and freelancers can look for work. The site looked legit, so that didn’t botter me all too much. But hey! What’s this? A search bar? Let’s type in my own name and see what happens …

Screen Shot 2015-07-27 at 22.49.09
What … the … F !!!
What in the name of all that is holy is this?!? Apparently someone has used my name to create an account to get some paid job offers! And by the looks of it, succeeding at it! They even used my Magento certification and some personal details! Heck! Even the guy in the picture has glasses, just like me!

Time to set things straight

The first thing I did of course, was e-mail the guy back who contacted me in the first place:

I looked at upwork and I noticed that somebody is using my name to get work. It’s not me. Probably somebody from some shady country or so. I’ll contact upwork to have the account removed. Sorry for the inconvenience. I’m pretty pissed off myself too.

After that I e-mailed Upwork on various e-mail addresses (they don’t have a simple support- or contact address on their website, only a well-hidden contact form). I didn’t got response so I decided to take the Twitter-way:

The guy who contacted me in the first place thanked me and apologised (even though it wasn’t his fault). He also thought it was strange because:

… his english was so minimal.?? when i chatted on Skype Dutch people i know, speak better english than i do ! By your profile, / blog, photo etc…you looked a lot more outgoing than this guy was on Skype…he only had 1 word answers.

He also told me that he’d been scammed before by an imposter who said he was Magento certified and billed him 80 hours of work just to change a logo. A week later, the account was finally taken down:

The lessons learned here

So what can we learn from all this? It never occurred to me that having a tech-blog and blogging about Magento and Webdevelopment could be used by other people to try and make a buck. But what can be done to prevent this from happening? There are 3 sides to this story:

The developer

I am a developer. Now I don’t do any freelance work (anymore), but I do blog, and there are more developers who work just like this. What can you, as a developer with an interesting online identity protect yourself from these shenanigans?

  • Google it! : There’s nothing wrong with Googling yourself, and it’s a quick way to see what other sites are talking about you or might even have online profiles about you.
  • Hide certifications : One thing my imposter did, was he took the link of my Magento Certification (which was public at the time) and placed the link in his own sales-talk. You can easily protect yourself for this by choosing to opt-out the public certificate library.

The ‘Upworks’ out there

Upwork is one site, but there are many others. Here are some tips they could consider to make their product more reliable and fraud-proof:

  • Google it! : the first thing you could do is Google new attendees. If someone at Upwork would have taken the time to enter my name in Google they would notice that the domain name gielberkers.com (most likely) differs from what the imposter has entered in the URL field (if he filled in anything at all). An empty or ‘different’ URL should rise a red flag.
  • Find other ways of contact : If Upwork would have found www.gielberkers.com they could also have sent an e-mail to some e-mail address @gielberkers.com just to verify that the one holding the domain is the same as who is trying to create an account. Other channels to check could be social media, like Twitter or Facebook.
  • IP Address : My imposter stated that he lived in the same town where I live (he probably had that from my Magento Certification page). A simple IP check would have most-likely shown that the IP address where he was logging in from wasn’t that given location. This could also have rissen a flag.
  • Just verify it : Upworks’ official response was ‘No we don’t verify information on profiles’:

    I find this rather saddening because if you want to provide a service of a specific quality to your customers, you want to be sure that the people you are representing are who they say they are. A simple uploaded scan of a drivers license or ID card would do.

The only issue with all of this is: companies like Upwork earn money from their business model; which is connecting companies and developers together, and getting a small cut while they’re at it. One could argue that they wouldn’t mind if there are some imposters in their database, after all: money is money. Let’s just hope that we live in a better world than that. I do believe that as a brand, it’s best to have a database of high quality freelancers instead of having a polluted database. But hey, what do I know? I’m just a developer!

The imposters

And to all imposters out there: I find it saddening that you need the skills and ambitions of other developers to try and get a job. That makes you nothing but a con. If you would rather spend your time learning your trade, and working on your online presence, you wouldn’t have to lie about it. After all: it doesn’t take long for the truth to be exposed. Take this company that contacted me for example: they were well aware of my blog and my skills in the English language. But during Skype they only got one-word answers. But hey at least you made a few bucks…

In conclusion

I’d better start Googling myself more often…

Visitors give this article an average rating of 3.8 out of 5.

How would you rate this article?

One thought on “How my online identity got stolen”

  1. Julien says:

    Hello,

    Just to tell you that the person who stole your identity is still on upwork and hacked our site to get money. If you want we can send you the skype conversations… Upwork accepted to suspend this account and we will make a claim against Upwork.

    May you have a good evening ahead.

    Best regards,

    Julien

Leave a Reply to Julien Cancel reply