A different sort of scamOctober 5, 2012
As regular readers know, if I provide instructions on how to do or solve something, I put a PayPal Donate button at the bottom of the post. PayPal notifies me via email of each donation.
I got this notification email from PayPal:
My suspicions were raised immediately. Why?
- The amount was for one cent (my default donation amount is $5, and no-one has ever paid less than $1).
- I’ve never heard of the Swedish company referred to — an internet search shows that it exists, but I’ve watched too many ‘long-con’ TV shows (like ‘Hu$tle’) to believe that just because a site exists it’s legitimate. Likewise the legal firm named in the message — it exists according to Google and the US Whitepages.com site, but the phone number varies depending on which site you look at. In some cases the phone number for the legal company is the same as that in the message; on other sites, it’s a different number. The addresses in the message match those I found on the internet. (Yes, I have deliberately blurred out this information.)
- A search for the Fred person showed that there is such a person who is listed as the CEO of this company, including a LinkedIn profile. Again, it could be legitimate — or fake.
- There’s no email contact information in the message itself, so whoever this is wants me to call them. Or write them a letter.
- The message says that I’m using their name in ads on my blog. And that they’ll ‘purse’ me. But I pay an annual fee to WordPress.com to NOT have ads on my blog. There ARE NO ads on my blog. EVER.
- The message also says they’ll ‘purse’ me for $1 million A DAY for each day the ad has appeared. Nothing like scare tactics to make people comply! Seeing as though I have no ads on this blog, I know that these supposed ads have never appeared, thus they cannot ‘purse’ me for anything. But such a warning might be enough to scare someone into making contact with the person or the companies listed.
- The sentence construction leaves a lot to be desired, especially if it supposedly emanates from a legal firm — they are usually SO particular about wording. For example: ‘You have 24 hours to remove your ads to at least put our legal efforts on hold while we consider the ethics of your marketing efforts.’ What on earth does that mean??
- The final suspicious bit of information is the email address of the person who donated the one cent — it’s a Gmail address, which absolutely anyone can set up with any name. Had the email address been from either the company or the legal firm, I’d have a bit more faith in it, but I don’t trust a Gmail address like this when the message content names names and companies and addresses and phone numbers.
So, what to do about this? Well, I guess I have a few options:
- Do nothing.
- Contact PayPal
- Contact WordPress.com
Contacting the people/companies listed is not an option as I suspect this is just a scam to get me to do just that and then threaten me with legal action if I don’t pay them some unspecified amount of money.
Update 8 October 2012:
I sent a copy of the email notification to the ‘abuse’ email addresses at PayPal and WordPress. WordPress said they couldn’t do anything about it as it wasn’t a comment or threat made on my blog and to contact PayPal. I hadn’t received any response from PayPal so today I called them.
The upshot is that someone in Chicago has a website with a PayPal Donate button that uses the SAME PayPal code as mine (possible transcription error on their part?), and that person’s website has cosmetics information, including information about the company mentioned in the threat (I couldn’t find that page today, but PayPal told me it was where the donation originated from last week). PayPal was able to see exactly the URLs that were clicked for all my donations in the past two months and confirmed that only one had come via that Chicago person’s link — the donation with the threat.
What action will PayPal take? According to the person I discussed this with, PayPal will:
- Try to contact the person behind the other website and get them to fix the code # for the link on their PayPal Donate button (IN PROCESS).
- Reverse the donation from my PayPal account (DONE).
- Contact the person who donated the one cent and let them know that their threat went to the wrong person and scared the cr@p out of someone in Australia!
- Email me to confirm that I am not legally responsible for any of this (RECEIVED).
Yes, I have the URL of the other website and can confirm that their PayPal code behind their Donate button is the same as the one on this blog. And a quick search of Whois showed me that the domain was created on 29 September 2012. The company who made the threat was on to it pretty quickly as they made the threat only a couple of days later.
So, after several 90+ minutes on the phone with PayPal, I can breathe a little easier.
Update 24 October 2012: <sigh> I received another legal threat from yet another company about this Chicago person… And I’ve called PayPal again, but the upshot is that they can’t (won’t?) try to find the person behind the other website even though that person MUST have a PayPal account to even have a Donate button on their site. The bottom line is that I have to generate a new button code with PayPal (they assure me the codes are unique…) and then apply it to ALL my posts that have a Donate button… some 400 blog posts! I’m NOT happy, but I will have to do it to protect myself from further baseless legal threats. (I actually decided to test out a sidebar widget for the Donate button, and that works. So I’m in the process of deleting ALL PayPal Donate button options at the end of the individual blog posts. Why? Because if there’s ever another instance like this, I’ll only have to update the code in ONE place, not hundreds.)