Saturday, March 07, 2015

Scammed, I Think

It all started when I got a LinkedIn request from a technology writer in Greensboro, NC named Jenifer Lawrence. Her profile said she wrote for a publication called Chronicle Quest. Nothing alarming here. If you have almost any kind of online profile, you get these regularly from some people you know and some you don't. While I didn't know her or the publication, there was a picture of Jenifer, her credentials looked legit, and she had connections with some others I did know. I figured no harm in saying yes; perhaps it might lead to some opportunity down the road. I clicked on "Accept" and promptly forgot all about it.

A few weeks later, I got a similar request from a writer in Rochester, NY named Heidy Lawrence writing for Techno Times. Again, by itself, no real flags. A picture, credits from several web sites and publications, and several folks I knew in her orbit. But while we all like to think we're reporter-worthy, it seemed a little strange that I was being sourced as some kind of source. I mean, I like to think I'm a reliable expert. But if I'm honest with myself, why would a reporter (or 2) suddenly find me a go-to person? While nothing was obviously wrong, something didn't feel right.

I decided to do a little digging on Heidy. When I went to one of the web sites she wrote for, it was a broken link. Again, it meant nothing: publications, especially web-based ones, come and go all the time. I tried a second: it led me to a Japanese language page, which, when I ran through Google Translate, turned out to be gibberish. Each further link got me absolutely nowhere.

While it all seemed fishy, I couldn't put my finger on it. I finally decided to search the one thing I hadn't tried: her picture. I clipped it, then tried an image search. And bingo, up came a hit. Except it wasn't for Heidy. The exact same picture was tied to the online profile of a woman named Michelle Breau. Michelle wasn't listed as a writer, but a customer services representative for a credit union in Ontario, Canada. I punched around websites in her community, and found her name mentioned. Her profile also said that she was a yoga instructor. And when I searched for Michelle and yoga studios, up came a hit for a class she taught. If Michelle was a fiction, it was Shakespeare to Heidy's pulp.

Going on the assumption that Michelle was real and her picture had been stolen, I decided to drop her a line. I started with a long preamble, giving multiple links to prove I was who I said I was. I continued on with what surely seemed like a very strange email, saying that I thought her identity had been stolen. She quickly wrote back, confirming exactly that. In fact, she told me that when she did a search with another picture of hers that had been online, she got back half a dozen hits using her photo. She face was simultaneously that of Katelind Root, Petra Anderson, Renee Schoof, Dalton Agency and Natalie Hanson.

Michelle had been unaware that someone had stolen her photos and wondered who might be responsible. With identity theft so pervasive, my guess is that it's some kind of phishing scheme. I have had some on-line challenges be visual based rather than answering a secret question. And so take the next step: if someone connected to you was asked to ID your photo as part of a password response system, it's not hard to see how it could lead to the theft of more than just that image. (Out of curiosity, I backtracked to that first reporter who contacted me, Jenifer Lawrence. When I image searched her picture, I found half a dozen matches, from Sara Farley to Sonia Ruscoe. I suspect I won't be getting a call to comment on an article for Chronicle Quest anytime soon.)

The bottom line is that I think I'm being scammed. Trouble is, I don't know by whom, what they are actually doing, nor why they are doing it. And I can't figure out the end game, whether it involves money, access or something else. But other than that, I've got it nailed. I mean awareness is half the battle, so there's no way they can con me. Right Heidy?


Marc Wollin of Bedford tries to be secure online. His column appears regularly in The Record-Review, The Scarsdale Inquirer and online at, as well as via Facebook, LinkedIn and Twitter.


Andy Rathbone said...

There are a lot of bots on LinkedIn. Programmers and web developers create LinkedIn "bot farms," and then sell connections to LinkedIn members who feel the need to boost their connection count.

It happens with other social media companies like Twitter, as well. People want to buy popularity.

Another clue to a bot account is to see if the picture is cropped oddly to show only a portion of the head. That's an attempt to keep Google's image search from recognizing the photo.

Marc Wollin said...

Andy: Sorry, but never saw this commnent till now. Thx for weighing in. To date, I haven't been asked to comment any any further journals, nor wire money to Nigeria. So safe for the moment! Thx for reading. Marc