[HN Gopher] Someone is pretending to be me ___________________________________________________________________ Someone is pretending to be me Author : iBotPeaches Score : 1146 points Date : 2022-09-27 15:50 UTC (7 hours ago) (HTM) web link (connortumbleson.com) (TXT) w3m dump (connortumbleson.com) | iBotPeaches wrote: | I submitted my own blog here, but then my intentionally | configured HN timeouts locked me out. I was wondering why my | little Linode was dying. | | Yeah this was an incredibly odd and creepy experience that I | continue to investigate here and there. I really appreciate the | interviewer for letting me stay on and confront the imposter. | hmm-interesting wrote: | Username seems familiar. I have spent a lot time with your | apktool, few years ago. For the first time, I saw your real | name and photo. Thank you for this amazing tool. | archon810 wrote: | That's exactly how I know Connor too. Wild to see him at the | top of HN with this story. | EamonnMR wrote: | The Darknet Diaries guy will probably want to interview you | after this. | macintux wrote: | I could sure use a flowchart to follow this story. Baffling level | of fraud. | KaoruAoiShiho wrote: | This is the type of arbitrage that happens when developers have | similar technical skills but not similar interviewing skills. | probably_wrong wrote: | If the other thread [1] is to be believed there is no | guarantee that the developers on the other side has similar | skills. No need to dig up arbitrage when it could simply be a | scam. | | Even the person they hired here to pretend to be Connor said | himself that's he's just a junior that would pretend to be a | senior. Maybe the idea is simply to get a well-paid job, work | a couple months, get fired (maybe even with a generous | severance), and repeat. | | [1] https://news.ycombinator.com/item?id=32996457 | KaoruAoiShiho wrote: | Yeah it could be "just" a scam though the arbitrage is | really a scam too. The other thread's doesn't make sense | because the dev is still trying to work despite being | immediately id'ed as a different person on zoom. This scam | only makes sense to me to be doing something like stealing | the signing bonus but actually trying to be a dev is | curiously naive or stupid. | lazide wrote: | If the scammers found a naive patsy to be the 'employee' | and used an experienced dev to do the interview, it makes | sense. | | At many companies, they wouldn't necessarily notice the | difference right away too, if someone was pretending to | work. Management is often overloaded or checked out. | Depending on ethnicity, they might also be unwilling to | bring up the issue. | | For example, if the patsy sticks with it, who is going to | call the bluff - especially if no one took a picture? | | They could claim the manager was being racist by not | being able to recognize them or something. If someone IS | not great at recognizing/telling apart, say, Indians, it | could sow doubt that would make it harder to address. And | that is a lot of people in the US. | | The longer the delay, and the more legal buttons get | pushed, the more the company pays out before the scam is | over, and the more lucrative it is. | OkayPhysicist wrote: | Pay out to whom? Surely the employment paperwork, the pay | checks, the direct deposit forms would have to also be | under the assumed name? | lazide wrote: | It's not hard to find local cut-outs in most areas. In | most cases, those folks are also patsies. | | Another, different party who cashes checks written to | their name in exchange for a cut, for example. | | As an example, there is still the old in the tooth | craigslist 'oops, I sent too large a cashiers check, can | you send me the extra?' scam, which is an even more | obvious ripoff, and people fall for that all the time. | | If approached by law enforcement, their story would | likely be they were working for X (different) company as | an assistant or in finance, etc. The other company of | course will be in a different state, country, or | whatever, or maybe not actually exist, depending on the | logistics of the money movement. | | The scammers could easily have 10-20 different paychecks | going to one person without anyone being the wiser - at | least until the IRS got the W-2s or the cut-out started | thinking about the long term consequences. | | Scammers are used to a lot of churn with stuff like this, | it's why these scams are hardish to run and aren't even | more lucrative. Think breaking bad and 'Walt trying to | ACTUALLY make money selling meth'. Lots of surprise | expenses, people going sideways on you, competition you | didn't expect, paranoia, logistics difficulties. | | That's assuming they aren't just forging/stealing SSNs or | identities and using some kind of front somewhere, like | payday check cashing places willing to look the other | way, or whatever. | | There are plenty of folks running bad check scams or the | like already, and they don't have the benefit of checks | that will actually cash (all the time), like a big | companies payroll check. | OkayPhysicist wrote: | I wasn't even thinking about the fact that it leaves a | paper trail. I was just thinking about the fact that the | company who ostensibly hired "John Doe" is being given | payment details for "Jack Frost". | lazide wrote: | It wouldn't be hard to have it be John Doe all the way | through, at least for folks doing this. Setting up things | like this is a common tactic in a lot of common financial | crimes now a days. | ryandrake wrote: | Whenever I read these kinds of super-complicated scams, I can't | help but think if the scammer would have instead invested all | that time and effort into legitimate tech and interviewing | skills, he/she could have just come in the front door! It's | like the person who spends hundreds of hours putting together | the perfect exam cheating scheme, where they could have instead | put in half of that time actually studying! | | Or, in video form, the Kay & Peele Bank Heist[1] | | 1: https://www.youtube.com/watch?v=jgYYOUC10aM | notahacker wrote: | The guy organising it appears to be living in a lower middle | income country with technical skills limited to badly | installing WordPress plugins and doubts about his spoken | English. | | Even if he actually has the capability to become a _really_ | good programmer, I 'm not sure he's going to beat getting | half of potentially dozens of US-based developers' contract | incomes for less effort than spamming job boards and running | a Slack channel | jeroenhd wrote: | No matter how much work you put into setting up a scam, | you'll never be able to beat the H1B lottery. | | Companies know that they can pay less money to people in poor | countries because an American wage in a third world country | would have them live like kings. Going the honest route | significantly cuts your profits if you live in these | countries. | | The "Plamen" person linked in this blog says he was educated | in Sofia and Veliko Turnovo, Bulgaria. The average salary in | Bulgaria ranges from $18k to $30k depending on the city | (taking the optimistic route, here, sites like | https://www.zaplatomer.bg/en/salaries-in-country give much | lower numbers!); with an expected wage starting at $59k, they | would be able to live a wealthy life earning twice the | average wage just by getting lowballed by an American | company. Spending that wage from a small California apartment | wouldn't be nearly as profitable and comfortable as it would | be living from a nice house in Bulgaria. All they'd need is a | good internet connection and a shifted sleep schedule to take | part in meetings. | | That's assuming the guy can actually deliver on his tasks. My | guess would be that these scammers have limited technical | skills and rely on waiting for the slow evaluation process to | fire them and then moving on to the next company. | treis wrote: | In a lot of ways it's a convoluted form of arbitrage. These | people "buy" developer labor in the cheap markets and "sell" | in the expensive ones. Obviously bad when the developer labor | doesn't get delivered as advertised. But if you can pull it | off then mostly good for everyone. | fsckboy wrote: | > _I could not stand this anymore listening to someone | legitimately claim they were me...So I turned on my camera, | renamed myself back and asked the individual what the hell they | were doing... However, before I did that. I wanted to childishly | email the address of the person impersonating me._ | | WHY!? the undercover vicitm doesn't jump up and shout when the | crime starts to go down, except to drive the plot in really bad | tv series. | | This could have been the beginning of a new Cliff Stoll _Cuckoo | 's Egg_ thriller! I am dissapoint, but I guess "who has time for | all that?" Interesting story nonetheless. | | It brings to mind these immortal words (needs more line breaks | but then it would be longer): | | _If you can keep your head when all about you Are losing theirs | and blaming it on you, If you can trust yourself when all men | doubt you, But make allowance for their doubting too; | | If you can wait and not be tired by waiting, Or being lied about, | don't deal in lies, Or being hated, don't give way to hating, And | yet don't look too good, nor talk too wise | | If you can dream - and not make dreams your master; If you can | think - and not make thoughts your aim; If you can meet with | Triumph and Disaster And treat those two impostors just the same; | | If you can bear to hear the truth you've spoken Twisted by knaves | to make a trap for fools, Or watch the things you gave your life | to, broken, And stoop and build 'em up with worn-out tools | | If you can make one heap of all your winnings And risk it on one | turn of pitch-and-toss, And lose, and start again at your | beginnings And never breathe a word about your loss; | | If you can force your heart and nerve and sinew To serve your | turn long after they are gone, And so hold on when there is | nothing in you Except the will which says to them: 'Hold on!' | | If you can talk with crowds and keep your virtue, Or walk with | Kings - nor lose the common touch, If neither foes nor loving | friends can hurt you, If all men count with you, but none too | much; | | If you can fill the unforgiving minute With sixty seconds' worth | of distance run, Yours is the Earth and everything that's in it, | And - which is more - you'll be a Man, my son!_ | | If: A Father's Advice to His Son -- Rudyard Kipling | FpUser wrote: | This post made me look up my name on Upwork. Luckily I am not | there. Currently contemplating wiping out my info from LinkedIn | dabernathy89 wrote: | If you are a software developer, check to make sure you aren't | being impersonated on Upwork as well. A couple months back | someone (I think I know who, but have no proof) was posing as me, | and a suspicious client noticed that the person they were | chatting with on video did not look that much like me in real | life. Two other PHP/Laravel devs had impersonators on Upwork as | well around the same time. | | One of these other devs only noticed because the client sent a | calendar invite to his real email, instead of the one provided by | the impostor. | | [edit - I'm reading through the original post, and I see now that | this was all done through Upwork as well. Yikes!] | wildrhythms wrote: | How might someone 'check' for this on Upwork? | NaturalPhallacy wrote: | I actually have a weekly google alert that searches for my full | name, which fortunately/unfortunately is basically unique. It's | normally nothing but a handful of false positives, but the week | I appeared in the local news lit it up like a Christmas tree. | paraknight wrote: | I knew immediately it's Upwork. This is extremely common on | there. The main reason is because developers in Western countries | can demand higher rates. Just watch out for the red flags: | mismatching LinkedIn experience, no camera during interview, | incorrect accent, etc. Don't trust the reviews because accounts | are routienly shared and/or sold. | | I've had some fun with this before where a developer with a | clearly Chinese accent, and of course no webcam, posed as German | (mispronouncing his own name) and freaked out when I switched to | conducting the interview in German. Of course I notified the | person whose identity he stole and reported the profile to | Upwork, but it's a drop in the bucket of the scams. | tablespoon wrote: | > The main reason is because developers in Western countries | can demand higher rates. Just watch out for the red flags ... | incorrect accent, etc. | | At least in America, that's not a valid tell. There are tons of | developers in Western countries that have foreign accents. | rippercushions wrote: | "Incorrect" here means the accent not matching the name. For | example, it's unlikely that a person named Connor Tumbleson, | who according to their resume was educated and has worked in | the US all their life, would have a Chinese accent. (Not | _impossible_ , of course, but unlikely.) | jjslocum3 wrote: | In 1996, my employer got a contract to work with AT&T to build a | website that provided regular event updates from the Atlanta | Olympics. In 1996, this was a very big deal, such a newish | concept that the project was written up in AdAge or some similar | industry magazine. | | A few months later a prospective junior engineer came in for an | interview. My manager asked him the typical "tell me about an | interesting project you've worked on lately." He then proceeded | to describe in detail the very project we had just completed, | even referencing the magazine article about it (he must have | forgotten he was interviewing at the company mentioned in the | article). At the end of his presentation, my manager said "That's | interesting, because here at X, we just completed that project." | | Awkward silence. Then the interviewee got up and said "I guess I | should go now." My manager said "Yes, I guess you should." | | Impersonation of this sort can be simultaneously disturbing and | somehow comical. It isn't a new phenomenon; I'm not decided on | whether I believe the information age makes it easier or more | difficult. | tg9000 wrote: | What a small world! Unless you are also making up that story | (which I would get a huge laugh out of) I'm 99% positive I was | in the room with you when this happened. :) | jjslocum3 wrote: | I wasn't in the room, but my manager was. Is that you, | Preserved Killick? | codazoda wrote: | Wait! Are you his manager or the imposter?!?! | Aperocky wrote: | There's a high possibility that he's the imposter of the | imposter. | RationPhantoms wrote: | What the heck is going on in this thread? | NonNefarious wrote: | <click> | | Candidate 1 has left the chat | [deleted] | [deleted] | almog wrote: | This story gave me an idea for a different kind of scam in which | the scammer acts as a man in the middle between a candidate and | an employer. The idea is that the scammer could pretend to be the | employer, tempting the candidate to go through the interview | process. Whether the employers decides the reject or extend an | offer, in both cases the scammer "rejects" the candidate, and | takes on the offer to cash out pay checks until they're being | fired. | | The main technical challenge for a scammer would be to create a | trustworthy looking email address so as to not raise the | candidate's suspicion. It might not work with big companies but | I've seen some companies using 3rd party services to send | interviews invitation so it's not completely unlikely that this | could work. | Ancapistani wrote: | I wonder how widespread this really is? | | If it's reasonably common, there might be a place for a | "reputation protection" service in the tech community - a service | that watches various contracting and hiring sites for its members | names, then notifies the real person when their name is used. | | I could see it being a real issue in the future if someone's | professional reputation is tarnished this way. If a prospective | employer searched for a candidate and found multiple profiles | with very different skills listed, that would be a huge red flag. | Worse, if the fraudulent person was hired and then fired, that | information could find its way to places where the real person is | applying. | | If they were able to successfully land a job like this, I could | also see that messing with the real person's tax situation. | | ... I'm off to look for my name on Upwork, I guess. | awb wrote: | I had a similar experience back in 2008 when I started a fully | remote digital agency. | | One of my first employees was doing fantastic work, until his | performance fell to 0 - no communication, no deliverables, | nothing. Turns out, he stopped paying the subcontractor that | was doing his job for him. | | The subcontractor contacted me months after I fired the | employee and confessed. Apparently, the long-pauses and loud | typing during my conversations with the employee was the | employee messaging the subcontractor asking for help answering | my questions. | | So, in my case, the employee was still the front. In this case, | they're attempting to eliminate that bottleneck by just having | the subcontractor impersonate the employee. | pnw wrote: | This reminds me of the time I agreed to hear a seed pitch from a | Web3 company and they accidentally showed a slide where they had | copied text from my LinkedIn profile onto their team slide under | an unnamed VP that was "soft circled". The text was distinctive | enough that I immediately recognized it and it couldn't have been | any other person. I'd never met them before that call and wasn't | looking for a job. | mherdeg wrote: | Is any actual work happening here? Does someone ever sign an | offer letter and start checking in source code? | lazide wrote: | Many (most?) large companies might take months to fire someone | even if it was blatant and obvious. Process to follow, etc. | | Considering how distracted and overwhelmed many managers are | right now, some might go _years_ before catching on. | | Even if no code got checked in. Chances are, they could also | farm out a bit here and there to a friend to make it a harder | problem to resolve for the company. | fallat wrote: | CogitoCogito wrote: | There exists public information about me and yet I don't really | expect people to impersonate me on interviews. I guess I'm just | naive. | TrackerFF wrote: | As for motivation, maybe cash out one or two paychecks? Dunno how | it works in the US, but where I live that would be hard without | any ID or tax information. Maybe they'll request the first | paycheck as a cashiers check? Paypal payment? Who knows. But | 1-2-3 months worth of US-level salary would be a fortune in some | parts of the world. | | In the days of remote work, it would not surprise me a bit if | there are organized criminals doing this 24/7. Just churning out | job applications, hiring people off fiverr, upwork, etc. to do | the interviews, collect a paycheck or two and disappear. Could | easily be worth $5000-$20000 pr. scam, if they manage to get | hired. | macintux wrote: | Related active discussion in this thread. Ask HN: Have you | experienced "hiring fraud?" | | https://news.ycombinator.com/item?id=32996457 | KaoruAoiShiho wrote: | Why didn't they make a up totally fake person with a fake history | instead of using a real person? I feel like it's possible to do, | even fake a github. | sigio wrote: | It't way more work to make a fake profile, with actual | contributions to different (real) repositories, then just | pretend to be an existing one. | Gh0stRAT wrote: | If they want to actually start and collect a few paychecks, | then they'll need to pass a background check from HireRight or | whoever. This'll probably include transcript checks, verifying | past employment, etc. | | Much easier to just use a real person's identity. | KaoruAoiShiho wrote: | Even for simple freelance gigs? | sarchertech wrote: | They would also need to steal the persons SSN and likely need | to get through one of those identity check questionnaires | from credit agencies. And they'd probably need to fake an ID | as well. | | Non trivial stuff for a specific target. | type_Ben_struct wrote: | Wow. This is creepy. Props to the interviewer for allowing the | real Connor to stay on the interview and observe. | | This is one of my big problems with LinkedIn. We put so much | information out there in public, it's really easy for people do | do this. That information can also be used for things worse than | applying for jobs. | | I think small companies hiring freelancers are most vulnerable to | this. In the UK at least companies have to carry out very strict | right to work checks, including passports, National Insurance | numbers, etc. | djitz wrote: | A company I was working for wanted to bring on a couple of | freelance devs for a short-term project and I had to handle the | interviews. | | I ended up uncovering a whole scheme where an experienced dev | in the US would hop on the calls/video interview and then the | actual work would be handed off to some other people based | overseas. | | If you tried to contact the "dev" for something, your call | would be routed to a google voice number and you'd receive a | text message in somewhat broken English shortly after. | | Their scam only lasted a few hours with us, but I often wonder | how well they are able to pull this off. | hinkley wrote: | I was once pulled in to observe (in the "are you seeing this | shit?" sense) an interview where someone off screen was | answering questions and the person on camera was moving his | lips. I'm not sure if they wanted me to share in the joke, or | verify that there was no form of latency that would make lips | and audio fail so badly to line up. I'm pretty good at | pattern matching. There was no pattern. It was two guys | pulling a fast one. Or at least trying to. | | This was an outsourcing group. In the grand scheme of things, | "white people are stupid" is not entirely wrong, but there's | a line you know. And there are lines beyond that line. And | then there are these assholes off in the distance. | throwawaysleep wrote: | I did this for a friend to help him land a job. We got away | with it. | sicp-enjoyer wrote: | Do you think you helped anyone in this scenario? | throwawaysleep wrote: | My friend, who is still earning a 200K salary 9 months | later. He got terrible initial reviews, but they kept | him. | sixstringtheory wrote: | Sounds like they're stealing that salary, not earning it. | Hope they work at a place that will never affect me | personally. | bad416f1f5a2 wrote: | > Sounds like they're stealing that salary, not earning | it. | | On the contrary - if someone has been at a company for 9 | months & had terrible early reviews, the company had | about ~6 months to deal with them. In my experience, | truly bad hires get lukewarm 30 day feedback, negative 3 | month feedback, and are on a PIP soon after. | | If you're there after 9 months, it suggests you've | demonstrated some level of value to your employer. | sixstringtheory wrote: | I can assure you there are plenty of underperforming, | incompetent and even flat out absent employees cozied up | in hidden little niches at all kinds of companies that | don't let them go for a variety of reasons. | mistrial9 wrote: | (upvote) its encouraging to see real info like this here | - especially when semi-anonymity supports that | stewarts wrote: | Had similar while hiring for a Sr Dev. The person who first | joined the call was not able to articulate any of the | frontend or backend work they had done at the previous | contracted company. | | Call goes static, call drops. | | "Person" rejoins. Who is obviously a completely different | person who was able to thoroughly fill in the previous | details missed. | | We ended the call there. Mistake: didn't require video for | the session when the first individual proclaimed they were | having issues with video. | heavyset_go wrote: | This is one of the many reasons I don't dilvulge anything on | LinkedIn and merely use it as a funnel to my contact page on my | own site. | stefanka wrote: | What difference does this make if the information is on your | own site? Or do you share upon request only? | heavyset_go wrote: | It's available upon request only. | darepublic wrote: | Legit worried about these shenanigans now. So much info is leaked | via job searching. | [deleted] | tgbugs wrote: | I had to review a number of developer resumes from a similar site | back in 2020. Reading through them absolutely set off my "this is | a fake person" detector. The resumes had similar formats, they | all seemed to point to a real person, but there was a lingering | sense of similarity between them which was too much to account | for. I though it might have been because the site provided a way | to create resumes and they were all choosing from some common set | of options or something like that. However, reading this account | makes me think that a scam like this is an equally likely | explanation. | enviclash wrote: | This exposes the truth about showcasing who we are all the time | all around the internet, why too many details are needed out | there anyway? I will keep posting my CV online, but really, it | makes me feel like I should not. | ChrisMarshallNY wrote: | _> discovered through Upwork_ | | That's been my own experience with Upwork (as someone looking for | work). | | 100% of the contacts I received _(100%, like in Every. Single. | One.)_ was a scam (either trying to scam me, or inviting me to | participate in a scam). | | I realized that Upwork is a sewer, and quickly bailed. | | It's sad, because I heard very good things about Upwork. Of | course, these "very good things," all came from people who | _hired_ through Upwork. | bubblethink wrote: | Isn't this the same modus as the North Korea scams that we've | seen a few times before ? We've seen similar stories on HN and | there was a darknet diaries episode about this too. | victorclf wrote: | These kind of frauds are really bad for legitimate remote | workers. Hope employers don't get burned and start cutting back | on remote opportunities. | lazide wrote: | A big reason why a lot of companies are trying to push people | back to the office is they have low confidence that line | managers will catch these kinds of problems, and many more - | including 'the guys working 4 jobs and barely doing anything | for us', the 'guy starting his own company that competes with | us at the same time as working for us', the 'guy who farms out | all his work to subs in India', etc. | | It's easy to say 'if they don't notice, then clearly it's not a | problem' - but it has downstream effects, like broken products, | huge legal liabilities for the company including often scary | handling of customer data to make it work, and morale hits as | other folks pick up on things like this happening and being | uncaught. | | These are real, albeit currently low percentage/high risk | things that happen. The more people get away with it, the | higher the percentages of people who will try (people | rationalize it to themselves as 'everyone else is doing it', | and 'I'd be foolish to not do the same thing everyone else | is'.). | | The biggest issue I've seen with remote work (in practice), is | it makes it really hard for a manager to see and _actually_ | understand what 's happening (not just what people SAY is | happening, which is rarely the same thing), and makes it easier | for employees to hide things they don't want others to see. | Which leads to more of everything from undiscovered-until-too- | late burnout, to team members who have no idea what to do or | how to do it, to opportunists grifting. | mk89 wrote: | > A big reason why a lot of companies are trying to push | people back to the office | | Which is kind of useless for most of the points you described | at the end. There are plenty of comments here really proving | that you can scam even in person interviews. Let's say you | are not scam, you pass an interview. You can still do all of | those things while you work. | | The only way to prevent this is by having keyloggers and | similar tools on the work laptop so that you can actually see | what people do. And even then, if someone does "enough", | would you really check? Probably most people nowadays | wouldn't care, as long as you deliver. | | The truth is: most people are honest, they do "normal" work, | they get a raise, etc. Then there is a percent of people | which exploits the system. A system that let's be honest | tries to profit from them too by giving lower wages, etc. | dctoedt wrote: | I hope Andrew [0] -- the college junior with morals who blew the | whistle on the attempt to get him to impersonate the author -- | gets an internship or job offer out of this; he apparently was | having a hard time with that. | | The author's sleuthing is reminiscent of Cliff Stoll's _The | Cuckoo 's Egg_ from 1989. [1] | | [0] Andrew blogs at https://unfooling.com/, according to the | article. | | [1] https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book) | javajosh wrote: | Perhaps at the end of the day that's what the scam was about, | getting Andrew an internship. I mean if I was writing the movie | that would be the twist at the end | lmarcos wrote: | He he. For a second, that's what I thought as well. But I | want to believe the story is legit. | nonrandomstring wrote: | > I hope Andrew [0] -- the college junior with morals who blew | the whistle on the attempt to get him to impersonate the author | -- gets an internship or job offer out of this; he apparently | was having a hard time with that. | | Excellent point. | | I've been wondering about ways to test students on | "trust/morals" and decided its one of the most valuable yet | least well understood qualities. Employers generally rank | skills, knowledge, salary, even age/gender/race above | dependability/loyalty, or barely consider the latter at all. | | Other than lengthy vetting and imprecise security clearance | procedures this is such a hard quality to discern, and so | costly when you miss the mark. The costs of defection, | industrial espionage, and sabotage seem poorly quantified in | HR. I think a corrosion of work relations has come about from | devaluation of workers qua humans, and the corresponding | disrespect people have towards their places of work. Is that | inevitable under capitalism/efficiency? | | And, harder question... does it even matter? Especially once | AIs and remote agents take-over many jobs? Does a corporation | _care_ if the worker is an imposter and liar who abused a false | identity to get the post, so long as they produce working | results? | | Is there a kind of moral Turing test here? What do work | relations have to do with human-relations in the limit of the | present trajectory? | vsareto wrote: | >Does a corporation care if the worker is an imposter and | liar who abused a false identity to get the post, so long as | they produce working results? | | It's definitely a concern when you need to worry about spies | infiltrating your company | lazide wrote: | Also - how likely are they to be able to continue doing so, | and how much of my companies sensitive information is being | leaked to who knows where by whom? Including data that | opens up the company to some giant liability lawsuit or PR | issue later? | ChrisMarshallNY wrote: | I'm big on personal Integrity. | | It doesn't seem to win me any points. | | In fact, it seems to actually count against me, as I'm | sometimes accused of being "snobby." | | Ah, well... | | STORY TIME: | | A few months after I had been promoted (the first time) to a | manager, one of my new employees was hired by my boss' boss, | while I was out on medical leave. | | When I got back, I found out that he had made a promise to | the new (now hired) employee, that he was not "legally" | allowed to do, and had to let the guy do it (because he | promised). | | He asked me to sign it off. | | I declined, sure that my job was in jeopardy. | | Surprisingly, he took it well, and it was never mentioned | again (until now). He actually had a lot of Integrity, and | was uncomfortable with it (it was a mistake; not deliberate). | suoduandao2 wrote: | I've simply asked candidates 'tell me about a time you had to | make a moral judgement'. I'm kind of surprised that it's not | a more common question, but of course that makes it work - | truly immoral people would have a made-up anecdote if it came | up regularly. | geekbird wrote: | I would put it as "Tell me about a time when you had to | take an ethical stand or make a choice based on ethics." | dleslie wrote: | I like "Tell me about a time you failed miserably, | absolutely and unequivocally, and how you recovered from | it." | | It's surprising how illuminating the responses are. | laumars wrote: | I remember in one job the company had a set of questions | we had to ask candidates on top of the technical | questions. One of them was "what would you describe as | your biggest weakness?" | | I always grown when I have to ask that question because | you always get some stupid answers where people say | things like "I'm just too organised" or similar spin to | make a negative sound like a positive. Frankly I can't | blame them because it's a ridiculous question to ask. | | However this one candidate not only listed off one flaw | but three of them. I remember thinking "shut up, shut up, | shut up. You're not supposed to answer this honestly!" | | However this ironically turned out to be the reason I | hired him. I figured if he is that honest and able to | identify his flaws then he must have a good work ethic. | | He turned out to be one of my best ever junior hires. | dleslie wrote: | I tend to coach the question to prevent people from | giving it a softball, with something like "I have | certainly caused my fair share of crisis, what I'm | interested in is the experiences you ..." | | It's an adequate test to filter out folks who are simply | incapable of accepting responsibility for their actions, | or who have yet to really shoulder enough responsibility | to meaningfully fail. | notahacker wrote: | I'd have thought a lot of completely regular candidates | would be a bit stumped by that (especially since many non- | trivial moral judgements are personal life stuff that's | _really_ off limits for interviews) | | Although maybe that's the point: psychopathic candidates | end up making up fairly unconvincing heroic stories whereas | regular people look a bit confused and maybe mention | something they _didn 't_ do because they couldn't trust it | was legitimate or ask if their decision to volunteer their | time for $cause counts. | mitchdoogle wrote: | I think it goes without saying that interview questions | are asking about your work life,. altho it might help if | the interviewer specifies that anyway, i.e. "Tell us | about a time you had to make a moral judgment at work" | notahacker wrote: | The point is more that "moral judgements" like the time | you pointed out that the company might violate the AGPL | might actually be good stories to tell an interviewer if | you've lead a drama-free working life building CRUD apps | for regular employers, but are pretty hard to recall when | the first thing the words "moral judgement" bring to mind | are the time you had to stop interacting with X because | they did Y. | 101008 wrote: | Slightly off topic, but | | > Thankfully I'm not sitting on a Windows machine and can just | preview the document via Google without a fear of infecting | myself. | | Is that true? Can you get infected by seeing a preview of a | Google Doc from Gmail or even opening it on Google Docs? I | thought the browser was isolated. | darau1 wrote: | Someone messaged me on reddit once, and straight up asked me to | do exactly this. Below is the message, but I haven't included | their name because I think they were at least trying to seem | sincere. | | --- | | Hi, hope you're doing well. | | We are looking for a professional interviewee. I'm not sure if | you've heard similar thing somewhere. We are a talented developer | group specialized in web and mobile software development. We have | partnerships with US people and deliver our service to clients by | pretending to be US developers. And we share profits with them. | Our partners are satisfied with this business model. | | Everything is perfect except on one thing. It's just the | interview with clients. Normally in the interviews, the clients | ask us some technical questions to see if we are able to deliver | the service they expect. Because we are not native speakers, we | are suffering from taking the interviews and many clients are | passing by us even though they can get what they want. So we want | a native interviewee and hope you are interested in this model. | | Please let me know if you're interested in further discussion. | Thank you! | jawns wrote: | If it were really true that this development group could | deliver according to client expectations, they would do what | many other groups do: form a consultancy and hire an English- | language speaker not as a fake interview candidate but as a | liason. | | I worked with a firm that did this. Basically, they had one | project manager who could speak decent English and about six | developers who couldn't. The English-speaking PM was on calls | with us, and then he'd farm out the work to the developers. | | It was a win-win, because their group was getting work, and we | were getting decent results at a discounted rate compared with | on-shore resources. | | But it's pretty clear that anyone looking for fake interview | candidates is not actually planning to do that. They're | essentially counting on the fact that it takes many companies a | little while to get rid of a bad hire. | darau1 wrote: | I interviewed one guy that seemed to fit this description -- | he didn't speak much, and when he did his accent was strong. | He had someone with him, that seemed to speak on his behalf. | notahacker wrote: | I think the main factor that drives the _alternative_ model | is that a lot of people with jobs that could theoretically be | undertaken by offshore agencies advertise for an onshore | individual (sometimes because they have very strong reasons | not to want to offshore, but also sometimes because they | haven 't considered it). So there's a bigger market of better | paying gigs out there for a "candidate" than an "offshore | agency" (considerably better if they can actually deliver the | work). Not that this particular entity seems to have had much | ability... | | In the grey area, there's still a big difference between a | liason taking on a load of freelance contracts for the farm | under his real name and intermediating comms without ever | mentioning there's actually six other people he's never met | doing most of the work and identity theft to take on remote | full time roles involving work they probably can't handle. | yellowstuff wrote: | I've heard of large consulting companies that do a "bait and | switch" where the client initially talks to a fantastic | technical person prior to signing a contract, then never hears | from them again. | gunapologist99 wrote: | Similar to large law firms; a senior partner closes the deal, | and then they shuffle you off onto an associate fresh off the | bar (who often still bills out at the full senior partner | rate!) | | Sometimes law firms don't even really disclose who's doing | the work, and sometimes in their invoices they'll have a | paralegal's initials under the "Atty" column. | | This is sometimes true even for very large and reputable law | firms. | pasc1878 wrote: | That is normal - you have to add to the interview a | requirement that you interview and have to approve each | person assigned to work for you. | | It is amazing how many managers I have worked for who don't | do that. | rippercushions wrote: | There are some legal sensitivities here: the company is | hiring a vendor to provide a service, and risks co- | employment issues if they start managing the vendor's staff | in any way, including interviewing them. | jliptzin wrote: | Email providers should publicly disclose how old an email address | is, and email clients should warn about emails coming from brand | new addresses. My gmail account is 15 years old, so any email I | send is unlikely to be created just to impersonate someone else. | | This doesn't help though if your name happens to be Kevin Smith | or something. | digitallyfree wrote: | Speaking of the "Kevin Smith" case, I know of someone with a | very common name going into an interview for a job he applied | for - he was underqualified for the role and was surprised he | was selected. Turns out the company had mixed him up with | another candidate with the exact same name and sent out the | interview invite to the wrong person! | darkwizard42 wrote: | Also just ratchets the value of "old email accounts" up a ton. | Reddit has a similar problem with fraud coming from old tenured | accounts with karma (upvote points similar to HN) becoming very | valuable and targets for hackers and spammers. | | I don't know about new addresses, but it sounds like more | robust vetting is needed on the interviewing side. Resumes and | initial screens have become potentially stale and too easy to | fake. | madrox wrote: | About 12 years ago, I attended a barcamp (blast from the past) | where someone gave an SEO talk about how to hack search and | adwords to provide no value but capture eyeballs and trick people | into clicking on things to make money. I recall many references | to a wider community they were a part of that did this, traded | tips and tricks, and generally evolved their trade of grifting at | scale. | | I can't help but feel there's a whole community of people out | there with few morals who are trading tips on how to set up scams | like this. The "web of lies" seems so deep and complicated I | can't imagine this whole thing was built in a vacuum by one | person. | level wrote: | Cached mirror, since I'm getting a gateway timeout: | https://web.archive.org/web/20220927155115/https://connortum... | ajsharp wrote: | I got an offer for something similar from someone recently, | wanting to rent my codementor account that I haven't used in half | a decade. Strange times. | biermic wrote: | Had this happen to me as a client on Upwork. | | Interviewed some Italian guy, but when the job started a Russian | guy with Asian roots was on the cam. | | Somehow I understand his situation, but nevertheless ended the | call after one minute. | cyanydeez wrote: | This seems similar to reports of North Koreans running deep fake | interviews | sebastien_b wrote: | > _"The fake Connor Tumbleson immediately left the Zoom call."_ | | I guess he felt the ultimate Impostor Syndrome. | bluehatbrit wrote: | Careful or he'll change his twitter handle to "thought leader" | and write an self-help ebook about it. | tylerc230 wrote: | I had something similar happen to me a few years back. Someone | using my photo and profile from my personal site and uploaded it | to upwork to get contract work. I found out b/c someone hired | them for a contract (thinking they were me) and got suspicious. | The employer found my real email on my site and contacted me. Not | sure what I can do to prevent it. I put a warning on my site | saying to look out for impersonators. | renewiltord wrote: | How does this work in the end? You'll fail the background check | when you send in your SSN. | Zigurd wrote: | My name is evidently hard to pronounce, even though the spelling, | which is seldom right, is phonetic. It is specific to an obscure | ethnicity. Except for also being my father's name, it is globally | unique. I own the .com of my first name. Despite the occasional | annoyances, I appreciate it as a security feature. | vidalia wrote: | I'd love to understand the legal/tax aspects of this - what SSN | and addresses does the "middle man" use - I get that it's easy to | get an SSN but within a matter of a year most of the work would | be discovered come tax time. And IMO the best parts of Tech are | the actual vesting and RSU/Option packages an employee gets. | filmgirlcw wrote: | This is utterly creepy. Kudos to the college kid who did the | right thing here. | | I've never had anyone try to impersonate me for a job, but I have | had people steal my photos and create Tinder profiles using them | in cities I don't live in (I've been alerted because people who | recognized me sent me screenshots). I tried to catfish the person | who was using my photos to catfish others, but was unsuccessful. | I dreamed of doing what Connor did, which was to confront the | person who was using my face on a video call. | | I'm so sorry this happened to Connor but am grateful he | documented this sort of scam, which I fear is probably a lot more | common than we know. I see people on TikTok all the time | encouraging these sorts of outsourcing scams of taking jobs on | Upwork or something else and then hiring people to do the work on | Fiver or in markets where the cost of labor is much, much lower. | Do this with enough volume and you could make decent money, I | imagine. | | But how utterly distasteful for the victim. | adamrezich wrote: | what gets me about this story is that they chose a developer to | impersonate who seems to have a pretty dang unique name. I share | my name with only one other person in the world, but going by a | quick google search at least, Connor is the only Connor Tumbleson | in the world (or at least online). this seems like a pretty big | liability--if I was in charge of running this nefarious group I | would stay away from names like Connor Tumbleson, and instead go | for impersonating Bob Johnsons and John Andersons or whatever. | wbobeirne wrote: | From the headline alone, I was hoping this would be someone | writing about being the subject of Nathan Fielder's "The | Rehearsal". | ogn3rd wrote: | Allow me! It was awful and Nathan should be done with | television as he's incapable of empathy. | burlesona wrote: | So my guess is that the scam ends with the scammer negotiating a | "deposit" to start contract work, and once the deposit is paid | they disappear. Otherwise I think this scam would be a lot more | work than just actually getting programming gigs and doing the | programming work. | wildrhythms wrote: | The way I read it is: the scammer will secure the contract | using the help of their industry-decorated accomplice, and then | outsource the actual work-related duties to developers they | find on Upwork, etc. | fortran77 wrote: | After seeing several stories like this on Hacker News, I've | pulled down my LinkedIn profile. There's no reason to have your | resume on-line. | registeredcorn wrote: | >So we can see the 35 members in this Slack, but I don't feel | comfortable posting that list. I have no idea who is real or fake | and who may be working for this company unaware of what is | actually happening. | | >So I sent an email to two of them after I found them on LinkedIn | to further help investigate this. One immediately responded | unaware of this behavior occurring and left the group. | | Although I admire the authors restraint, I am more than a little | unimpressed with one of the contacted being "unaware" of the | behavior. "Excuse me, did you know you're in a group that is | actively committing crimes?" How do you think they're going to | respond? | janandonly wrote: | If your fake profile is not on Upwork yet, then you apparently | have a disappointing (or at least a not marketable) career. | CobrastanJorji wrote: | This story is much more fun when you come at it from the | interviewer's position. You've been doing interviews every week. | They're mostly rejections. They're the same questions over and | over with minor variation. You're about to repeat the experience | for the 18th time and you're 100% on autopilot. But suddenly | you're in a spy thriller. This is the greatest thing that's ever | happened. | | Is it a good legal/corporate decision to hide the person who | claims to be the original and let him listen to the interview | with the other candidate? Holy fuck, no. Is it going to be WAY | more thrilling? Oh my god yes; how could you not? | PragmaticPulp wrote: | > Is it a good legal/corporate decision to hide the person who | claims to be the original and let him listen to the interview | with the other candidate? | | Consider the situation from the perspective of the interviewer: | They don't have all of the background we did while reading this | blog. They haven't even had time to process what Connor #1 said | by the time that Connor #2 arrives. | | The decision to hear them both out for a few minutes is | reasonable, IMO. At that point in time, Connor #1 could have | been lying as far as the interviewer knew. Letting them both | exist in the meeting immediately cleared up any confusion. | travisjungroth wrote: | Letting them both in the same room at the same time was | probably the safer thing. Maybe there's an argument, or maybe | one bounces, clearing it up. | | But having one person _hide_ is riskier. It means a random | person could eaves drop on my interview by just pretending to | me and telling this story. | | I mean, super cool though. I imagine my adrenaline would be | going as the interviewer. I'd probably chill out when I | realized this was identity theft with extra steps, not a Kyle | Reese situation. | comboy wrote: | Imagine inventing all of this just to listen to your | interview. | | Incentive to do that would have to be pretty wild. | travisjungroth wrote: | Stalkers gonna stalk. The "all of this" would just have | to be getting the interview link/time (calendar or email | access) and then showing up a bit early to tell the | story. | | It is very very unlikely and I don't judge the | interviewer for how they handled it. | axus wrote: | Definitely a Jerry Springer moment when he "could not stand | this anymore" and jumped back into the conversation. | Stamp01 wrote: | Which one do I shoot!? | dhosek wrote: | Best to be sure. Shoot them both. | icambron wrote: | This was my immediate reaction too. Would make my whole week. | fatjokes wrote: | Haha, when you put it like that, I can totally see why the | interviewer was "awesome" and let the guy stay on. He was | totally there for the drama. | CobrastanJorji wrote: | Now that I think about it, I bet you could put together a | pretty successful YouTube series of messing with zoom | interviews in ways just like this. Get someone's identical | twin to join the call and make them fight over who's the real | one. Bring time travel into it. Make outlandish demands of | the interviewer to prove that they're not a Zorblaxian spy. | jjslocum3 wrote: | The US TV series "Impractical Jokers" ran a few sketches in | the last few years where they did exactly this...you'd | probably enjoy. | smcameron wrote: | Like Catfish, but for jobs. | conductr wrote: | Some trainwreck interviews make for good office lore and this | one tops the cake. | Taylor_OD wrote: | You know that interviewer was shitting themselves when og Conor | unmuted and said wtf mate. | filmgirlcw wrote: | Oh, I'd be so in to take part in this drama. It would probably | be one of the most memorable job interviews of all time. | | And I doubt there would be too many legal or corporate | ramifications from allowing someone else to be on the call with | their camera off. These are contractor positions, not full- | time. Frankly, it's a risk I would take to be able to witness | this sort of thing in real-time. | lazide wrote: | Eh, don't bet on it. What if #2 was real, and #1 was someone | stalking #2? Or an abusive ex? | | If #2 doesn't get the the potential job, they could come | after you for all sorts of things - emotional damages, | economic damage (from not getting the job), etc. They might | even be able to get the court to force you to give them the | job, or at least waste years of your time and mental health | dealing with legal hassles. | | It's hilarious and awesomely entertaining, but don't do it if | you have assets someone could go after, as eventually, | someone will. | NaturalPhallacy wrote: | I think the fact that it's a zoom interview changes things. | | Even if one of them is stalking the other, it's not like | they're physically in the same conference room together. | the worst they can really do is yell at each other. | filmgirlcw wrote: | I mean, you're hiring a contractor off of Upwork, not from | a reputable consultancy (to be clear, I'm sure established | consultancies do shady shit too, but the risk profile is | different), so I think the risk is pretty small. We're | talking edge cases on a scenario that is already an edge | case. | sinoue wrote: | Even UpWork requires government ID verification. | https://support.upwork.com/hc/en- | us/articles/360010609234-ID... | | I wonder what financial fraud they'll need to do to get | the funds as I'm assuming UpWork has to deal with tax | payments being pulled out. | filmgirlcw wrote: | Yeah, I have to imagine they might be using a group | account on Upwork and then misrepresenting the coder as a | part of their team, but I don't know enough about how | Upwork works. | | I posted about this blog post on Twitter and was directed | a Reddit post [1] showing how little Upwork seems to care | about fake reviews and stolen work product, so it appears | Upwork has a history of ignoring fraud, regardless of | what their terms say. | | [1]: https://www.reddit.com/r/legaladvice/comments/xavntw | /freelan... | RunSet wrote: | Someone created a github account with my name and has been | squatting it for years. | | Github support tells me they won't deactivate or rename the | account (I don't want it, I just want it gone) unless I copyright | my own name and file a copyright complaint with them. | thih9 wrote: | > So if you hired a Maris in February 2022 - you may want to | double check who you actually hired. | | I'd love to hear a follow up. | blastwind wrote: | Andrew here. Connor, thanks for releasing this on the orange | site. | | This story is also more fun from my position. I've been applying | to internships and interviewing every week. They're mostly | rejections. They're the same questions over and over with minor | variation (sorry to top comment for "impersonating" your comment | style). My days are deteriorating from a colorful sphere down to | two points. In fact, down to two pointers, left and right, | iterating over a list of heights to find how much rain water it | can trap. | | I'm about to repeat the experience for the 10th time and I'm 100% | on autopilot. But suddenly, a man reaches out to me on email and | offers me up to $80/hr to be his senior engineer. This feels | sketchy, my girlfriend tells me, "you're good but let's be honest | here...". Anyways, I proceed, it might just be the start of a | beautiful thing. I'm asked to interview as one of our developers | because English is not their best language. I'm a little | bothered, but I was fine with it. But then I see the developer | name: Connor Tumbleson. My laughter bursts and so does my | suspicion: With a name like that, no way the guy doesn't speak | good English. I look up Connor Tumbleson on linkedin, and my | suspicions were proved correct. I detail everything to Connor, | and now this is on the top of HN. I lost a opprotunity but gained | a story of the lifetime. | comboy wrote: | This comment thread feels like a game of Mafia[1]. | | 1. https://en.wikipedia.org/wiki/Mafia_(party_game) | fortran77 wrote: | I wonder how many people in your position smell something | rotten, but instead of trying to contact the "real Connor" just | delete/ignore all the messages because they don't want to be | part of even a bigger scam. (What if everyone is in on it, and | they're trying to scam you somehow?). | Naracion wrote: | Recount _this_ story during the social / break between | interviews if you ever get an onsite. :D | kodah wrote: | Shout out to you for wading through the literal torrent of | bullshit without the foresight of a blog post to expose context | and with little professional experience to help inform you. | You'll be a great asset to the industry but it can take a | minute to find your footing. Be persistent and definitely keep | this story around for beer Friday. | robswc wrote: | I know it probably feels a bit hopeless now but trust me. | | If you learn to build things, provide value, you will have 100s | of recruiters reaching out to you and you will mostly be | rejecting offers for a change :) | | I have no doubt reading about you and seeing this comment in a | few years you will be more than set! | boomskats wrote: | > I lost a opprotunity but gained a story of the lifetime. | | Was this on purposes? | [deleted] | [deleted] | tomcam wrote: | > my girlfriend tells me, "you're good but let's be honest | here..." | | My favorite part of this whole thing. Hang onto her. | blastwind wrote: | Haha yes. She's honest and the best. | dmoy wrote: | > In fact, down to two pointers, left and right, iterating over | a list of heights to find how much rain water it can trap. | | Ah haha I hate that question | | It should be banned everywhere, oh well. | | I once saw a physicist (not even a coder) give a really cool | answer to it though, I wish I could remember it. | bqe wrote: | I remember being asked this during my interview at Google. It | was the first time I heard it and I gave an answer that | iterated over the list twice. The interviewer said that it | wasn't good enough and I am only allowed to iterate over it | once. He didn't let me write my O(2n) solution down so he | returned a strong no as feedback. | jaffee wrote: | Andrew, see if anything here catches your eye... we've got a | few openings. You can email me at my username at | featurebase.com. | | https://www.featurebase.com/careers | tomcam wrote: | Damnit with all these job offers dropping into Andrew's inbox | I definitely need someone to clone me so I can be all ethical | and shit | | * Kidding I'm retired. Mad props, Andrew! | tomrod wrote: | Andrew, mad respect on your integrity and navigating an ethics | situation one would expect to read about in a college study. | pjbeam wrote: | Email me at my HN username at protonmail dot com for a referral | to Dropbox's internship. Love the integrity and drive to get to | the bottom of a strange situation. | jxi wrote: | mechanical_bear wrote: | There ya go, looks like a gained opportunity there! | AussieWog93 wrote: | Not just for Andrew, but the identity thieves too! | | If anyone needs a Westerner to interview as "Andrew", hit | me up. I've got a hot lead on an internship at Dropbox! | pjbeam wrote: | My plan is to verify it is the same email at least | through OP, although your point is valid. | atmosx wrote: | Shoutout to you sir for being honest and reaching out your | fellow peer!!! I am sure you will have a great career and now | you have an epic story to tell over beers with friends! | bmsleight_ wrote: | Andrew - you the sort of person I would love to have on my | team. Alas I more hardware engineering than software. I hope | the community here can give you some good leads and tips. | | Karma should be that ethics works. | blastwind wrote: | I'm grateful for all of the opportunities! Thank you everyone. | edmcnulty101 wrote: | > I then learned this was a interviewee discovered through Upwork | | People trying to get cheap labor and instead get defrauded. | | I feel bad for Connor though. | radarsat1 wrote: | This is amazing. I wanted to add one thing. I noticed after | reading the full blog post, and scanning through all the HN | comments here, that there has been actually no mention, as far as | I can tell, from any parties involved, or even any commenters, of | any intention to make a police report. | | Now, I understand not trusting the police, and often it's more | trouble than it's worth to deal with them. But this is a | situation involving identity theft, which is a very serious | crime. I realized that this is an international situation and the | local police probably cannot do much, but at some level of | policing, be it the FBI or even at the international level, this | feels like something that should be reported. Even if nothing can | be done, in the worst case it's useful that the police be made | aware of new trends in identity theft; in the best case, they | will be caught. These people are _organized_ to perform identity | theft, which is literally organized crime -- I hope they are | aware of the risk they are taking doing this. | | Lastly, unrelated to the above, but just a random social aspect | of this; it's clearly an interesting and unexpected result of | location-based pay. The only reason I can think of that a group | of people would organize something like this is because | pretending to be native English speakers and presumably | pretending to be US- or Europe-based will automatically get them | a higher pay scale. (If I understand correctly, they are possibly | a team of programmers in some other country, and _are_ offering | to actually do the work, but just pretending to be other people | while doing it in order to get a higher paycheck.) Not making any | judgement here regarding location-based pay, although that 's an | interesting discussion for another thread, but in today's remote | work environment, new kinds of fraud are definitely an | interesting consequence to be on the lookout for. Fascinating, | and dangerous. | entwife wrote: | I was going to comment about a police report, but largely | because it might be useful for an insurance policy that covers | identity theft. | jstarfish wrote: | You vastly overestimate the degree to which the police give a | shit. Unless there's an actual financial loss or threat to | life, they don't care. This barely qualifies as identity theft | anyway; it's _attempted_ fraud. | | They won't take a report of your phone number being spoofed, | but they'll deploy SWAT teams to unsuspecting houses at the | word of bored teenagers. | | Do you know the imposter's actual identity? What would you even | report? If the perpetrator is international, what are your | local police even supposed to do with this information? | | You might have a little better luck with the FBI, but if you | don't show up with hard evidence (i.e. do all the work for | them), you won't get anywhere with them either. | | All of this goes to show you why this sort of scheme remains | successful. Nobody cares. Fraud is just an assumed risk. | blitzar wrote: | Like all scams and spam, if it didnt work then people wouldnt do | it. But I am struggling to see how it will work. | wccrawford wrote: | Sometimes just the possibility of it working, and the person's | desperation, will cause them to try it. I've heard enough | instances of people paying others to take exams for them that | it doesn't surprise me that some people trying to do an | interview that way, too. They think just getting the job will | do something for them, and (for whatever reason) think they'll | be able to keep the job once they have it. | | I wouldn't be surprised to learn that these people think they | have high-level skills, but some other factor is preventing | them from getting the job. Sometimes it might even be true, but | I'm better against them having the skill level they think they | do. | chx wrote: | > I've heard enough instances of people paying others to take | exams for them | | Back in the 90s I was becoming a math teacher at one | university while I was working on getting admitted into an IT | engineer course at another. Strangely enough, the other | admittance exam besides math was physics and I sucked at that | while obviously I was far ahead in math compared to my peers | at the physics preparation course. So someone offered an | astonishing amount of money to take the math entrance exam | for them, enough to buy a small apartment with it -- and | perhaps I would've been young and foolish enough to go with | it except for one fact: they offered a falsified national id | to go with it. That's five years in prison if you get caught | with it and I noped the hell out of it... | | In the case OP describes, the situation is similar: it's the | documentation that catches you. | coldcode wrote: | I think this is probably more common than we might think. Given | remote work being preferred lately, this is probably doable, | especially if companies are hiring large numbers of random | contractors. I know my old team members (I retired recently) have | gone through a ton of remote contractors recently, many of whom | were completely useless. Thankfully I only hired people before | Covid hit, and at that point everyone was required to work in | office (at least for the work I was responsible for). Everyone I | did take on was either excellent or at least competant. I did | hire most of them off of phone interviews only, so maybe I was | lucky. | | If an experienced person does the interviewing asking the right | questions / requiring tests / etc might be insufficient to | realize the person you are interviewing is not the person who | will do the work. I wonder how you would catch this before | actually having the "worker" start. | | I guess this is a downside of all remote work assuming your | company is less than thorough in checking | references/documents/etc. | seydor wrote: | And how do we know the author is not pretending to be him? | Maursault wrote: | > We are not an adult company. | | What are the chances its children behind this, maybe even | American children lying about why they need a stooge? It would | explain why they're not concerned about violating federal law, | whatever else, I think also US Code Title 18 Section 241, | Conspiracy Against Rights (a wild guess, iinal). | peppertree wrote: | Scam is rampant on LinkedIn. I'm getting constant connection | requests from obviously fake profiles with AI generated faces. | kube-system wrote: | And they all have 500+ connections. Bet they're scraping | profiles or some crap. | wildrhythms wrote: | The connections are also bots. | cynusx wrote: | Same here. I just ignore devs that apply directly to me on | linkedin, I would be surprised if any of them were real or not | an agency. | earleybird wrote: | "connortumbleson.com refused to connect" - HN HoD? | mrandypratt37 wrote: | I'm a US-based accountant who is currently interviewing for his | first job in software and I was approached by someone on on | LinkedIn about an opportunity. Seemed fishy, but figured I could | risk 15 minutes. The person set up a meeting between me and a | Taiwanese Developer for this exact thing. He said he had 7 years | experience and had a contract drafted for he and I to become | "business partner" where I would take the meetings and he would | do the work for a 30/70 split. I told him, morals aside, that I | didn't have the credentials to get into the jobs he would want | and pointed out numerous obvious issues like in-person coding, | etc.. He said he was ready to make a fake LinkedIn and had this | whole operation planned out. | | Seems to me like there is a whole operation around this business | model of exploiting US developer salaries and the morality of a | few Americans willing to try and make a dollar for free. Honestly | more disappointed in the people accepting shady deals like this | than the ones offering them. | datavirtue wrote: | We blew "morals" out the air lock long ago. Not to mention, | morals are subjective. | | I don't understand why corporations are not embracing and | encouraging such arrangements. | dont__panic wrote: | If I can play devil's advocate for a moment... | | if the company gets decent work, the non-US participant gets | better (and fairer, globally) pay compared to what they'd get | locally, and the US participant takes care of the "soft" side | of the operation... who's getting hurt? | | I can't deny that something smells skeevy about this and I | don't think I could ever trust a random foreign developer who I | haven't built up a solid relationship with to execute reliably | "as me" in the coding side of a role. But if I had a good | friend from college who couldn't get a VISA to the US? I dunno, | I might be tempted to collaborate. If everybody wins, I'm not | sure it's inherently bad. But maybe I'm missing something. | shagie wrote: | Say you do it... the company pays you $100/h (making up a | number to do math) and $70 of that goes to the person who | does the job while you keep $30 of it. | | Guess how much gets reported to the IRS that you're making | and how much taxes you'll owe on that $100/h. | | Next there's the fraudulent representation of who is doing | the work to the client. | | Lastly, there's the "this is a form of money laundering" and | you're taking a significant role. | | When this starts to unravel, you're not going to come out | ahead. | jeroenhd wrote: | Everybody wins until the tax man comes knocking for all of | the dollars owed, or when "Connor Tumbleson" gets flagged as | a terrible employee when all those copy-pasted qualifications | don't line up with reality and the work is mediocre. As | reported elsewhere in these threads, the credentials and | interview process are all worked out upfront, the interview | no long becomes a valid test of qualifications for the | position. | | This entire scam can be done entirely legally by | subcontracting the work to your foreign friend, if your | clients allow for that; if the end result is of decent enough | quality then I don't see why they wouldn't. You'd be on the | hook if they mess up, but the same is true when you lie to | your friend's employers. | | However, these people choose not to go the legal route, | instead relying on lies and fraud. They go as far as to hire | others to do part of their lying just to get into a company. | | Personally, I'd call the authorities the moment I'd find out | an employee of mine has been lying about their qualifications | and experience from the very first day to fake it through the | interview. You cannot trust someone whose entire career is | built on top of lies, or someone who actively enables such | behaviour. | | I'm not sure if these people are a small step up from the | call center scammers because at least they deliver something | or a small step down because they're supposedly capable | enough to do better. I'm sympathetic to the third world | programmers that have the capabilities to earn some of the | absolutely insane wages American programmers get paid, but I | completely oppose the large-scale fraud these lying-as-a- | service middlemen employ to make money. | mirkules wrote: | I'm kind of at a loss that these propositions would be taken | at face value. Imagine for a moment that these "talented web | developer groups" whom you are essentially representing with | your name attached to them are bad foreign state actors in | disguise. Imagine what would happen to you if some malicious | piece of code made it on some website processing personal | information, payments, or worse. It's eye-opening and really | terrifying people don't even consider this possibility, in | 2022. | lazide wrote: | It's generally all the OTHER details that people conveniently | skim over in these descriptions that get people hurt, or the | less obvious exposure to unexpected risks for the | counterparty. | | As a (pretty common) comparison - if a gay man marries a | woman, has kids, does the whole couple thing and blends in, | but periodically goes to clubs or gay bars, or has a | boyfriend on the side, who are they really hurting? | | What about the equivalent straight man with a mistress on the | side? Or two? Or the woman with a side man? | | Well, as long as everything goes perfect, I guess just | themselves by pretending to be someone they aren't most of | their lives and having to lie to everyone every day. And | certainly the cards have been stacked against them in a great | number of societies and environments (to the point of death | penalties in some cases if they don't hide), so it's hard to | blame them for _hiding_ doing it in those situations if they | really can 't stop. | | But it almost never just goes perfectly forever does it? | Eventually, either someone finds out (and now they're exposed | to blackmail risk, or a bitter divorce and lots of bad | publicity), or someone gets sick with something they | shouldn't have been able to, or pregnant, or whatever. There | were a decent number of counterparties in supposedly | monogamous relationships over the years that have gotten | diseases they should not have been able to get, including | HIV, from this type of stuff. It can trigger severe emotional | trauma in people. Folks get killed over this kind of thing | somewhat frequently. | | From a corporate equivalent, think - traceable customer | information leak. Or attackers get control of the corporate | network through a hidden VPN endpoint configured to allow | these contractors in to do things, and do things from crypto- | ransom the company to outright rob the company blind. | | An acquaintance at a company I only briefly worked at years | ago got busted for siphoning MILLIONS of dollars through | phony affiliates he'd setup at the company. He was in charge | of the affiliate program. I never cared for him, and wasn't | particularly surprised, and was part of the reason I left | once I saw what I had gotten myself into, but it was a good | cautionary tale. | | The company had been really happy with overall performance, | they just hadn't noticed the extra 'tax' they were paying him | until he did something else sketchy and they started looking | closer. | | The reason to avoid doing sketchy things, is because they | inevitably have hidden costs, from cognitive overhead from | constantly tracking all the lies, to real risks of extreme | bad problems that others are being exposed to. It's often | lucrative enough however, that there is always the | temptation. | | It's why 'sunshine is the best disinfectant' is still so | true. | | After all, generally if everyone was actually comfortable | with it and it's side effects, there would be no need to be | sketchy about it. | brysonreece wrote: | From the perspective of the company, there's immediate | concerns around sensitive information, intellectual property, | corporate/government espionage -- none of which seem unlikely | in positions premised on flexible morals. | | IMO if there were registered/regulated, established services | that filled this need and handled the VISA/background check | process then I wonder if companies might be willing to work | with overseas developers more. | thewebcount wrote: | > who's getting hurt? | | The person being impersonated. Someone is out there | pretending to be them. This person is known to be willing to | do unethical things. (Who knows, maybe they're also | infiltrating the client's network and stealing data, | installing ransomware, etc.?) Furthermore, how does the | person in the US pretending to be the developer get paid? Do | they actually get paid, or is that a scam, too? At any point | does someone write a check to fake developer in their name? | Does the IRS see that? Is the real developer now on the hook | for taxes on that? There are numerous things that could go | wrong and hurt the developer being impersonated, the person | doing the impersonation, and the client. | dont__panic wrote: | Good points about the person being impersonated subject to | (completely involuntary) risks. I probably should have | phrased my question to specifically ask about situations | where the impersonated is involved and asked to participate | in the scheme. I would agree that it's not OK to just... | start using someone else's identity without permission. | | In sibling comments, some other great points were made | about the risk profile for the company if you do this | without their knowledge. I'm less convinced that I should | care about risk towards the company, but from a legal | standpoint it probably holds up. | mapmeld wrote: | Bizarre. I (US-based engineer with an Upwork account) was invited | into a less sophisticated variant of the scam in spring 2021: | | > Nice to meet you. I am looking for a US person who do business | with me. You can earn money with a few cooperation. Do you know | Upwork or Toptal site? | | They also had the text of the message in a GitHub repo. I tried | reporting them to GitHub, Upwork, and Toptal, but I don't think | they knew what to do with it? I assumed my scammer was looking to | evade banking rules or sanctions, but it could be for either fake | employment or actual work with a US-based persona like in this | case. | bogwog wrote: | Same, although I was never asked to impersonate anybody. They | just wanted to work using my real name/identity, and would | throw some money my way every month. At the time I was | annoyed/pissed, but after reading this I respect that they at | least had the decency to ask for my permission lol. | | Honestly, this is 100% Upwork's fault. Their platform is a race | to the bottom, yet they make it very difficult/impossible for | people from countries that can actually afford to make a living | with those rates to sign up. So I understand why people resort | to this behavior, even though I would never want to work with | someone who would actually do that. Fuck those people. | dvykhopen wrote: | I run a job platform. This scam is pervasive, especially with | contract work. We've had to get really good at recognizing | patterns because their covers are really good (even faking | passports and work history). | | Many of the big contract platforms are dealing with this too. | Hiring managers are getting tired of it and are 1) not hiring as | many contract workers and 2) not using platforms to hire those | workers. | | Unfortunately, this hurts small companies more since their hiring | practices are so lax and there's a crop of new ones every few | months. | NaturalPhallacy wrote: | > _We 've had to get really good at recognizing patterns | because their covers are really good (even faking passports and | work history)._ | | I'm pretty sure that can get you into super duper extra trouble | with the State Department. | AtNightWeCode wrote: | Creepy. With recruiters you can expect anything but a zoom call | with an unexpecting client. That is new for me. | karaterobot wrote: | Let's say that this happens with some regularity: an imposter is | hired to take an interview on behalf of a third party who is | obviously not the same person. Let's say that, some of the time, | this ploy is successful and the third party is hired for the | position. Don't they just get fired immediately? Is this entire | scam just about getting a couple day's salary? Or do some | employers just shrug and go with the flow? | 0xbadcafebee wrote: | These scams have been happening for decades. It's as hilarious as | infuriating when somebody shows up to a job site and it's | _clearly_ not the person that was interviewed. | ollien wrote: | What I can't piece together here is what the scammer's endgame | is. They land a cushy developer job under some false identity and | ... then what? They're not going to pay some random college | student to attend every meeting, are they? Even if they were, are | they going to be able to maintain the level of work they lied | about? If they really had those skills, they would just interview | on their own. | | Something's not adding up | CobrastanJorji wrote: | Maintaining is not the goal. Say you get a job that pays senior | engineer money, and they fire you after maybe three weeks of | you just saying "it depends" and pretending your connection is | bad. You still made like $5,000. And you're probably running | more than one of these scams at a time. And you're doing this | from a relatively poor country with not much formal education. | 100% worth it. | | And who knows, maybe you manage to actually KEEP one of those | jobs, which given how bad some employers are at figuring out | who's good and bad at this stuff, is entirely plausible. | AyyWS wrote: | At a big telecom we had an employee that maybe closed 10 | tickets in two years. He was the highest paid team member (as | reported by our director) and worked remotely from an RV in | Oklahoma. When he was finally discovered by our director, he | was fired and his immediate manager was fired. | CobrastanJorji wrote: | How much do you want to bet that he also had one or two | other jobs that he treated the same way? | AyyWS wrote: | He was a long time employee with a legacy job title | "wintel engineer." A transformational ex-IBM director was | finally brave enough to PIP and fire him. I think he was | mostly retired while putting in 8 hours of work a | quarter. | iLoveOncall wrote: | It would take months for the company to figure out that the | person is not doing anything, is not who they pretend to be, | and fire them. Months during which that imposter would have | been paid to do literally nothing. | ollien wrote: | I guess at some company scale that would happen... you'd | probably need pay someone to do onboarding for you (so you're | not immediately flagged as a no-call-no-show), then you could | go AWOL after that? | codedokode wrote: | 1) they could have developers from 3-rd world countries who | have necessary skills but get low pay rate | | 2) they could have developers from countries currently under | sanctions | rngname22 wrote: | They could be fully technically capable but unable to secure | those jobs because of visas, location/timezone, the company | having a prejudice against outsourcing/remote work, etc. | chadmckenna wrote: | Its possible they need someone with a "Senior" resume so they | are able to charge $200/hour for their work. Then they are free | to outsource it to 2 or 3 junior devs in a much lower priced | market and pocket the difference. | notahacker wrote: | I assume they avoid jobs involving standups. | | In roles where communication is fully asynchronous, a competent | offshore dev whose written English is considerably closer to a | native speaker than their spoken English might be able to hold | onto the job for a while, especially if they're good at | excuses. | | If they're applying for US onshore jobs with below- _local_ | -market pay, they might even be considered relatively | productive members of the team. | clusterhacks wrote: | I had two past co-workers who were almost certainly having | someone else do their work, I think (especially) at non- | software companies folks just don't get caught. | | Frankly, the work environment was slow-paced and generally non- | confrontational so both co-workers I suspect of this behavior | just managed to tread water. When I joined the group there was | a very tight-knit group of 3-4 developers who were _very_ | protective of each other. There was always a handy reason why | some schedule was slipping and the other fact is that in | hindsight, there just weren 't very high expectations for them | to accomplish anything. | SpaceManNabs wrote: | sketchy interview stuff is how ronin got hacked. I feel like | impersonating other people in a job market or "fake interviews" | will be more common. Really scary and a relatively common | practice compared to the knowledge out there about it. | Joel_Mckay wrote: | A long while back I was sitting in a coffee shop, and happened to | meet a guy recounting his work history to a client. The hilarious | part was hearing my life plagiarized off my web CV at the time. | Seeing the con describe climbing an antenna mast where I worked | was awe inspiring given he was over 350lbs. I tipped off the | client to do his own verification after, as there was no way that | guy was part of our small team at that time. | | Some people are certifiably insane, and will con anyone to make | money. Note, confronting psychopaths with proof they are liars is | extremely dangerous. These are the people that will hold grudges | for decades if they feel you owe them something, or do something | nasty. | | Weak Stenography in your CV is also good for auto- | screening/blacklisting those engaged in social-engineering | workers. You would be surprised who shows up. ;) | bdcravens wrote: | A couple of weeks ago I received this email: | | "Hi, Billy | | How are you? | | I checked your Codementor account, it is great. | | I am *** **** from Ukraine. | | I am 32 and I am also a computer programmer. | | I want someone who can help me. | | Would you lend me your account? | | If you borrow it, I can earn a lot of money. | | I will pay 100 usd every month. | | Regards." | vlunkr wrote: | 100$ a month for some fraud. Not very enticing lol. | scrollaway wrote: | Yeah I've had people ask to buy my codementor account | (https://codementor.io/jleclanche). I forwarded all of them to | support@arc.dev, but I suspect some people always say yes ... | mk89 wrote: | People, I really tried to read comments to understand if someone | had my same question: what for? | | Eventually you need to pay this person, he/she will need to give | you some ID or passport, etc. How can someone just employ a name? | Or is it just because they are contractors (so no document / | background check)? | axus wrote: | Sounds like this scam artist did more work to land Connor a job | than some recruiters. | walrus01 wrote: | There are people out there right now putting a truly astounding | amount of information on their wholly-public Facebook, Instagram | and LinkedIn profiles. | | My main message for people is to _resist the social temptation_ | to share every detail of your family 's life on social media, in | the long run it's better for your privacy, your family's privacy, | your security, and reduces opportunities for malicious data | mining. | | It's sufficient to build an entire identity theft kit if you're a | malicious actor wanting to impersonate somebody. Somebody would | combine whatever is available from social media with things like | linkedin profiles, CVs, github projects, other github-like- | project profiles, and linkedin-type business networking site | data. | | Or at least a good enough to pass cursory inspection/examination | identity theft kit to impersonate somebody with a close-enough | email address, or a throwaway custom domain name registered for | the purpose. | | I would highly recommend anyone that _does_ keep an account | somewhere like Facebook to stop posting photos of your house, | family members and to set all of your 'privacy' settings to | whatever is the friends-only/maximum setting. Try looking at your | own profile from a different browser with no cookies in a burner | account or incognito mode and see if any of your personal life is | visible. | permo-w wrote: | good luck getting a burner account on facebook | annoyingnoob wrote: | I think the root of the issue is LinkedIn. I know a number of | scammers regularly monitor LinkedIn. When a new employee at our | office updates LinkedIn they start getting email from the 'CEO', | first asking for a personal cell number, and then asking to buy | gift cards in a hurry. | | I'm seriously considering being LinkedOut. | absolutelynobo wrote: | This has happened to every new employee at my company within a | month of them joining. | freedomben wrote: | Interesting. I doubt it was the same person, but I was approached | with a proposition regarding Upwork not super dissimilar to this | three times by somebody on the Elixir Slack. I think it was the | same "person" each time just with different accounts because they | kept getting banned by the admins. | | Basically the person would write to me and say something like, | "I'm a good $language dev and am worth $120/hr but in my country | that is really high pay and people won't pay it unless you're | American. I'll get closer to $25/hr." Then the deal is something | like this: "We will apply for jobs/contracts in your name, but | I'll do 100% of the work and you keep half the money and send me | the other half." | | The worst part is, I get the feeling that the premise is actually | true and that this person is merely trying to beat the system. | However, I could never bring myself to do such a thing due to the | dishonesty required. Secondarily (but importantly) I've been | burned by low-cost foreign contractors that billed for over a | week before essentially delivering nothing, so I'm a bit once- | bitten twice shy. I likely never would, but have considered doing | a similar strategy but in an honest way where I'm up front with | the client that I won't personally be doing all the work, but | instead will out-source it, but I would be their point of | contact/PM and if the work wasn't acceptable then (worst case | scenario) I would (re)do it all personally. | rootsudo wrote: | Better title than before. Thank you! ___________________________________________________________________ (page generated 2022-09-27 23:00 UTC)