Someone is pretending to be me

Andrew here. Connor, thanks for releasing this on the orange site.<p>This story is also more fun from my position. I&#x27;ve been applying to internships and interviewing every week. They&#x27;re mostly rejections. They&#x27;re the same questions over and over with minor variation (sorry to top comment for &quot;impersonating&quot; your comment style). My days are deteriorating from a colorful sphere down to two points. In fact, down to two pointers, left and right, iterating over a list of heights to find how much rain water it can trap.<p>I&#x27;m about to repeat the experience for the 10th time and I&#x27;m 100% on autopilot. But suddenly, a man reaches out to me on email and offers me up to $80&#x2F;hr to be his senior engineer. This feels sketchy, my girlfriend tells me, &quot;you&#x27;re good but let&#x27;s be honest here...&quot;. Anyways, I proceed, it might just be the start of a beautiful thing. I&#x27;m asked to interview as one of our developers because English is not their best language. I&#x27;m a little bothered, but I was fine with it. But then I see the developer name: Connor Tumbleson. My laughter bursts and so does my suspicion: With a name like that, no way the guy doesn&#x27;t speak good English. I look up Connor Tumbleson on linkedin, and my suspicions were proved correct. I detail everything to Connor, and now this is on the top of HN. I lost a opprotunity but gained a story of the lifetime.

This story is much more fun when you come at it from the interviewer&#x27;s position. You&#x27;ve been doing interviews every week. They&#x27;re mostly rejections. They&#x27;re the same questions over and over with minor variation. You&#x27;re about to repeat the experience for the 18th time and you&#x27;re 100% on autopilot. But suddenly you&#x27;re in a spy thriller. This is the greatest thing that&#x27;s ever happened.<p>Is it a good legal&#x2F;corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate? Holy fuck, no. Is it going to be WAY more thrilling? Oh my god yes; how could you not?

In 1996, my employer got a contract to work with AT&amp;T to build a website that provided regular event updates from the Atlanta Olympics. In 1996, this was a very big deal, such a newish concept that the project was written up in AdAge or some similar industry magazine.<p>A few months later a prospective junior engineer came in for an interview. My manager asked him the typical &quot;tell me about an interesting project you&#x27;ve worked on lately.&quot; He then proceeded to describe in detail the very project we had just completed, even referencing the magazine article about it (he must have forgotten he was interviewing at the company mentioned in the article). At the end of his presentation, my manager said &quot;That&#x27;s interesting, because here at X, we just completed that project.&quot;<p>Awkward silence. Then the interviewee got up and said &quot;I guess I should go now.&quot; My manager said &quot;Yes, I guess you should.&quot;<p>Impersonation of this sort can be simultaneously disturbing and somehow comical. It isn&#x27;t a new phenomenon; I&#x27;m not decided on whether I believe the information age makes it easier or more difficult.

I hope Andrew [0] — the college junior with morals who blew the whistle on the attempt to get him to impersonate the author — gets an internship or job offer out of this; he apparently was having a hard time with that.<p>The author&#x27;s sleuthing is reminiscent of Cliff Stoll&#x27;s <i>The Cuckoo&#x27;s Egg</i> from 1989. [1]<p>[0] Andrew blogs at <a href="https:&#x2F;&#x2F;unfooling.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;unfooling.com&#x2F;</a>, according to the article.<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Cuckoo%27s_Egg_(book)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Cuckoo%27s_Egg_(book)</a>

I submitted my own blog here, but then my intentionally configured HN timeouts locked me out. I was wondering why my little Linode was dying.<p>Yeah this was an incredibly odd and creepy experience that I continue to investigate here and there. I really appreciate the interviewer for letting me stay on and confront the imposter.

I&#x27;m a US-based accountant who is currently interviewing for his first job in software and I was approached by someone on on LinkedIn about an opportunity. Seemed fishy, but figured I could risk 15 minutes. The person set up a meeting between me and a Taiwanese Developer for this exact thing. He said he had 7 years experience and had a contract drafted for he and I to become &quot;business partner&quot; where I would take the meetings and he would do the work for a 30&#x2F;70 split. I told him, morals aside, that I didn&#x27;t have the credentials to get into the jobs he would want and pointed out numerous obvious issues like in-person coding, etc.. He said he was ready to make a fake LinkedIn and had this whole operation planned out.<p>Seems to me like there is a whole operation around this business model of exploiting US developer salaries and the morality of a few Americans willing to try and make a dollar for free. Honestly more disappointed in the people accepting shady deals like this than the ones offering them.

I knew immediately it&#x27;s Upwork. This is extremely common on there. The main reason is because developers in Western countries can demand higher rates. Just watch out for the red flags: mismatching LinkedIn experience, no camera during interview, incorrect accent, etc. Don&#x27;t trust the reviews because accounts are routienly shared and&#x2F;or sold.<p>I&#x27;ve had some fun with this before where a developer with a clearly Chinese accent, and of course no webcam, posed as German (mispronouncing his own name) and freaked out when I switched to conducting the interview in German. Of course I notified the person whose identity he stole and reported the profile to Upwork, but it&#x27;s a drop in the bucket of the scams.

Someone messaged me on reddit once, and straight up asked me to do exactly this. Below is the message, but I haven&#x27;t included their name because I think they were at least trying to seem sincere.<p>---<p>Hi, hope you&#x27;re doing well.<p>We are looking for a professional interviewee. I&#x27;m not sure if you&#x27;ve heard similar thing somewhere. We are a talented developer group specialized in web and mobile software development. We have partnerships with US people and deliver our service to clients by pretending to be US developers. And we share profits with them. Our partners are satisfied with this business model.<p>Everything is perfect except on one thing. It&#x27;s just the interview with clients. Normally in the interviews, the clients ask us some technical questions to see if we are able to deliver the service they expect. Because we are not native speakers, we are suffering from taking the interviews and many clients are passing by us even though they can get what they want. So we want a native interviewee and hope you are interested in this model.<p>Please let me know if you&#x27;re interested in further discussion. Thank you!

Wow. This is creepy. Props to the interviewer for allowing the real Connor to stay on the interview and observe.<p>This is one of my big problems with LinkedIn. We put so much information out there in public, it’s really easy for people do do this. That information can also be used for things worse than applying for jobs.<p>I think small companies hiring freelancers are most vulnerable to this. In the UK at least companies have to carry out very strict right to work checks, including passports, National Insurance numbers, etc.

This is amazing. I wanted to add one thing. I noticed after reading the full blog post, and scanning through all the HN comments here, that there has been actually no mention, as far as I can tell, from any parties involved, or even any commenters, of any intention to make a police report.<p>Now, I understand not trusting the police, and often it&#x27;s more trouble than it&#x27;s worth to deal with them. But this is a situation involving identity theft, which is a very serious crime. I realized that this is an international situation and the local police probably cannot do much, but at some level of policing, be it the FBI or even at the international level, this feels like something that should be reported. Even if nothing can be done, in the worst case it&#x27;s useful that the police be made aware of new trends in identity theft; in the best case, they will be caught. These people are <i>organized</i> to perform identity theft, which is literally organized crime -- I hope they are aware of the risk they are taking doing this.<p>Lastly, unrelated to the above, but just a random social aspect of this; it&#x27;s clearly an interesting and unexpected result of location-based pay. The only reason I can think of that a group of people would organize something like this is because pretending to be native English speakers and presumably pretending to be US- or Europe-based will automatically get them a higher pay scale. (If I understand correctly, they are possibly a team of programmers in some other country, and <i>are</i> offering to actually do the work, but just pretending to be other people while doing it in order to get a higher paycheck.) Not making any judgement here regarding location-based pay, although that&#x27;s an interesting discussion for another thread, but in today&#x27;s remote work environment, new kinds of fraud are definitely an interesting consequence to be on the lookout for. Fascinating, and dangerous.

Cached mirror, since I&#x27;m getting a gateway timeout: <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20220927155115&#x2F;https:&#x2F;&#x2F;connortumbleson.com&#x2F;2022&#x2F;09&#x2F;19&#x2F;someone-is-pretending-to-be-me&#x2F;" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20220927155115&#x2F;https:&#x2F;&#x2F;connortum...</a>

Related active discussion in this thread. Ask HN: Have you experienced “hiring fraud?”<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32996457" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32996457</a>

Bizarre. I (US-based engineer with an Upwork account) was invited into a less sophisticated variant of the scam in spring 2021:<p>&gt; Nice to meet you. I am looking for a US person who do business with me. You can earn money with a few cooperation. Do you know Upwork or Toptal site?<p>They also had the text of the message in a GitHub repo. I tried reporting them to GitHub, Upwork, and Toptal, but I don&#x27;t think they knew what to do with it? I assumed my scammer was looking to evade banking rules or sanctions, but it could be for either fake employment or actual work with a US-based persona like in this case.

<i>&gt; discovered through Upwork</i><p>That&#x27;s been my own experience with Upwork (as someone looking for work).<p>100% of the contacts I received <i>(100%, like in Every. Single. One.)</i> was a scam (either trying to scam me, or inviting me to participate in a scam).<p>I realized that Upwork is a sewer, and quickly bailed.<p>It&#x27;s sad, because I heard very good things about Upwork. Of course, these &quot;very good things,&quot; all came from people who <i>hired</i> through Upwork.

This is utterly creepy. Kudos to the college kid who did the right thing here.<p>I&#x27;ve never had anyone try to impersonate me for a job, but I have had people steal my photos and create Tinder profiles using them in cities I don&#x27;t live in (I&#x27;ve been alerted because people who recognized me sent me screenshots). I tried to catfish the person who was using my photos to catfish others, but was unsuccessful. I dreamed of doing what Connor did, which was to confront the person who was using my face on a video call.<p>I&#x27;m so sorry this happened to Connor but am grateful he documented this sort of scam, which I fear is probably a lot more common than we know. I see people on TikTok all the time encouraging these sorts of outsourcing scams of taking jobs on Upwork or something else and then hiring people to do the work on Fiver or in markets where the cost of labor is much, much lower. Do this with enough volume and you could make decent money, I imagine.<p>But how utterly distasteful for the victim.

These kind of frauds are really bad for legitimate remote workers. Hope employers don&#x27;t get burned and start cutting back on remote opportunities.

If you are a software developer, check to make sure you aren&#x27;t being impersonated on Upwork as well. A couple months back someone (I think I know who, but have no proof) was posing as me, and a suspicious client noticed that the person they were chatting with on video did not look that much like me in real life. Two other PHP&#x2F;Laravel devs had impersonators on Upwork as well around the same time.<p>One of these other devs only noticed because the client sent a calendar invite to his real email, instead of the one provided by the impostor.<p>[edit - I&#x27;m reading through the original post, and I see now that this was all done through Upwork as well. Yikes!]

I had this exact same thing happen a few years ago, with an internal employee.<p>They had gotten someone else from the India office to conduct the interview. He said his camera wasn&#x27;t working and we didn&#x27;t think anything of it.<p>He aced the interview, even made good recommendations on the project he would be running.<p>The guy that showed up wasn&#x27;t even at a junior level. It became painfully obvious after a couple of days. Pure red flags but the highlight...<p>- When asking for a project plan on an enterprise level project his response was &quot;I can code all this in 3 days&quot;.<p>- Proceeds to supply broken code.<p>- When mentioned the code doesn&#x27;t work he gets aggressive and says other people on the team broke it.<p>- Code gets reviewed by a senior architect (Bob) from another team. Turns out code was copied from an external github. So even if it worked it would be illegal to use.<p>- They get aggressive saying that Bob is jealous.<p>- Bob proceeds to document in detail the codes origin, legal details and points out where the code is broken.<p>- Bob and senior management have a meeting with the guy, where he is asked supply his original code (which he can&#x27;t). Is then asked to explain exactly what the code does.<p>- Bob puts the cherry on the cake where he finds a simple broken function that anyone junior developer could see is wrong. Asks him to explain what is wrong with that code.<p>After that the guy got fired. Not sure if they investigated further in the India branch. But it was embarrassing all round.<p>I&#x27;m still not sure how the imposter planned to keep the job after getting it. I suspect the stand-in expected money and didn&#x27;t get it. So didn&#x27;t support them.

The craziest thing I came across my recent travels to India is that people applying to jobs hire a shadow interviewee. They will sit in the same room controlling keyboard and mic. They will train you to do the fake lip movement. They will give interview while you face the camera. They charge you roughly 10% or so of what you would make if you land the job. I heard this from reliable sources where my friends came across such fake interviewers while interviewing and also friends who has seen some colleagues who hired these shadow interviewers to land a bigger &#x2F; better paying job.<p>This goes even deeper. During pandemic, supposedly there are even shadow engineers who does the work for you. :-(

I run a job platform. This scam is pervasive, especially with contract work. We&#x27;ve had to get really good at recognizing patterns because their covers are really good (even faking passports and work history).<p>Many of the big contract platforms are dealing with this too. Hiring managers are getting tired of it and are 1) not hiring as many contract workers and 2) not using platforms to hire those workers.<p>Unfortunately, this hurts small companies more since their hiring practices are so lax and there&#x27;s a crop of new ones every few months.

There are people out there right now putting a truly astounding amount of information on their wholly-public Facebook, Instagram and LinkedIn profiles.<p>My main message for people is to <i>resist the social temptation</i> to share every detail of your family&#x27;s life on social media, in the long run it&#x27;s better for your privacy, your family&#x27;s privacy, your security, and reduces opportunities for malicious data mining.<p>It&#x27;s sufficient to build an entire identity theft kit if you&#x27;re a malicious actor wanting to impersonate somebody. Somebody would combine whatever is available from social media with things like linkedin profiles, CVs, github projects, other github-like-project profiles, and linkedin-type business networking site data.<p>Or at least a good enough to pass cursory inspection&#x2F;examination identity theft kit to impersonate somebody with a close-enough email address, or a throwaway custom domain name registered for the purpose.<p>I would highly recommend anyone that <i>does</i> keep an account somewhere like Facebook to stop posting photos of your house, family members and to set all of your &#x27;privacy&#x27; settings to whatever is the friends-only&#x2F;maximum setting. Try looking at your own profile from a different browser with no cookies in a burner account or incognito mode and see if any of your personal life is visible.

&gt; <i>”The fake Connor Tumbleson immediately left the Zoom call.”</i><p>I guess he felt the ultimate Impostor Syndrome.

While working for one of the largest consultancies, I had to interview an offshore candidate for an onshore position in my team. It was a database development job and I asked the typical SQL questions, data modelling, etc - all over Skype with no camera. The guy on the other side seemed very knowledgeable. Amazingly high level for the job actually, and better than what his CV suggested. Being an internal candidate, I did not suspect anything and recommended him for the job. A month or so after that, management flew him in and I got to meet him in person. To my surprise, his language skills and much less his technical skills were anywhere near what I experienced at the interview. He was very keen to be a manager, with very very poor SQL skills - even in theory. A friend of mine later told me that it is a common practice in the offshore dev center to let the good devs interview for positions and then to send another person to do the job. They apparently did that to clients quite often and it was not surprising to him that I got the same treatment - even though it was an internal assignment.

A couple of weeks ago I received this email:<p>&quot;Hi, Billy<p>How are you?<p>I checked your Codementor account, it is great.<p>I am *** **** from Ukraine.<p>I am 32 and I am also a computer programmer.<p>I want someone who can help me.<p>Would you lend me your account?<p>If you borrow it, I can earn a lot of money.<p>I will pay 100 usd every month.<p>Regards.&quot;

I wonder how widespread this really is?<p>If it&#x27;s reasonably common, there might be a place for a &quot;reputation protection&quot; service in the tech community - a service that watches various contracting and hiring sites for its members names, then notifies the real person when their name is used.<p>I could see it being a real issue in the future if someone&#x27;s professional reputation is tarnished this way. If a prospective employer searched for a candidate and found multiple profiles with very different skills listed, that would be a huge red flag. Worse, if the fraudulent person was hired and then fired, that information could find its way to places where the real person is applying.<p>If they were able to successfully land a job like this, I could also see that messing with the real person&#x27;s tax situation.<p>... I&#x27;m off to look for my name on Upwork, I guess.

Sounds like this scam artist did more work to land Connor a job than some recruiters.

I could sure use a flowchart to follow this story. Baffling level of fraud.

Woah, small world. I got an email from &quot;Maris&quot; too, back in July: <a href="https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;Q7pq9uu" rel="nofollow">https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;Q7pq9uu</a><p>I never responded to it, since it reads like an obvious scam, but I had no idea the scam was this elaborate.

While it&#x27;s not at all surprising, it was a fun read. Having used Elance&#x2F;Upwork in the past, I was pretty sure quite a lot of off-shore (Indian, Eastern European) companies do a similar scheme. At least some of them definitely pretend to be a single developer and&#x2F;or let one developer with better skills (communication and programming-wise) do the interview and then throw cheaper &quot;resources&quot; at the actual project.<p>The surprising part was that Maris&#x2F;PND seems to have a pretty good command of English himself, so he could have easily done this without involving other people and thus mostly avoid being caught. Though maybe he runs a larger operation and he simply needs more people to do this.

About 12 years ago, I attended a barcamp (blast from the past) where someone gave an SEO talk about how to hack search and adwords to provide no value but capture eyeballs and trick people into clicking on things to make money. I recall many references to a wider community they were a part of that did this, traded tips and tricks, and generally evolved their trade of grifting at scale.<p>I can&#x27;t help but feel there&#x27;s a whole community of people out there with few morals who are trading tips on how to set up scams like this. The &quot;web of lies&quot; seems so deep and complicated I can&#x27;t imagine this whole thing was built in a vacuum by one person.

Scam is rampant on LinkedIn. I&#x27;m getting constant connection requests from obviously fake profiles with AI generated faces.

I think the root of the issue is LinkedIn. I know a number of scammers regularly monitor LinkedIn. When a new employee at our office updates LinkedIn they start getting email from the &#x27;CEO&#x27;, first asking for a personal cell number, and then asking to buy gift cards in a hurry.<p>I&#x27;m seriously considering being LinkedOut.

This reminds me of the time I agreed to hear a seed pitch from a Web3 company and they accidentally showed a slide where they had copied text from my LinkedIn profile onto their team slide under an unnamed VP that was &quot;soft circled&quot;. The text was distinctive enough that I immediately recognized it and it couldn&#x27;t have been any other person. I&#x27;d never met them before that call and wasn&#x27;t looking for a job.

Connor: I found it kind of a funny twist that when I wanted to leave a comment on the bottom of your blog, it assumes that my name is Connor Tumbleson. It&#x27;s like you want people to pretend to be you ;)

This exposes the truth about showcasing who we are all the time all around the internet, why too many details are needed out there anyway? I will keep posting my CV online, but really, it makes me feel like I should not.

My name is evidently hard to pronounce, even though the spelling, which is seldom right, is phonetic. It is specific to an obscure ethnicity. Except for also being my father&#x27;s name, it is globally unique. I own the .com of my first name. Despite the occasional annoyances, I appreciate it as a security feature.

I stopped joining interviews&#x2F;working with companies for similar reasons. I do freelance. I suggest you to do the same, until the time when the market gives us an ethical and a fair working space. Unfortunately spamming&#x2F;impersonating people became a normal thing and people don&#x27;t even feel ashamed for it. They do it like its their normal job. (Especially Indians, sorryaboutthat but I won&#x27;t be politically correct for this case. Work on fixing that in your community if you feel offended.)<p>Also the story sounds like he&#x2F;she&#x27;s somebody around your close circle. Maybe you can stop what you&#x27;re doing and spend some time to filter some people out.

As for motivation, maybe cash out one or two paychecks? Dunno how it works in the US, but where I live that would be hard without any ID or tax information. Maybe they&#x27;ll request the first paycheck as a cashiers check? Paypal payment? Who knows. But 1-2-3 months worth of US-level salary would be a fortune in some parts of the world.<p>In the days of remote work, it would not surprise me a bit if there are organized criminals doing this 24&#x2F;7. Just churning out job applications, hiring people off fiverr, upwork, etc. to do the interviews, collect a paycheck or two and disappear. Could easily be worth $5000-$20000 pr. scam, if they manage to get hired.

I had to review a number of developer resumes from a similar site back in 2020. Reading through them absolutely set off my &quot;this is a fake person&quot; detector. The resumes had similar formats, they all seemed to point to a real person, but there was a lingering sense of similarity between them which was too much to account for. I though it might have been because the site provided a way to create resumes and they were all choosing from some common set of options or something like that. However, reading this account makes me think that a scam like this is an equally likely explanation.

That&#x27;s a nice bit of detective work you did.<p>What happened is fraud, and potentially harmful to your reputation. If you can afford it, consider seeking legal remedy. It sounds like the twits running this scam are amateurs and its possible services like Zoom could unveil better leads toward pinpointing the perpetrators if compelled. Google&#x27;s impersonation policy seems particularly wanting. You could consider reporting to law enforcement as well, for what that might be worth.<p>Thanks for sharing and I hope your story serves as an example to those who are out there hiring to stay alert.

&gt; I then learned this was a interviewee discovered through Upwork<p>People trying to get cheap labor and instead get defrauded.<p>I feel bad for Connor though.

Interesting. I doubt it was the same person, but I was approached with a proposition regarding Upwork not super dissimilar to this three times by somebody on the Elixir Slack. I think it was the same &quot;person&quot; each time just with different accounts because they kept getting banned by the admins.<p>Basically the person would write to me and say something like, &quot;I&#x27;m a good $language dev and am worth $120&#x2F;hr but in my country that is really high pay and people won&#x27;t pay it unless you&#x27;re American. I&#x27;ll get closer to $25&#x2F;hr.&quot; Then the deal is something like this: &quot;We will apply for jobs&#x2F;contracts in your name, but I&#x27;ll do 100% of the work and you keep half the money and send me the other half.&quot;<p>The worst part is, I get the feeling that the premise is actually true and that this person is merely trying to beat the system. However, I could never bring myself to do such a thing due to the dishonesty required. Secondarily (but importantly) I&#x27;ve been burned by low-cost foreign contractors that billed for over a week before essentially delivering nothing, so I&#x27;m a bit once-bitten twice shy. I likely never would, but have considered doing a similar strategy but in an honest way where I&#x27;m up front with the client that I won&#x27;t personally be doing all the work, but instead will out-source it, but I would be their point of contact&#x2F;PM and if the work wasn&#x27;t acceptable then (worst case scenario) I would (re)do it all personally.

Had this happen to me as a client on Upwork.<p>Interviewed some Italian guy, but when the job started a Russian guy with Asian roots was on the cam.<p>Somehow I understand his situation, but nevertheless ended the call after one minute.

Upwork just doesn&#x27;t care.<p>I was on the receiving end of one of these recently. I was looking for US-based contractor, found someone whose profile looked legit, and reached out. In the phrasing I got back via email, I knew this wasn&#x27;t the native English speaker I was expecting.<p>Here&#x27;s my thread: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;watilo&#x2F;status&#x2F;1561795264888901633" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;watilo&#x2F;status&#x2F;1561795264888901633</a>

That&#x27;s made me think.<p>Why the hell don&#x27;t software developers have their own chain of trust?<p>(Well, professionals in general, but you&#x27;d think that we&#x27;d have gotten this shit working for ourselves first.)<p>It would kinda fix this shit - at least to the extent that it was actually used.<p>So then all you need to do is have &quot;Company X&quot; adopt the policy that all of their people must be connected to the trust chain.<p>From then on &quot;A&quot; of &quot;Company X&quot; fame can no longer be impersonated (except via theft of keys).

&gt;On September 14, 2022 I got an email from someone that reeked eerily of a scam, but it turned out to be quite real. The full text is below.<p>[...]<p>Am I just naive, or does the email that followed below not sound like a scam at all to anyone else? Getting this, my alarm bells would indeed go off, but more in the &quot;this person is probably telling the truth, someone might be impersonating me&quot; department, not in &quot;this person is trying to scam me&quot;

A long while back I was sitting in a coffee shop, and happened to meet a guy recounting his work history to a client. The hilarious part was hearing my life plagiarized off my web CV at the time. Seeing the con describe climbing an antenna mast where I worked was awe inspiring given he was over 350lbs. I tipped off the client to do his own verification after, as there was no way that guy was part of our small team at that time.<p>Some people are certifiably insane, and will con anyone to make money. Note, confronting psychopaths with proof they are liars is extremely dangerous. These are the people that will hold grudges for decades if they feel you owe them something, or do something nasty.<p>Weak Stenography in your CV is also good for auto-screening&#x2F;blacklisting those engaged in social-engineering workers. You would be surprised who shows up. ;)

This seems concerning.<p>Is this going to be a new problem that the gov is not equipped to deal with? Are we going to need to be on high alert that one day the IRS is going to alert me that my tax bracket is 37% because of my income from the 6 jobs I&#x27;m working? Then it will take months or years of legal battles to &quot;prove&quot; I didn&#x27;t actually work 6 full time jobs this year.

I think this is probably more common than we might think. Given remote work being preferred lately, this is probably doable, especially if companies are hiring large numbers of random contractors. I know my old team members (I retired recently) have gone through a ton of remote contractors recently, many of whom were completely useless. Thankfully I only hired people before Covid hit, and at that point everyone was required to work in office (at least for the work I was responsible for). Everyone I did take on was either excellent or at least competant. I did hire most of them off of phone interviews only, so maybe I was lucky.<p>If an experienced person does the interviewing asking the right questions &#x2F; requiring tests &#x2F; etc might be insufficient to realize the person you are interviewing is not the person who will do the work. I wonder how you would catch this before actually having the &quot;worker&quot; start.<p>I guess this is a downside of all remote work assuming your company is less than thorough in checking references&#x2F;documents&#x2F;etc.

Quote: &quot;I then learned this was a interviewee discovered through Upwork - so I asked for all the proof and continued my investigation<p>......<p>I&#x27;m not sure how this actually pans out if it works. Can you really refuse to use video for the entire contract of the job? How do you get paid if you need to submit tax documents? Do you pretend to be me forever?&quot;<p>Having over 15 years working as freelancer through Upwork I can answer that.<p>1 - Can you really refuse to use video for the entire contract of the job? Yes, you can. But only if you&#x27;re good at your job. 90% of my clients never knew my real face. I only did video calls with the other 10% of them while we were already deep in the project(s) and trust was already well established. I do prefer voice over written chat though so I have weekly calls with all of them.<p>2 - How do you get paid if you need to submit tax documents? Upwork is great in that perspective. They have a lot of FAQ helping you with all tax informations and if that fails you have live chat too, with support. However, in this case, being the fact it was an impostor, Upwork style of getting paid and filing for taxes are 2 different beasts they frankesteined together. You still get paid under the fake name using your desired method of payment and filing taxes under your real name, which is done outside of Upwork&#x27;s control.<p>3 - Do you pretend to be me forever? Not necessarily actually. You can do bait&amp;switch. Bait clients, do good work for them, create a great relationship with them. Then either you create a new profile under real you and move projects there or move them outside Upwork forever. The fake identity sham is only there to help land the clients in the first place. Once you hook them and they depend on you, they really don&#x27;t care about Upwork&#x27;s protection and all that, they just want work to be done.

This happened to me once. It got really weird. My partner and I didn&#x27;t know there was a fake account made, and we later found out, for days this fake account was talking to my partner - being super nice and genuinely a better person than the actual real me.<p>Anyway, they later asked my partner to send money to their personal account. I was a little bit sad.

I&#x27;ve been approached several times online by different people who wanted to buy my CodeMentor (now arc.dev) profile. It&#x27;s a pretty strong profile with a lot of good feedbacks, but I haven&#x27;t done any work (mentoring) in the past few years.<p>I see how this could be valuable as it can be really hard to build credibility from 0. (Though it definitely depends on the particular platform rules&#x2F;dynamics.) E.g. I used to have an Elance profile for 15 years or so, which got transitioned to Upwork, but it mostly got reset to zero. When I last checked about 5 years ago I was presented as someone who has never worked there and never had any feedback which would have made it very hard to win projects. (Not that it seemed worthwhile anyway.) So while it&#x27;s 100% unethical, there is probably a pretty strong motivation for these kind of trickeries.

Email providers should publicly disclose how old an email address is, and email clients should warn about emails coming from brand new addresses. My gmail account is 15 years old, so any email I send is unlikely to be created just to impersonate someone else.<p>This doesn&#x27;t help though if your name happens to be Kevin Smith or something.

Like all scams and spam, if it didnt work then people wouldnt do it. But I am struggling to see how it will work.

This story gave me an idea for a different kind of scam in which the scammer acts as a man in the middle between a candidate and an employer. The idea is that the scammer could pretend to be the employer, tempting the candidate to go through the interview process. Whether the employers decides the reject or extend an offer, in both cases the scammer &quot;rejects&quot; the candidate, and takes on the offer to cash out pay checks until they&#x27;re being fired.<p>The main technical challenge for a scammer would be to create a trustworthy looking email address so as to not raise the candidate&#x27;s suspicion. It might not work with big companies but I&#x27;ve seen some companies using 3rd party services to send interviews invitation so it&#x27;s not completely unlikely that this could work.

Kind of related - I worked in the defense industry in the early 00s. I found out a couple years after I left a certain defense contractor that defense contractor was still using my credentials along with other current and former employees to submit for contracts.

So my guess is that the scam ends with the scammer negotiating a &quot;deposit&quot; to start contract work, and once the deposit is paid they disappear. Otherwise I think this scam would be a lot more work than just actually getting programming gigs and doing the programming work.

I received a message from a stranger on LinkedIn in fall of 2020: “Good talking to you the other day.” I assumed they’d intended to message some other person with the same name, but no, it turned out that someone had applied for a developer position at their company as me. They gave me a link to the person’s profile on another site, which was basically a copy of my LinkedIn profile, with some details tailored (presumably) to the role in question. We both contacted the site and soon after the fake profile disappeared. I hadn’t thought about it since. A strange detail from my perspective, reading this thread: my first name is also Connor.

I had a similar experience on Triplebyte, but didn’t have the nerve to pursue the line as far as Connor did here.<p>Was reached out to on Triplebyte by a guy claiming to work for a large casino in Las Vegas which I won’t name. Asked me to sign an NDA before the interview or that he would tell me what the job was. Couldn’t find him on LinkedIn or anything. The NDA was a word document which I think I signed via online service but never physically opened on my machine because (thank god?) I don’t own Microsoft word, on a Windows machine.<p>Pretty sure it was some sort of scam, but I couldn’t for the life of me figure out what it was they were after. Perhaps this is it.

&gt;So we can see the 35 members in this Slack, but I don&#x27;t feel comfortable posting that list. I have no idea who is real or fake and who may be working for this company unaware of what is actually happening.<p>&gt;So I sent an email to two of them after I found them on LinkedIn to further help investigate this. One immediately responded unaware of this behavior occurring and left the group.<p>Although I admire the authors restraint, I am more than a little unimpressed with one of the contacted being &quot;unaware&quot; of the behavior. &quot;Excuse me, did you know you&#x27;re in a group that is actively committing crimes?&quot; How do you think they&#x27;re going to respond?

Incredibly, I think a job posting with the same end goal has just been posted on Code Mentor, by a profile made only in June (2022). I could be wrong, but just in case - I took a screengrab to share with you all (find here: <a href="https:&#x2F;&#x2F;i.imgur.com&#x2F;up7sMg3.png" rel="nofollow">https:&#x2F;&#x2F;i.imgur.com&#x2F;up7sMg3.png</a>). In case I&#x27;m wrong, I&#x27;ve blocked out the profile in this screenshot - however if Connor wishes to investigate, I have saved more details.

These scams have been happening for decades. It&#x27;s as hilarious as infuriating when somebody shows up to a job site and it&#x27;s <i>clearly</i> not the person that was interviewed.

Let&#x27;s say that this happens with some regularity: an imposter is hired to take an interview on behalf of a third party who is obviously not the same person. Let&#x27;s say that, some of the time, this ploy is successful and the third party is hired for the position. Don&#x27;t they just get fired immediately? Is this entire scam just about getting a couple day&#x27;s salary? Or do some employers just shrug and go with the flow?

I had something similar happen to me a few years back. Someone using my photo and profile from my personal site and uploaded it to upwork to get contract work. I found out b&#x2F;c someone hired them for a contract (thinking they were me) and got suspicious. The employer found my real email on my site and contacted me. Not sure what I can do to prevent it. I put a warning on my site saying to look out for impersonators.

Why didn&#x27;t they make a up totally fake person with a fake history instead of using a real person? I feel like it&#x27;s possible to do, even fake a github.

What I can&#x27;t piece together here is what the scammer&#x27;s endgame is. They land a cushy developer job under some false identity and ... then what? They&#x27;re not going to pay some random college student to attend every meeting, are they? Even if they were, are they going to be able to maintain the level of work they lied about? If they really had those skills, they would just interview on their own.<p>Something&#x27;s not adding up

I got an offer for something similar from someone recently, wanting to rent my codementor account that I haven&#x27;t used in half a decade. Strange times.

It looks like this scammer has been targeting well-credentialed developers for over a month. Here’s a Twitter thread from August: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;searls&#x2F;status&#x2F;1534913027795038208?s=46&amp;t=83joC-BJHpPTPfkEZur7WA" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;searls&#x2F;status&#x2F;1534913027795038208?s=46&amp;t...</a>

Reading this I was thinking about how desperate some companies are to hire anyone to get job done. And the definition of done in that case is just make the code working - no matter how low quality it would be and how hard it would be to read and update for the next John Doe from Upwork. It&#x27;s a race to the bottom inside race to the bottom.

I&#x27;d love to understand the legal&#x2F;tax aspects of this - what SSN and addresses does the &quot;middle man&quot; use - I get that it&#x27;s easy to get an SSN but within a matter of a year most of the work would be discovered come tax time. And IMO the best parts of Tech are the actual vesting and RSU&#x2F;Option packages an employee gets.

I was contacted on Linkedin once by a guy claiming he wanted me to interview for jobs pretending to be him because his English wasn&#x27;t good.<p>I nopped the f out, so I don&#x27;t have any more info. Maybe it would lead to a similar scam.

Can&#x27;t raise the site right now:<p><a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20220927224436&#x2F;https:&#x2F;&#x2F;connortumbleson.com&#x2F;2022&#x2F;09&#x2F;19&#x2F;someone-is-pretending-to-be-me&#x2F;" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20220927224436&#x2F;https:&#x2F;&#x2F;connortum...</a>

&gt; We are not an adult company.<p>What are the chances its children behind this, maybe even American children lying about why they need a stooge? It would explain why they&#x27;re not concerned about violating federal law, whatever else, I think also US Code Title 18 Section 241, Conspiracy Against Rights (a wild guess, iinal).

People, I really tried to read comments to understand if someone had my same question: what for?<p>Eventually you need to pay this person, he&#x2F;she will need to give you some ID or passport, etc. How can someone just employ a name? Or is it just because they are contractors (so no document &#x2F; background check)?

&gt; So if you hired a Maris in February 2022 - you may want to double check who you actually hired.<p>I’d love to hear a follow up.

I know this is HN, but an entire thread about imposters and not one mention of Among Us... maybe that&#x27;s just my viewpoint :)<p>But that said, I do wonder if Innersloth actually has to deal with similar issues like this, especially after the boom of interest in the game. Maybe not?

I&#x27;ve had the reverse experience on upwork: the client is asking for bids on a project but when you google their name and location it turns out they&#x27;re in jail. When we had a zoom call their name was different.. I&#x27;ll have to cancel the project i guess.

Slightly off topic, but<p>&gt; Thankfully I&#x27;m not sitting on a Windows machine and can just preview the document via Google without a fear of infecting myself.<p>Is that true? Can you get infected by seeing a preview of a Google Doc from Gmail or even opening it on Google Docs? I thought the browser was isolated.

I just realized this could really open up some great possibilities.<p>Any project associated with me that went well, I’ll definitely be claiming credit for.<p>Any project that went poorly.. that’s clearly the impostor.<p>Thanks other selves for building my CV! So this is how you get 10 years of experience in 2 year old tech

Just imagine that all this could have been avoided if we would start using email signing ;)

Someone created a github account with my name and has been squatting it for years.<p>Github support tells me they won&#x27;t deactivate or rename the account (I don&#x27;t want it, I just want it gone) unless I copyright my own name and file a copyright complaint with them.

It&#x27;s so weird and creepy .. thanks for posting all the details of the investigation. I hope the person is nailed, but in the end this is the dark part of the internet. There&#x27;s no end to fraud, identity theft and scams.

Good story, but how do you search on Google Analytics IDs?<p>“You can reverse those sites to find a couple hundred of domains on that IP, then cross-check the list against matching Google Analytics IDs and find almost 50 domains”

What is the end game from the scammer&#x27;s point of view? Sign-on bonus? I don&#x27;t understand how that would work given all the legal work required. At some point the fake identity must be made obvious?

Upwork is a cesspool. There&#x27;s a lot of shady shit going on in there. Another scam they&#x27;re doing there is for someone to borrow your Apple App Store or Google Play Account to upload their build.

The root problem we have on the Internet now is anyone can scam anyone without repercussions. We need real identities online, and perhaps an international body that can prosecute crimes.

At some point people will start to figure out that having authenticated online personas would be useful.<p>Just like in the real world.<p>Authenticated and anonymous are not mutually exclusive. We need a mix.<p>Just like in the real world.

Isn&#x27;t this the same modus as the North Korea scams that we&#x27;ve seen a few times before ? We&#x27;ve seen similar stories on HN and there was a darknet diaries episode about this too.

what gets me about this story is that they chose a developer to impersonate who seems to have a pretty dang unique name. I share my name with only one other person in the world, but going by a quick google search at least, Connor is the only Connor Tumbleson in the world (or at least online). this seems like a pretty big liability—if I was in charge of running this nefarious group I would stay away from names like Connor Tumbleson, and instead go for impersonating Bob Johnsons and John Andersons or whatever.

This bring back memories and PTSD... Mine went so far that I cannot talk about it, as it nearly touch my very existence. Identity usurpation can go deep, down to the root certificate.

Darknet Diaries had an episode where they mentioned that hackers will do this (hire someone to land a job for them) routinely to get into companies.

And how do we know the author is not pretending to be him?

Maybe it&#x27;s time to add PGP public keys to resumes.

After seeing several stories like this on Hacker News, I&#x27;ve pulled down my LinkedIn profile. There&#x27;s no reason to have your resume on-line.

My actionable advice to remote hiring managers: vet your upwork guys really hard. Have them turn on webcam in every meeting you have.

From the headline alone, I was hoping this would be someone writing about being the subject of Nathan Fielder&#x27;s &quot;The Rehearsal&quot;.

TIP: this is why you set up Google Alerts[1] on your name and any common nicknames&#x2F;usernames you use.

This post made me look up my name on Upwork. Luckily I am not there. Currently contemplating wiping out my info from LinkedIn

TIP: this is why you set up Google Alerts on your name and any nicknames&#x2F;usernames you use often.

If your fake profile is not on Upwork yet, then you apparently have a disappointing (or at least a not marketable) career.

This stuff only happens because of the huge discrepancy in salaries you can get based purely on geographic location.

&gt; <i>I could not stand this anymore listening to someone legitimately claim they were me...So I turned on my camera, renamed myself back and asked the individual what the hell they were doing... However, before I did that. I wanted to childishly email the address of the person impersonating me.</i><p>WHY!? the undercover vicitm doesn&#x27;t jump up and shout when the crime starts to go down, except to drive the plot in really bad tv series.<p>This could have been the beginning of a new Cliff Stoll <i>Cuckoo&#x27;s Egg</i> thriller! I am dissapoint, but I guess &quot;who has time for all that?&quot; Interesting story nonetheless.<p>It brings to mind these immortal words (needs more line breaks but then it would be longer):<p><i>If you can keep your head when all about you Are losing theirs and blaming it on you, If you can trust yourself when all men doubt you, But make allowance for their doubting too;<p>If you can wait and not be tired by waiting, Or being lied about, don&#x27;t deal in lies, Or being hated, don&#x27;t give way to hating, And yet don&#x27;t look too good, nor talk too wise<p>If you can dream - and not make dreams your master; If you can think - and not make thoughts your aim; If you can meet with Triumph and Disaster And treat those two impostors just the same;<p>If you can bear to hear the truth you&#x27;ve spoken Twisted by knaves to make a trap for fools, Or watch the things you gave your life to, broken, And stoop and build &#x27;em up with worn-out tools<p>If you can make one heap of all your winnings And risk it on one turn of pitch-and-toss, And lose, and start again at your beginnings And never breathe a word about your loss;<p>If you can force your heart and nerve and sinew To serve your turn long after they are gone, And so hold on when there is nothing in you Except the will which says to them: &#x27;Hold on!&#x27;<p>If you can talk with crowds and keep your virtue, Or walk with Kings - nor lose the common touch, If neither foes nor loving friends can hurt you, If all men count with you, but none too much;<p>If you can fill the unforgiving minute With sixty seconds&#x27; worth of distance run, Yours is the Earth and everything that&#x27;s in it, And - which is more - you&#x27;ll be a Man, my son!</i><p>If: A Father&#x27;s Advice to His Son ― Rudyard Kipling

Creepy. With recruiters you can expect anything but a zoom call with an unexpecting client. That is new for me.

Is any actual work happening here? Does someone ever sign an offer letter and start checking in source code?

How does this work in the end? You&#x27;ll fail the background check when you send in your SSN.

sketchy interview stuff is how ronin got hacked. I feel like impersonating other people in a job market or &quot;fake interviews&quot; will be more common. Really scary and a relatively common practice compared to the knowledge out there about it.

Legit worried about these shenanigans now. So much info is leaked via job searching.

This seems similar to reports of North Koreans running deep fake interviews

&quot;connortumbleson.com refused to connect&quot; - HN HoD?

He looks a like a loser. Not u. I am him or her.<p>U know what I mean

Better title than before. Thank you!