How to Uncover a Scam: A Case Study
The steady rain of scams on the internet is familiar to almost everyone. Automation technology has allowed the emergence of a plethora of fake companies online. With a little effort, anyone can put up a decent-looking website and roll out an online presence that passes initial scrutiny, but on closer investigation, can be spotted as a fake. Let me show you one of these.
Just this week, one of our customers’ marketing departments was getting ready to stand up a couple of new promotional websites for the coming new year. We’re not an exclusive partner and don’t handle all their services, so often our customers will work with other companies, especially creatives, to build out various projects, and we enthusiastically support those efforts. This one, though, was different.
Our customer reached to ask us to look over some of the requests and requirements that were sent to them by their intended design firm. One of those requests was a bit strange; the web design firm wanted a list of all email addresses the organization used. That tripped off a bit of an alarm on our end. There was no technical reason why they would need to know all of those email addresses in order to design a new website. We started to dig a little deeper.
The name of this web design firm was Webilistic, which we had never heard of. We checked out their website, at first glance looked like a Logo Design & Marketing firm that did websites and a number of related activities. Of course, we were looking at it with a critical eye by this point. My first step was to check out the domain itself. Domain name registration dates are public record. You can look them up using a system called “whois.” The most common portal for which is located at http://www.whois.com/. By checking https://www.whois.com/whois/webilistic.com, I could see the domain was only registered in June of 2019, and the site hosting is done by liquidweb.com, which is a very low-cost web hosting site. Both of those are consistent with either a very new studio trying to get started, or a bad actor.
Fortunately, Webilistic had a portfolio, so we could see what customers they already had. Most of the screenshots of sites were instantly dubious. Almost all the organizations shown had a website that didn’t resemble the portfolio picture, or had a footer identifying the web design studio that had made the site, and it wasn’t Webilistic. Most interestingly, those links in the footers had been edited out of the screenshots.
At this point, I started paying attention to the Zendesk conversation box popping up on the website. It told me that Jacob Byrne, Senior Design Consultant, wanted to help me with any services I might want to order that day. Jacob had a remarkably artistic profile picture. With a quick right-click, and “Search Google for image”, I found that it was actually a picture taken off hairstyle.com. Congratulations to that model, whose picture apparently screams “Senior Design Consultant”.
At this stage, I was fairly certain that this web site was cover for some kind of scam, but we didn’t have buy-in yet. Their place of business was listed as Suite 2600 at One Gateway Center in Newark, NJ, but a quick Google Search revealed that address is a Regus coworking office. Again, possibly a tiny startup trying to get their legs under them and using their website to appear larger than they were.. Their LinkedIn page suggested they had 51-200 Employees, which would be extraordinary for a Regus-based company.
Now, Deep Core Data was once little more than a logo and a dream, and if this really was this company’s big break, I didn’t want to scuttle it for no reason. It was possible the portfolio pictures on their website were from sites their designers had done at other companies. None of what we found was outside what a very motivated ultra-small businessperson might do to get their company off the ground.
Clutch, Manta, Goodfirms, and a number of other sites had a listing for Webilistic, but no reviews. We found a few free easy-build websites for the company around the web, from places like yolasite and webflow.io. We finally broke the façade when we did a image search on a logo example for a restoration company near Dallas called Zeus Restoration. Their website was actually credited to a Texas marketing firm named Big West Marketing. We discovered that that particular picture was on a website belonging to Logo Design Legends:
Now, that’s a familiar-looking homepage. Logo Design Legends didn’t have any physical address listed, but it did have reviews online. They cleaved to a trend, I had to say, best exemplified by their TrustPilot page: 8 five-star reviews, and 4 one-star reviews indicating the company had accepted payment and returned no product. All eight five-star reviews were made between 25 May and 27 June of 2019, and almost all by users who only had one review on their profile. I say almost all because one of the reviews had reviewed two other companies. Logovagant UK, whose website looks like this:
And Corpwriting.co.uk, with this website:
Amusingly, despite being named CorpWriting.co.uk. they are apparently headquartered in Princeton, New Jersey.At this point, we were pretty solidly in the camp that Webilistic was just another face of a continuous scam. We asked to speak directly with the contact at Webilistic, and to our complete lack of surprise, our call went to voicemail. To our shock, however, we got a call back.
The fellow at the other end of the told us the reason he needed the email list was because he was migrating Email Hosting for our client. Migrating email isn’t incredibly difficult, but it isn’t something you do lightly, and our customer had never expressed any dissatisfaction with their existing Microsoft-hosted email. We confronted him about that, and he got angry. After saying a few inadvisable things to one of my engineers, he told us he “wouldn’t make any money on this deal if he didn’t get the email hosting.” We told him we’d be checking in with our client the following day. Suffice it to say, we never heard from Mr. Warner again.
The fact of the matter is that this scam only got stopped because we were able to intercede on behalf of our customer. They were exposed to thousands or tens of thousands of dollars in losses if they had been baited in. Scarier still to me personally is that Webilistics was offering “Amazon Management”, selling the service of managing an AWS instance. A bad actor with unrestricted access to an AWS instance can easily run up hundreds of thousands of dollars in billing mining cryptocurrency for themselves and then leave you with the bill.
All of this is to say that having a partner to manage your internet presence, even for projects that aren’t mission-critical to your business, can save you tremendous amounts in tears and treasure. This kind of protection is one of the simple value-adds for our customers, and we hope we can share it with you and your organization in the future.