It happened to me – Here’s what you should know
Several weeks ago, I was thinking about hiring myself for a project I had in mind. Sounds crazy, right? That’s because it is, and I wouldn’t be doing it had I not been a victim of identity theft!
I’m sharing my experience with fellow freelancers because there is nothing crazy or funny about what I learned along the way. I learned my lesson the hard way, so you don’t have to. That’s why I’m writing this article and why you should read it.
It All Began With A Skype Chat
I was contacted by someone on Skype, claiming he hired me through a freelancing network and after some time working on a project, he figured out that that person was not as skilled as he claimed to be, leading the client to discover that the freelancer, in fact, was not me. The client shared every detail, contact and profile with me, and as I reviewed the information, I was shocked.
This impostor was intensely posing as me. His profile was filled with all of my personal information: My profile picture, stolen from Facebook, the portfolio and skills section, lifted from my Toptal profile, along with content taken from sites, namely LinkedIn.
How Does This Happen?
After further digging, I realized that this doesn’t just happen to a few random people here and there. It’s quite commonplace, and it’s become a significant problem. As in many other industries, this is considered stealing intellectual property in order to gain a competitive advantage, and it is particularly evident in the world of freelancing. Unethical people create profiles on open freelance networks, pretending to be someone with much more experience and expertise than themselves. They use the stolen profile to poach jobs, and set higher prices than they’re worth. Open freelance networks do not run thorough background checks on applicants, which means they have little control over the content their members put up online. In failing to vet their members, they create a platform that can be abused by identity thieves.
Clients looking for freelancers often take what is written in their portfolio at face value. They conduct interviews without visual contact, or simply place too much trust in people on the basis of online communication. This makes them easy targets for unethical people to take advantage of. They use fake profiles to land real jobs, and make real money.
How Do You Know If You’re A Victim?
For the most part, this is pretty straightforward. Simply Google your name, and search for yourself on the biggest freelance platforms. However, keep in mind that some platforms allow their users to remain invisible to the public, meaning you might have to create a profile on the platform, and log in before you can search. Again, this might not be enough, especially for people with common first or last names, since a search could yield many results. Identity thieves also use alternate spellings and make other changes to keep their fake identity under wraps.
How Do I Prevent This From Happening?
You can’t. At least not with 100 percent efficiency. So, what can you do? Well, you can and should take steps to protect your privacy.
No solution is bulletproof, but it doesn’t have to be. Your solution just needs to make every step of identity theft tricky and time consuming, in order to deter the attacker. In short, by improving your security, you’re forcing attackers to look for softer targets.
Here are a few simple solutions.
• Consider cross-pollinating links to your profiles on all public networks you use, email and email signature, Skype account, and so on. If you have your own website, link your Skype account, LinkedIn, Facebook, Twitter, and any other network you use.
• On each of these sites, clearly state that these are the only accounts you are using. If someone does a background check and realizes they’re communicating with a different account, it should raise an alarm and compel potential clients to request additional information (hopefully, from one of your real accounts).
• To further protect yourself, take some time to create accounts on various freelance networks, even if you don’t plan on using them. Making a duplicate profile on a network that already has your legitimate profile is difficult, and fraud is easier to detect. In the end, if a fake profile actually appears on a network, you’ll have your original profile with which to file a complaint.
Think of it this way: If you install a cutting edge alarm system in your car, that doesn’t guarantee it won’t get stolen. But it does mean that a car thief is more likely choose a soft, unsecured target instead, thus reducing their exposure to risk and increasing their chances of success.
The same principle of deterrence applies to online security. You don’t have to create a bulletproof way of protecting your professional identity; you merely need to take precautions that will make it harder to steal and therefore not worth the trouble.
All freelancers work hard for their reputation. Having someone pretending to be you can put all this at risk, and potentially cause serious and long-lasting damage to your professional reputation. Clients, who hire identity thieves, are victims of fraud, too, and once they realize that, they are likely to turn to you, because they don’t know who else to turn to.
You don’t want a stranger contacting you out of blue to ask about money sent to you for a job you never finished. But, sometimes it happens, and sometimes, the client will turn to you for help.
The immediate financial impact of identity theft on freelancing platforms might not seem that great, but the reputational risks are, and in the long run, they can cost you dearly. That’s why the industry needs to take this issue seriously, and take additional steps to prevent identity theft on their platforms.
We’re all in the same boat, and it’s about time we start acting like it.
Why My Lessons May Apply To You
Well, the answer is obvious—because it happened to me! At first, I laughed.
But after two weeks of back-and-forth emails with the freelance network support team, I got really frustrated. I kept receiving generic responses, claiming the platform was working on my case and thanking me for bringing this to its attention. At one point I asked to send them an ID scan so they could actually verify that I was who I claimed I was.
So, they verified my account, but it still didn’t help. I still received messages from support, stating that it couldn’t inform me about the outcome of the investigation because it needed to protect the member’s privacy.
This was downright wrong on many levels since I was the person whose privacy was violated. In the end, I had to dig deeper myself.
I found something called a Digital Millennium Copyright Act (DMCA) Takedown Notice. The DMCA notice is essentially a complaint any person can file if their copyrighted material is being used without their consent.
How do you file a DMCA takedown notice? There are some services that will navigate the entire process on your behalf, but these services aren’t free. If you’re not comfortable handing off your DMCA claim to a third-party, you can do it yourself, but you need to be patient and do some due diligence.
Step one: Locate the correct person to send the notice to. To do this, find out who the legal representative is at the company that owns the site with the infringing material, and also check where the site is hosted.
Next, see if the company/ISP has an online form for submitting DMCA takedown requests, and use those if possible.
If not, then you can file it in the email form. Companies have [email protected] email addresses for this sort of communication and you can use Headreach or Email Hunter if you need help. If you are asked to file it in a different format, or send it to a different email, comply with the request promptly since it’s the fastest way of getting it resolved. You will have your homework before you shoot off a DMCA notice:
• Take plenty of time to prepare your DMCA notice letter.
• Be pleasant: Do not argue. It will not get you anywhere.
• The notice should be signed by you, and it should contain details about the copyrighted material, such as who wrote it.
• Set aside time to prepare an additional document that details everything stolen from you.
• Include links and screenshots, such as links to your original work.
The more comprehensive you are, the faster the entire situation goes away. Remember to include all of your contact information, and an additional statement explaining the problem and attesting to the legitimacy of your notice
Should You Take Legal Action?
This is a tricky question.
Open freelance networks usually protect themselves through their Terms of Service (TOS), meaning that they are not responsible for the content uploaded by their users. Therefore they cannot be held liable, just like you can’t sue Facebook when someone creates a fake profile in your name.
However, you can take on the individual, who used your material and stole your identity. This leads us to an obvious predicament: Because the thief is pretending to be you, you don’t know his or her real identity.
While open freelancing platforms can help, it doesn’t mean they will help. In my case, the network probably knew who the impostor was—at the very least through his or her IP address and payment gateway account. But it wouldn’t share the information with me because “they need to protect their user’s privacy,” per their TOS. This means the burden of proof falls solely on you. I did consider a less conventional option.
I wanted to create a fake profile for myself, and offer a job to the identity thief, in hopes of learning more about their actual identity. I decided against it because that would make me unethical as well.
Here’s how clients can protect themselves from impostors:
1. Do the following every time you hire someone:
• Research the candidate. Google them, and look at all their online profiles. See what you can learn about their professional skills and experience. Further, check if any of the profiles you find link to the website/platform you found the candidate on. You can also consider using Headreach and Email Hunter to check the email they are using.
• Check the portfolio. Click on all the links provided by the freelancer. Don’t just look, check! See if those are live and functional websites. A broken link may suggest that the site went down at one point in the past, but also that it never existed. Therefore, if there’s not a link to a live website, then chances are it’s just made up. Or perhaps the developer cannot provide a link to some of her work due to NDA restrictions. Nevertheless, you can always ask her about it, without requiring the candidate to reveal anything that’s covered in the NDA.
• Schedule a video interview. If you schedule an interview, make sure it’s in the form of a video chat. Today, it’s considered common courtesy to use your webcam when speaking with someone online for the first time. It’s a way of getting to know each other, which is always important, because it builds trust. It’s just like you would get to know the candidate in person if they were applying for a non-remote job
2. Try the following, if you can:
• Get an expert opinion. If you’re an expert in the field you’re hiring for, you can properly vet the candidate, and gauge their knowledge and previous experience yourself. It’s not easy to screen technical candidates when you’re not an engineer yourself so get someone else to do it for you.
• Contact their former employers. Ask for a reference. If you contact four or five of their references, at least one person is likely to respond. You should be able to get a general feeling from their responses.
• Consider adding additional steps to your hiring process. When vetting “unvetted” freelancers, try to come up with open-ended interview questions designed to expose potential fraudsters. You could also try a more personal approach, and ask questions based on the freelancer’s bio: personal stuff that a fraudster might not have picked up.
My advice to clients hiring online talent is simple: Pay attention, especially when you recruit from an open network. If your friend recommends a freelancer, then you can be sure you’re going to be fine, but if you pick someone you found online, please make sure to set aside time for research and background checks. I am aware that this is a tall order, as every hour spent vetting candidates is an hour you could have spent on something more productive. To make matters worse, many clients turn to online hiring at the worst possible moment—when they realize they won’t be able to meet their targets and need fresh blood on short notice. However, the potential risk of hiring a fraudster outweighs the time spent on a reasonable background check.
Online identity theft happens all the time. In fact, someone’s likely had their identity stolen as you read this article. Let’s hope it wasn’t you.
A computer science engineering graduate from the University of Belgrade with both corporate and freelance experience, Relja also runs his own web development company. He is great at algorithm design/analysis as well as database design/architecture. He is an expert at Magento, for which he is certified for both front-end and back-end.
More info at toptal.