Andrew here. Connor, thanks for releasing this on the orange site.
This story is also more fun from my position. I've been applying to internships and interviewing every week. They're mostly rejections. They're the same questions over and over with minor variation (sorry to top comment for "impersonating" your comment style). My days are deteriorating from a colorful sphere down to two points. In fact, down to two pointers, left and right, iterating over a list of heights to find how much rain water it can trap.
I'm about to repeat the experience for the 10th time and I'm 100% on autopilot. But suddenly, a man reaches out to me on email and offers me up to $80/hr to be his senior engineer. This feels sketchy, my girlfriend tells me, "you're good but let's be honest here...". Anyways, I proceed, it might just be the start of a beautiful thing. I'm asked to interview as one of our developers because English is not their best language. I'm a little bothered, but I was fine with it. But then I see the developer name: Connor Tumbleson. My laughter bursts and so does my suspicion: With a name like that, no way the guy doesn't speak good English. I look up Connor Tumbleson on linkedin, and my suspicions were proved correct. I detail everything to Connor, and now this is on the top of HN. I lost a opprotunity but gained a story of the lifetime.
Messages are only editable within 2 hrs so I write another message expressing my additional thoughts and thanks:
As important as having integrity is a community that prioritizes and fosters integrity. The HN community skipped the fostering part and went straight to giving me referrals and interviews. I'm grateful, and I'll carry on the spirit when I'm in the position to do so. The opportunities I've derived are nothing but amazing, but the most important thing I've learned is to internalize integrity as one of my greatest strengths: In the face of adversity and unfairness, I'll stand up for myself and others.
Also, thanks for those telling me internship finding is going to get better. I am not pessimistic about it at all, but I was trying to be funny by "impersonating" the previous top comment, it fits the theme. I find myself maniacally focused when practice algorithms, and I enjoy focusing.
This whole time of writing this I have that one scene from Scent of A Woman repeating in my head: "And I have seen boys like these, younger than these, their arms torn out, their legs ripped off. But there isn't nothin' like the sight of an amputated spirit; there is no prosthetic for that."
BTW, why are you applying just for internships? I checked out your (non-forked) github repos and you're definitely better than I was as an intern. It's not senior engineer level, but you could definitely go for at least a junior eng position for sure. God knows we hire much worse junior FE engineers than that. Or are you interviewing for FAANG(-like) positions only?
edit: small tip though, I would rename the App2.js etc. files to something else, having multiple files named the same but with a number difference says a lot about experience level.
That is truly a piece of modern techno art, appreciated by a choice few (that'd be us). Thanks for reminding me. Also, pro tip to people who haven't seen it: the "best" answer is not at the top, so remember to scroll down. :)
Ha! You're good. I'm still in uni, so I am interviewing for internships (mainly for big tech companies right now since I had a taste at a IoT startup last year). Perhaps I am underestimating myself, but I'm in no rush.
Thank you reminding me about that diagramming and xml-parsing repos. Regarding the diagramming repo, that was honestly some of worst code I've written (2000 lined React class with 15 states). It's so bad that I put a warning in the repo and haven't gone back to it since. And regarding the xml parsing repo, wow, you really looked carefully! I however added a funny warning regarding this in the readme (https://github.com/BlastWind/xml-leaf-highlighter#design-dec...). I wanted to use regex since it was just a school project. Going to add an additional warning, thanks.
All the luck to you! You seem to have all the qualities needed to succeed in our industry, and some on top: not many engineers are this good at speaking. If you can wrestle with the technical problems well enough you'll find soft skills to be such a force multiplier it's ridiculous.
My kid chose this approach. He had a mix of startup and bigger (not mega-) company experience and chose FAANG internship because they have the infrastructure to make an internship productive. This was from some advice he received.
By "infrastructure" it's not just code (CI, tools, etc) but personnel, how they come up with projects, etc. New grads or still-undergrads may have a lot of programming experience but none on working as part of a team.
I've supervised a ton of internships, and was an academic before that.
The success of internships is largely preordained by the quality of the mentor. Specifically: careful project selection, good advising particularly in the first few weeks, and political/social capital to translate internships into offers (both at the company and elsewhere). Interns can screw things up, and in rare cases heroically rescue an internship, but the liklihood of a good outcome for the average intern is often preordained.
So the real advice is to find an excellent mentor. But that's really hard because you rarely know who the mentor is when applying. In lieu of better information, FAANGs and Better-than-FAANG (eg Jane Street) are a good proxy because they disproportionately pull individual contributors with significant experience mentoring juniors: PhDs, people who TA'd during undergraduate, etc.
Out of curiosity, which companies other than Jane Street would you consider "Better-than-FAANG"? I am asking because I am interested in internships, too, as I am currently an undergrad (in math).
> By "infrastructure" it's not just code (CI, tools, etc) but personnel, how they come up with projects, etc. New grads or still-undergrads may have a lot of programming experience but none on working as part of a team.
Fully agreed, the code part of the job is really only 20%. The rest is learning to do so in a team and business environment, which is actually much harder than programming.
I learned this in a startup however and would definitely recommend it to others. You learn less "the correct approach", but more or less get shoved into doing bigger things earlier since all the big guns are focused on some ungodly hard problem. So all the medium-hard problems get shoved to the juniors and interns. It's not the healthiest environment sure (I was doing 40hr/wks as part-time frequently), but if you can survive in it for a while you gain tenacity and a lot of skills that are hard to normally deepen until later.
Shout out to you for wading through the literal torrent of bullshit without the foresight of a blog post to expose context and with little professional experience to help inform you. You'll be a great asset to the industry but it can take a minute to find your footing. Be persistent and definitely keep this story around for beer Friday.
I remember being asked this during my interview at Google. It was the first time I heard it and I gave an answer that iterated over the list twice. The interviewer said that it wasn't good enough and I am only allowed to iterate over it once. He didn't let me write my O(2n) solution down so he returned a strong no as feedback.
This type of interviewing style is bullshit. It means the interviewer knows a better solution that is "clever" and expects you to either have the same cleverness epiphany on the spot or to have studied this question. Neither is actually very useful as a hiring criterion.
Guy Steele gave an incredibly interesting guest talk[1] at google about four different ways to solve this exact problem, and the fact that it's an interesting enough topic for an hour long google talk should probably be a clue that you shouldn't be expected to invent the best solution on the whiteboard in 40 minutes.
with comment that it could "be fully parallelizable and run fast on the GPU, as it's based on a couple scan (generalized prefix sum) operations". Some explanation in my reply there.
I have interviewed hundreds of scientists-engineers-developers, and I never use esoteric quiz questions or logic riddles.
I want to screen people for the skills that they will really need in their daily lives, so that's where I draw my pool of questions from. For example, processing data in the most simple ways (sorting, searching, extracting) quickly reveals if the candidates have actually _done_ what they claim they did. You'd be surprised how many Oxford PhDs struggle to write done a pipeline for extracting a simple word frequency list.
Now you might say "Maybe they're Windows people, or prefer Python." and my response is "I don't mind what tools you use - but you need to demonstrate that you can solve easy/common tasks on the spot, without wasting have a calendar day to re-invent the wheel."
Thanks for the link, that made for entertaining watching!
Curious that he gave that talk about parallelism in the end of 2015, and talked about how we'll engineer more systems to enable parallelism.
First question at the end was actually whether we can get this into existing languages because new languages are "notoriously hard to get accepted."
I'm currently learning Rust and now I'm wondering how the iterator map() and other "accumulation style" functions are implemented and whether there's a way to make these parallel, since the map() call treats things independently and a sum() could be done in the proposed tree style way.
Guess I have a piece of code to look up in the standard library :)
Not sure if there's anything in the standard library, but I recall this as the definitive library for data parallelism in Rust: https://github.com/rayon-rs/rayon
this could be a good question. There’s nothing wrong with a candidate giving some less effluent answer and then progressing up to a better solution with some small hints or discussions
If I'm giving this sort of question, I expect you to solve it in an obvious way, write the code for it, then talk about potential improvements. Writing it twice while having an epiphany between the first and second is simply not reasonable. And selecting for candidates who have studied these problems well enough to already know the optimal solutions is not going to get you good developers, it's going to get you leetcode champs. If you're building a competitive leetcode team, then great. If not, you're just focusing on the wrong hiring bar.
It happens… I’ve chastised an interviewer before. Their job was to identify:
1) Can the candidate do the job?
2) Will the candidate do the job?
3) Will the candidate work well the team?
Their job was not to emulate FAANG, intimidate the candidate, or see if the candidate studied Leetcode.
I know it probably feels a bit hopeless now but trust me.
If you learn to build things, provide value, you will have 100s of recruiters reaching out to you and you will mostly be rejecting offers for a change :)
I have no doubt reading about you and seeing this comment in a few years you will be more than set!
Andrew - you the sort of person I would love to have on my team. Alas I more hardware engineering than software. I hope the community here can give you some good leads and tips.
Shoutout to you sir for being honest and reaching out your fellow peer!!! I am sure you will have a great career and now you have an epic story to tell over beers with friends!
Hey Andrew, I am sure your integrity in this situation will be rightfully rewarded. You come across as a great hire not just in the matter of integrity, but also in the humble/honest description of your skill level and experience. I can see you finding that internship entirely on your own, by simply walking into the next interview confident of how valuable someone like you would be to any organization.
<sarcasm> Plot twist. The same organization is pretending to be Andrew to get some work opportunities </sarcasm>. But seriously, its a breath of fresh air to see someone displaying strong ethics in the face of adversity (losing a job albeit a fake one pays real $$). Trending on HN first page will open a world of new opportunities. Good luck.
I wonder how many people in your position smell something rotten, but instead of trying to contact the "real Connor" just delete/ignore all the messages because they don't want to be part of even a bigger scam. (What if everyone is in on it, and they're trying to scam you somehow?).
drop me an email if you are still looking for an internship breck@pldb.com. we usually use the rainwater question for our interviews but will have to try something else since you already had it
Low. Much too low. Going rate starts in the low 100s and has no super hard cap.
80/hr overseas, or in less urban parts of the US is pretty standard. I’d question the reason for staying, though, since finding higher paying remote work is pretty easy these days…
Email me at my HN username at protonmail dot com for a referral to Dropbox's internship. Love the integrity and drive to get to the bottom of a strange situation.
This story is much more fun when you come at it from the interviewer's position. You've been doing interviews every week. They're mostly rejections. They're the same questions over and over with minor variation. You're about to repeat the experience for the 18th time and you're 100% on autopilot. But suddenly you're in a spy thriller. This is the greatest thing that's ever happened.
Is it a good legal/corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate? Holy fuck, no. Is it going to be WAY more thrilling? Oh my god yes; how could you not?
> Is it a good legal/corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate?
Consider the situation from the perspective of the interviewer: They don't have all of the background we did while reading this blog. They haven't even had time to process what Connor #1 said by the time that Connor #2 arrives.
The decision to hear them both out for a few minutes is reasonable, IMO. At that point in time, Connor #1 could have been lying as far as the interviewer knew. Letting them both exist in the meeting immediately cleared up any confusion.
Letting them both in the same room at the same time was probably the safer thing. Maybe there’s an argument, or maybe one bounces, clearing it up.
But having one person hide is riskier. It means a random person could eaves drop on my interview by just pretending to me and telling this story.
I mean, super cool though. I imagine my adrenaline would be going as the interviewer. I’d probably chill out when I realized this was identity theft with extra steps, not a Kyle Reese situation.
Stalkers gonna stalk. The “all of this” would just have to be getting the interview link/time (calendar or email access) and then showing up a bit early to tell the story.
It is very very unlikely and I don’t judge the interviewer for how they handled it.
Oh, I'd be so in to take part in this drama. It would probably be one of the most memorable job interviews of all time.
And I doubt there would be too many legal or corporate ramifications from allowing someone else to be on the call with their camera off. These are contractor positions, not full-time. Frankly, it's a risk I would take to be able to witness this sort of thing in real-time.
Eh, don't bet on it. What if #2 was real, and #1 was someone stalking #2? Or an abusive ex?
If #2 doesn't get the the potential job, they could come after you for all sorts of things - emotional damages, economic damage (from not getting the job), etc. They might even be able to get the court to force you to give them the job, or at least waste years of your time and mental health dealing with legal hassles.
It's hilarious and awesomely entertaining, but don't do it if you have assets someone could go after, as eventually, someone will.
I mean, you're hiring a contractor off of Upwork, not from a reputable consultancy (to be clear, I'm sure established consultancies do shady shit too, but the risk profile is different), so I think the risk is pretty small. We're talking edge cases on a scenario that is already an edge case.
Yeah, I have to imagine they might be using a group account on Upwork and then misrepresenting the coder as a part of their team, but I don’t know enough about how Upwork works.
I posted about this blog post on Twitter and was directed a Reddit post [1] showing how little Upwork seems to care about fake reviews and stolen work product, so it appears Upwork has a history of ignoring fraud, regardless of what their terms say.
Scammer can open a bank account using a fake ID for Connor.
So they hire the real Connor but money goes to a foreign country, to an account owned by the imposter.
I think the fact that it's a zoom interview changes things.
Even if one of them is stalking the other, it's not like they're physically in the same conference room together. the worst they can really do is yell at each other.
Now that I think about it, I bet you could put together a pretty successful YouTube series of messing with zoom interviews in ways just like this. Get someone's identical twin to join the call and make them fight over who's the real one. Bring time travel into it. Make outlandish demands of the interviewer to prove that they're not a Zorblaxian spy.
Not Zoom interviews, but there are Youtube videos of people messing up with other people on Omegle, with a fake skip screen. From the point of view of the pranked, what happens is they get to someone that ends up skipping them, get a different person, and the previous person shows up in the background or something.
I get the sense that "real Connor" must have been extremely good at concisely explaining the situation and giving the interviewer exactly the information he needed to believe real Connor and understand the situation. It made me think of one of those movies like groundhog day or "source code" where someone has multiple tries and eventually comes up with the most efficient possible thing to say to get someone to trust them. Well done!
An interviewer whom asks all the same questions is better suited in HR or hiring accountants. That's called a quiz, not an interview.
When interviewing, you do an actual interview, which is where you research whom you're interviewing to gain good questions to ask so you get good answers back.
The staleness and bore of interviewing is entirely the fault of the individual. Especially when they think whiteboarding compsci topics is meaningful.
I feel like this PND thing might just be an agency for the folks on https://www.reddit.com/r/overemployed to outsource the acquisition of their 2nd, 3rd, 4th jobs.
In 1996, my employer got a contract to work with AT&T to build a website that provided regular event updates from the Atlanta Olympics. In 1996, this was a very big deal, such a newish concept that the project was written up in AdAge or some similar industry magazine.
A few months later a prospective junior engineer came in for an interview. My manager asked him the typical "tell me about an interesting project you've worked on lately." He then proceeded to describe in detail the very project we had just completed, even referencing the magazine article about it (he must have forgotten he was interviewing at the company mentioned in the article). At the end of his presentation, my manager said "That's interesting, because here at X, we just completed that project."
Awkward silence. Then the interviewee got up and said "I guess I should go now." My manager said "Yes, I guess you should."
Impersonation of this sort can be simultaneously disturbing and somehow comical. It isn't a new phenomenon; I'm not decided on whether I believe the information age makes it easier or more difficult.
What a small world! Unless you are also making up that story (which I would get a huge laugh out of) I'm 99% positive I was in the room with you when this happened. :)
Are you the guy who installed unlicensed Novell Netware servers at the Atlanta Olympics? I clearly remember those weeks, all of the Netware servers at IBM were beeping during the Olympics because someone had installed those unlicensed servers in Atlanta.
Probably not you though.
I hope Andrew [0] — the college junior with morals who blew the whistle on the attempt to get him to impersonate the author — gets an internship or job offer out of this; he apparently was having a hard time with that.
The author's sleuthing is reminiscent of Cliff Stoll's The Cuckoo's Egg from 1989. [1]
Perhaps at the end of the day that's what the scam was about, getting Andrew an internship. I mean if I was writing the movie that would be the twist at the end
> I hope Andrew [0] — the college junior with morals who blew the
whistle on the attempt to get him to impersonate the author — gets
an internship or job offer out of this; he apparently was having a
hard time with that.
Excellent point.
I've been wondering about ways to test students on "trust/morals" and
decided its one of the most valuable yet least well understood
qualities. Employers generally rank skills, knowledge, salary, even
age/gender/race above dependability/loyalty, or barely consider the
latter at all.
Other than lengthy vetting and imprecise security clearance procedures
this is such a hard quality to discern, and so costly when you miss
the mark. The costs of defection, industrial espionage, and sabotage
seem poorly quantified in HR. I think a corrosion of work relations
has come about from devaluation of workers qua humans, and the
corresponding disrespect people have towards their places of work. Is
that inevitable under capitalism/efficiency?
And, harder question... does it even matter? Especially once AIs and
remote agents take-over many jobs? Does a corporation care if the
worker is an imposter and liar who abused a false identity to get the
post, so long as they produce working results?
Is there a kind of moral Turing test here? What do work relations have
to do with human-relations in the limit of the present trajectory?
In fact, it seems to actually count against me, as I'm sometimes accused of being "snobby."
Ah, well...
STORY TIME:
A few months after I had been promoted (the first time) to a manager, one of my new employees was hired by my boss' boss, while I was out on medical leave.
When I got back, I found out that he had made a promise to the new (now hired) employee, that he was not "legally" allowed to do, and had to let the guy do it (because he promised).
He asked me to sign it off.
I declined, sure that my job was in jeopardy.
Surprisingly, he took it well, and it was never mentioned again (until now). He actually had a lot of Integrity, and was uncomfortable with it (it was a mistake; not deliberate).
I once had a job where my manager asked me to fake some results to deceive a customer. I refused. Later the manager apologised to me and upon reflection agreed it was wrong, and the matter was never brought up again. But I had a better relationship with that manager after that.
I've simply asked candidates 'tell me about a time you had to make a moral judgement'. I'm kind of surprised that it's not a more common question, but of course that makes it work - truly immoral people would have a made-up anecdote if it came up regularly.
I remember in one job the company had a set of questions we had to ask candidates on top of the technical questions. One of them was “what would you describe as your biggest weakness?”
I always grown when I have to ask that question because you always get some stupid answers where people say things like “I’m just too organised” or similar spin to make a negative sound like a positive. Frankly I can’t blame them because it’s a ridiculous question to ask.
However this one candidate not only listed off one flaw but three of them. I remember thinking “shut up, shut up, shut up. You’re not supposed to answer this honestly!”
However this ironically turned out to be the reason I hired him. I figured if he is that honest and able to identify his flaws then he must have a good work ethic.
He turned out to be one of my best ever junior hires.
I tend to coach the question to prevent people from giving it a softball, with something like "I have certainly caused my fair share of crisis, what I'm interested in is the experiences you ..."
It's an adequate test to filter out folks who are simply incapable of accepting responsibility for their actions, or who have yet to really shoulder enough responsibility to meaningfully fail.
I'd have thought a lot of completely regular candidates would be a bit stumped by that (especially since many non-trivial moral judgements are personal life stuff that's really off limits for interviews)
Although maybe that's the point: psychopathic candidates end up making up fairly unconvincing heroic stories whereas regular people look a bit confused and maybe mention something they didn't do because they couldn't trust it was legitimate or ask if their decision to volunteer their time for $cause counts.
I think it goes without saying that interview questions are asking about your work life,. altho it might help if the interviewer specifies that anyway, i.e. "Tell us about a time you had to make a moral judgment at work"
The point is more that "moral judgements" like the time you pointed out that the company might violate the AGPL might actually be good stories to tell an interviewer if you've lead a drama-free working life building CRUD apps for regular employers, but are pretty hard to recall when the first thing the words "moral judgement" bring to mind are the time you had to stop interacting with X because they did Y.
How would you like to constantly wonder if Steven in HR, who has enough of your personal info to take out loans in your name, can just vanish tomorrow without a trail?
Also - how likely are they to be able to continue doing so, and how much of my companies sensitive information is being leaked to who knows where by whom? Including data that opens up the company to some giant liability lawsuit or PR issue later?
I submitted my own blog here, but then my intentionally configured HN timeouts locked me out. I was wondering why my little Linode was dying.
Yeah this was an incredibly odd and creepy experience that I continue to investigate here and there. I really appreciate the interviewer for letting me stay on and confront the imposter.
Username seems familiar. I have spent a lot time with your apktool, few years ago. For the first time, I saw your real name and photo. Thank you for this amazing tool.
I'm a US-based accountant who is currently interviewing for his first job in software and I was approached by someone on on LinkedIn about an opportunity. Seemed fishy, but figured I could risk 15 minutes. The person set up a meeting between me and a Taiwanese Developer for this exact thing. He said he had 7 years experience and had a contract drafted for he and I to become "business partner" where I would take the meetings and he would do the work for a 30/70 split. I told him, morals aside, that I didn't have the credentials to get into the jobs he would want and pointed out numerous obvious issues like in-person coding, etc.. He said he was ready to make a fake LinkedIn and had this whole operation planned out.
Seems to me like there is a whole operation around this business model of exploiting US developer salaries and the morality of a few Americans willing to try and make a dollar for free. Honestly more disappointed in the people accepting shady deals like this than the ones offering them.
if the company gets decent work, the non-US participant gets better (and fairer, globally) pay compared to what they'd get locally, and the US participant takes care of the "soft" side of the operation... who's getting hurt?
I can't deny that something smells skeevy about this and I don't think I could ever trust a random foreign developer who I haven't built up a solid relationship with to execute reliably "as me" in the coding side of a role. But if I had a good friend from college who couldn't get a VISA to the US? I dunno, I might be tempted to collaborate. If everybody wins, I'm not sure it's inherently bad. But maybe I'm missing something.
Everybody wins until the tax man comes knocking for all of the dollars owed, or when "Connor Tumbleson" gets flagged as a terrible employee when all those copy-pasted qualifications don't line up with reality and the work is mediocre. As reported elsewhere in these threads, the credentials and interview process are all worked out upfront, the interview no long becomes a valid test of qualifications for the position.
This entire scam can be done entirely legally by subcontracting the work to your foreign friend, if your clients allow for that; if the end result is of decent enough quality then I don't see why they wouldn't. You'd be on the hook if they mess up, but the same is true when you lie to your friend's employers.
However, these people choose not to go the legal route, instead relying on lies and fraud. They go as far as to hire others to do part of their lying just to get into a company.
Personally, I'd call the authorities the moment I'd find out an employee of mine has been lying about their qualifications and experience from the very first day to fake it through the interview. You cannot trust someone whose entire career is built on top of lies, or someone who actively enables such behaviour.
I'm not sure if these people are a small step up from the call center scammers because at least they deliver something or a small step down because they're supposedly capable enough to do better. I'm sympathetic to the third world programmers that have the capabilities to earn some of the absolutely insane wages American programmers get paid, but I completely oppose the large-scale fraud these lying-as-a-service middlemen employ to make money.
>I'm not sure if these people are a small step up from the call center scammers because at least they deliver something or a small step down because they're supposedly capable enough to do better.
This is what I don't understand.... They have the skills (supposedly).. I mean sure, if they are foreign developers they wont always be getting the best pay or opportunities in their own country... But I have never seen a startup shy away from hiring foreign development teams in the past, so long as they do good work. I have a hard time believing they are competent enough to do good work, but with a complete lack of valid, legal and morally sound opportunities.
I also have such a hard time believing this type of fraud is actually all that profitable or pans out successfully often enough to make it worth it... Are companies really doing that little due diligence?
On the flip side, I also hate that the interview process for valid candidates is turning into a 3 ring circus of hoop jumping because of scams like this. Companies really need to find the right balance between due diligence and not making interviews absolutely absurd and insulting.
What do you think the likelihood that they have skills actually is? If this was just "I have poor english language skills" then they could at least point companies at their real portfolio of code. And somebody who has poor enough english skills that they need to hire a fake interviewee is not going to be able to write effective documentation or communicate with the contracting company when requirements change or need to be clarified.
Could be competent but do a shit job at 3-4 places at once, wait for the onboarding to end and move on to the next target, then let the US counterpart deal with the fallout. Sounds like decent money for not a lot of work if you can swindle enough candidates.
And also let's face it - you can get away with 1/3 effective work time in most places - especially if you have someone making excuses, socializing, attending this-should-have-been-an-email meetings for you full time - and for a 30% cut.
But they are not accountable. If things go bad it does not affect their reputation since their id is fake.
They could be criminals who want to plant malware into your product. Or steal your passwords. Since they're working under false id in another part of the world it's hard to arrest them.
Employers are willing to pay a bigger salary if they think they have someone in the same country under same jurisdiction.
IANAL, but it'll be the Feds. Wire fraud. Ultimately somebody pays some money. It's across state lines. And it was done fraudulently. It will be the US person that gets hit for it.
The person being impersonated. Someone is out there pretending to be them. This person is known to be willing to do unethical things. (Who knows, maybe they're also infiltrating the client's network and stealing data, installing ransomware, etc.?) Furthermore, how does the person in the US pretending to be the developer get paid? Do they actually get paid, or is that a scam, too? At any point does someone write a check to fake developer in their name? Does the IRS see that? Is the real developer now on the hook for taxes on that? There are numerous things that could go wrong and hurt the developer being impersonated, the person doing the impersonation, and the client.
Good points about the person being impersonated subject to (completely involuntary) risks. I probably should have phrased my question to specifically ask about situations where the impersonated is involved and asked to participate in the scheme. I would agree that it's not OK to just... start using someone else's identity without permission.
In sibling comments, some other great points were made about the risk profile for the company if you do this without their knowledge. I'm less convinced that I should care about risk towards the company, but from a legal standpoint it probably holds up.
This is my concern here. Sounds like a new worse version of identity theft.
The most powerful players are not part of the con but they benifit from it.
The gov gets its taxes. The corporation gets a worker that does the job.
In cases like these where the victim is only indirectly robbed the powers that be are not very responsive. Double so when the enforcer (IRS) is also indirectly benefiting from the crime by having your taxable income jacked from 23% to 37% because there are several people with real jobs working under your name.
I already feel bad for the first people to have to deal with this legal situation. It will take years for the IRS to wake up and do something about it. Meanwhile their lives will be wrecked.
The worst part might be that no one will really care. Since this is targeting tech workers that are by many considered to be privileged and over compensated. People will just sarcastically say things like boo whoo did you get over taxed, you'll find a way to deal with it.
There's a related scheme that I've seriously considered a time or two.
I'm a pretty good software engineer, and they pay me very well, but I've got absolute shit executive functioning skills. Task management, remembering to email people back, and the like are challenging to me. It has occurred to me that a full time personal assistant in my area typically makes about $50,000/year. I think there's a decent chance that, with such a support, my own salary could go up by $200k or more over the next couple of years. I've frequently entertained the notion of hiring someone to basically support me in my job without telling my employer, since there's zero chance they'd get me such an assistant and similarly zero chance they'd let me pay for my own.
I wouldn't ultimately do it because, y'know, all the dishonesty involved, but it'd probably be a good deal for everybody involved. My employer gets better work for the same money, my assistant gets stable work, and I get promoted.
I'm interested in the idea as I'm also shit at executive functions. I've never thought about it this way before though.
Sibling comments mentions that delegation should be basic in modern society, but I can't help but wonder why the following is true:
> ...since there's zero chance they'd get me such an assistant and similarly zero chance they'd let me pay for my own.
Instead of allowing everyone to delegate we somehow fixate on getting the all-in-one package super employee. I'm curious if the HR complexity is the reason to avoid this.
Say you do it... the company pays you $100/h (making up a number to do math) and $70 of that goes to the person who does the job while you keep $30 of it.
Guess how much gets reported to the IRS that you're making and how much taxes you'll owe on that $100/h.
Next there's the fraudulent representation of who is doing the work to the client.
Lastly, there's the "this is a form of money laundering" and you're taking a significant role.
When this starts to unravel, you're not going to come out ahead.
I’m not in the US, and playing devils advocate here: but don’t most employers withhold tax at source before paying to the employees? Ie your 30/70 cut would be net after tax.
Or if it was a contracting scenario, wouldn’t the US person be able to claim the 70/hr as an expense against taxes? Since wages are a valid business expense if you are outsourcing.
I use the term wages loosely here. The IRS does not consider wages/salary performed by people fully living outside the US (except US citizens) as wages within the US tax system, and so is not taxed by the US.
So it really comes down to how the agreements between parties are structured.
If you are a contractor, you are likely doing your own taxes. If you are a FTE (Full Time Employee) the approach of "sub contract it out" gets you in much more trouble.
As a contractor, the company tells the government "we paid John $200,000 for work at $100/hour and 2000 hours" and then the government comes to you and says "You were paid $200,000 and the federal tax on that is $40,811" (and the state comes and says that their rate will be another $15,000).
If you are acting as a contracting company rather than an individual, then the company wouldn't have said "we paid John" but rather "we paid JohnCorp" as the business to business invoicing is different than working as a contractor.
You sent the money out of the country - the IRS doesn't care too much about that. You got paid $100/hour, that's the end of the story from the IRS's perspective as an individual filing.
In the examples given in this thread it is about an individual farming off some (or all) of the work to another person and presenting the work as their own to the company. This is a different arrangement than a "I am the liaison / representative for a team of people who work cheaply for me."
I think that the key point is, this kind of thing _is_ legit, if you are honest about what's happening. The dev is foreign, we have a local project manager to handle communications. This is not uncommon. If you are a foreign programmer actually able to program, this is how you would do it.
If you DON'T do it this way, but instead get an actor to play a local dev, then it is because you cannot actually program, and therefore need to borrow someone else's identity to get contracts.
I’m kind of at a loss that these propositions would be taken at face value. Imagine for a moment that these “talented web developer groups” whom you are essentially representing with your name attached to them are bad foreign state actors in disguise. Imagine what would happen to you if some malicious piece of code made it on some website processing personal information, payments, or worse. It’s eye-opening and really terrifying people don’t even consider this possibility, in 2022.
From the perspective of the company, there's immediate concerns around sensitive information, intellectual property, corporate/government espionage -- none of which seem unlikely in positions premised on flexible morals.
IMO if there were registered/regulated, established services that filled this need and handled the VISA/background check process then I wonder if companies might be willing to work with overseas developers more.
It's the impersonation of real people that is the danger here. If they were generating fake people, then perhaps it might not be so bad, but as it stands there is legal, reputational, and possible other types of damage at risk to the people being impersonated
Apart from the identity fraud and the issue of trusting a random person you don't know, the situation sounds similar to an outsourcing company. As a developer you are in a good position to evaluate other developers on their skills too.
It's generally all the OTHER details that people conveniently skim over in these descriptions that get people hurt, or the less obvious exposure to unexpected risks for the counterparty.
As a (pretty common) comparison - if a gay man marries a woman, has kids, does the whole couple thing and blends in, but periodically goes to clubs or gay bars, or has a boyfriend on the side, who are they really hurting?
What about the equivalent straight man with a mistress on the side? Or two? Or the woman with a side man?
Well, as long as everything goes perfect, I guess just themselves by pretending to be someone they aren't most of their lives and having to lie to everyone every day. And certainly the cards have been stacked against them in a great number of societies and environments (to the point of death penalties in some cases if they don't hide), so it's hard to blame them for hiding doing it in those situations if they really can't stop.
But it almost never just goes perfectly forever does it? Eventually, either someone finds out (and now they're exposed to blackmail risk, or a bitter divorce and lots of bad publicity), or someone gets sick with something they shouldn't have been able to, or pregnant, or whatever. There were a decent number of counterparties in supposedly monogamous relationships over the years that have gotten diseases they should not have been able to get, including HIV, from this type of stuff. It can trigger severe emotional trauma in people. Folks get killed over this kind of thing somewhat frequently.
From a corporate equivalent, think - traceable customer information leak. Or attackers get control of the corporate network through a hidden VPN endpoint configured to allow these contractors in to do things, and do things from crypto-ransom the company to outright rob the company blind.
An acquaintance at a company I only briefly worked at years ago got busted for siphoning MILLIONS of dollars through phony affiliates he'd setup at the company. He was in charge of the affiliate program. I never cared for him, and wasn't particularly surprised, and was part of the reason I left once I saw what I had gotten myself into, but it was a good cautionary tale.
The company had been really happy with overall performance, they just hadn't noticed the extra 'tax' they were paying him until he did something else sketchy and they started looking closer.
The reason to avoid doing sketchy things, is because they inevitably have hidden costs, from cognitive overhead from constantly tracking all the lies, to real risks of extreme bad problems that others are being exposed to. It's often lucrative enough however, that there is always the temptation.
It's why 'sunshine is the best disinfectant' is still so true.
After all, generally if everyone was actually comfortable with it and it's side effects, there would be no need to be sketchy about it.
I knew immediately it's Upwork. This is extremely common on there. The main reason is because developers in Western countries can demand higher rates. Just watch out for the red flags: mismatching LinkedIn experience, no camera during interview, incorrect accent, etc. Don't trust the reviews because accounts are routienly shared and/or sold.
I've had some fun with this before where a developer with a clearly Chinese accent, and of course no webcam, posed as German (mispronouncing his own name) and freaked out when I switched to conducting the interview in German. Of course I notified the person whose identity he stole and reported the profile to Upwork, but it's a drop in the bucket of the scams.
"Incorrect" here means the accent not matching the name. For example, it's unlikely that a person named Connor Tumbleson, who according to their resume was educated and has worked in the US all their life, would have a Chinese accent. (Not impossible, of course, but unlikely.)
Someone messaged me on reddit once, and straight up asked me to do exactly this. Below is the message, but I haven't included their name because I think they were at least trying to seem sincere.
---
Hi, hope you're doing well.
We are looking for a professional interviewee. I'm not sure if you've heard similar thing somewhere. We are a talented developer group specialized in web and mobile software development. We have partnerships with US people and deliver our service to clients by pretending to be US developers. And we share profits with them. Our partners are satisfied with this business model.
Everything is perfect except on one thing. It's just the interview with clients. Normally in the interviews, the clients ask us some technical questions to see if we are able to deliver the service they expect. Because we are not native speakers, we are suffering from taking the interviews and many clients are passing by us even though they can get what they want. So we want a native interviewee and hope you are interested in this model.
Please let me know if you're interested in further discussion. Thank you!
If it were really true that this development group could deliver according to client expectations, they would do what many other groups do: form a consultancy and hire an English-language speaker not as a fake interview candidate but as a liason.
I worked with a firm that did this. Basically, they had one project manager who could speak decent English and about six developers who couldn't. The English-speaking PM was on calls with us, and then he'd farm out the work to the developers.
It was a win-win, because their group was getting work, and we were getting decent results at a discounted rate compared with on-shore resources.
But it's pretty clear that anyone looking for fake interview candidates is not actually planning to do that. They're essentially counting on the fact that it takes many companies a little while to get rid of a bad hire.
I think the main factor that drives the alternative model is that a lot of people with jobs that could theoretically be undertaken by offshore agencies advertise for an onshore individual (sometimes because they have very strong reasons not to want to offshore, but also sometimes because they haven't considered it). So there's a bigger market of better paying gigs out there for a "candidate" than an "offshore agency" (considerably better if they can actually deliver the work). Not that this particular entity seems to have had much ability...
In the grey area, there's still a big difference between a liason taking on a load of freelance contracts for the farm under his real name and intermediating comms without ever mentioning there's actually six other people he's never met doing most of the work and identity theft to take on remote full time roles involving work they probably can't handle.
I interviewed one guy that seemed to fit this description -- he didn't speak much, and when he did his accent was strong. He had someone with him, that seemed to speak on his behalf.
I've heard of large consulting companies that do a "bait and switch" where the client initially talks to a fantastic technical person prior to signing a contract, then never hears from them again.
Similar to large law firms; a senior partner closes the deal, and then they shuffle you off onto an associate fresh off the bar (who often still bills out at the full senior partner rate!)
Sometimes law firms don't even really disclose who's doing the work, and sometimes in their invoices they'll have a paralegal's initials under the "Atty" column.
This is sometimes true even for very large and reputable law firms.
Every solution architect/ pre sales engineer you talk to before the ink is signed isn't there to do the work, they're there to build trust and confidence that the other folks who can't talk to a client are just as talented.
Also you definitely hear from us again as we bill 4 hours a week or what have you for "Quality Assurance."
There are some legal sensitivities here: the company is hiring a vendor to provide a service, and risks co-employment issues if they start managing the vendor's staff in any way, including interviewing them.
This is standard operating procedure with large Indian outsourcing-companies.
Get the contract using great people. Before the ink on the contract is dry, send in hopelessly underqualified staff. By the time the client finds out, their "old" internal resources are long gone, bonuses have been paid out to management for reducing cost etc.
i work for a consulting company and prefer to cradle-to-grave my projects but it makes it hard to move up the corporate ladder. I'm working on a proposal now for a large project that will span at least 3 years. If I ask to get staffed on it then i know it will get delivered as sold and I may get promoted at the end but definitely won't get promoted during the project. On the other hand, if i'm an author on three or four wins for large projects over a year then i'm much more likely to get promoted regardless of how those turnout at the end of their schedules.
Wow. This is creepy. Props to the interviewer for allowing the real Connor to stay on the interview and observe.
This is one of my big problems with LinkedIn. We put so much information out there in public, it’s really easy for people do do this. That information can also be used for things worse than applying for jobs.
I think small companies hiring freelancers are most vulnerable to this. In the UK at least companies have to carry out very strict right to work checks, including passports, National Insurance numbers, etc.
A company I was working for wanted to bring on a couple of freelance devs for a short-term project and I had to handle the interviews.
I ended up uncovering a whole scheme where an experienced dev in the US would hop on the calls/video interview and then the actual work would be handed off to some other people based overseas.
If you tried to contact the “dev” for something, your call would be routed to a google voice number and you’d receive a text message in somewhat broken English shortly after.
Their scam only lasted a few hours with us, but I often wonder how well they are able to pull this off.
I was once pulled in to observe (in the “are you seeing this shit?” sense) an interview where someone off screen was answering questions and the person on camera was moving his lips. I’m not sure if they wanted me to share in the joke, or verify that there was no form of latency that would make lips and audio fail so badly to line up. I’m pretty good at pattern matching. There was no pattern. It was two guys pulling a fast one. Or at least trying to.
This was an outsourcing group. In the grand scheme of things, “white people are stupid” is not entirely wrong, but there’s a line you know. And there are lines beyond that line. And then there are these assholes off in the distance.
Had similar while hiring for a Sr Dev. The person who first joined the call was not able to articulate any of the frontend or backend work they had done at the previous contracted company.
Call goes static, call drops.
"Person" rejoins. Who is obviously a completely different person who was able to thoroughly fill in the previous details missed.
We ended the call there. Mistake: didn't require video for the session when the first individual proclaimed they were having issues with video.
I’m floored by this. We have a sr engineer who conducted an initial technical screen and swore he saw this happening, the person on screen moving his mouth while someone else talked and wrote the code. My managers recounted this story to me, laughing because they thought the suspicion was ridiculous and that the interviewer was just being paranoid (they had not been on the call). Turns out he was not paranoid…
> Sounds like they’re stealing that salary, not earning it.
On the contrary – if someone has been at a company for 9 months & had terrible early reviews, the company had about ~6 months to deal with them. In my experience, truly bad hires get lukewarm 30 day feedback, negative 3 month feedback, and are on a PIP soon after.
If you're there after 9 months, it suggests you've demonstrated some level of value to your employer.
I can assure you there are plenty of underperforming, incompetent and even flat out absent employees cozied up in hidden little niches at all kinds of companies that don’t let them go for a variety of reasons.
This is amazing. I wanted to add one thing. I noticed after reading the full blog post, and scanning through all the HN comments here, that there has been actually no mention, as far as I can tell, from any parties involved, or even any commenters, of any intention to make a police report.
Now, I understand not trusting the police, and often it's more trouble than it's worth to deal with them. But this is a situation involving identity theft, which is a very serious crime. I realized that this is an international situation and the local police probably cannot do much, but at some level of policing, be it the FBI or even at the international level, this feels like something that should be reported. Even if nothing can be done, in the worst case it's useful that the police be made aware of new trends in identity theft; in the best case, they will be caught. These people are organized to perform identity theft, which is literally organized crime -- I hope they are aware of the risk they are taking doing this.
Lastly, unrelated to the above, but just a random social aspect of this; it's clearly an interesting and unexpected result of location-based pay. The only reason I can think of that a group of people would organize something like this is because pretending to be native English speakers and presumably pretending to be US- or Europe-based will automatically get them a higher pay scale. (If I understand correctly, they are possibly a team of programmers in some other country, and are offering to actually do the work, but just pretending to be other people while doing it in order to get a higher paycheck.) Not making any judgement here regarding location-based pay, although that's an interesting discussion for another thread, but in today's remote work environment, new kinds of fraud are definitely an interesting consequence to be on the lookout for. Fascinating, and dangerous.
You vastly overestimate the degree to which the police give a shit. Unless there's an actual financial loss or threat to life, they don't care. This barely qualifies as identity theft anyway; it's attempted fraud.
They won't take a report of your phone number being spoofed, but they'll deploy SWAT teams to unsuspecting houses at the word of bored teenagers.
Do you know the imposter's actual identity? What would you even report? If the perpetrator is international, what are your local police even supposed to do with this information?
You might have a little better luck with the FBI, but if you don't show up with hard evidence (i.e. do all the work for them), you won't get anywhere with them either.
All of this goes to show you why this sort of scheme remains successful. Nobody cares. Fraud is just an assumed risk.
Yes, the police are definitely the wrong group, as their jurisdiction is just local or state, and almost none would have much a clue of how to proceed.
However, the FBI might be very interested. While these situations may be just be a couple of friends scamming, it could also be the tip of the iceberg of an organized crime operation or an espionage operation. Many countries are actively working to get inside American corporations to steal both their technology and anything related to any govt work and secrets. There is not much better way to gain access to the network than to be able to login as an employee.
Even if that one case alone isn't that interesting to them, having the data may very well help crack a much more important NatSec case. Gather the info and report it.
I understand. But you don't really know if you don't even try to report it. And on this case.. I mean, this has to do with taking in income while posing as someone else, which ultimately affects the IRS, so I suspect there might be more interest at the FBI level than you think.
But who knows. I'd be curious to know how common this is / is becoming. It's certainly novel to me.
If you still have faith in the system, more power to you. You seem to think all these three-letter agencies exist to help each other. I shared your optimism before I started having to deal with them on a professional basis.
The most the FBI will do with such reports is, if substantive enough, occasionally tip off industry partners to current trends from two years ago. Useful intel, but woefully outdated.
The hardest part is even getting them to listen to you in the first place-- you need to bring them hard evidence and facts. Like taking on sprint tasks you know you can't achieve, they will not take on cases that cannot be resolved.
I really doubt they care, the juice just isn't worth the squeeze for them. Its an incredibly difficult crime to prosecute for, even if the people were operating in the US, which they almost certainly are not. They really only care about the highest of high people cyber crimes (silkroad, anontalk, lulzsec, etc), because it takes a dozen or more agents months to years to resolve a single one.
Generally when it comes to this sort of stuff, if you cant hand them all the evidence with a bow on it, they don't care unless it involves an imminent terror attack, or major drug/CSAM ring. This doesn't just apply to us average joes either, every cop I know (so, 3) who has ever tried to pass something they viewed as important to the feds, has been stiff armed and told that it's not a priority.
>These people are organized to perform identity theft, which is literally organized crime
This seems hyperbolic (though not impossible.)
If I were to attempt this scheme, would I have created an organized crime entity?
I think this whole thing is a novel example of grift, which is by definition bad. The idea of every bad act being turned into an excuse to necessitate federal police action is… weird.
I mean, IANAL but I'm pretty sure taking in income while posing as someone else must constitute a crime.
If not, lesson learned I guess. (Don't know unless you talk to a lawyer or try to report it.) But if it is a crime, then yes, it's across state and national boundaries, so who else would have jurisdiction but federal police?
If you break into a car while your buddy keeps watch, have you created a criminal enterprise worthy of being compared to mafias and terrorist groups? If so, what is meaningful about the concept of organized crime as it is currently used and accepted?
Are you aware that there are non-federal police that have the purview of arresting little mom and pop criminal enterprises? Not everything is an automatic RICO case.
> If you break into a car while your buddy keeps watch
But we are talking about a case where someone has created a company that they are using to perform this fraud. If you found a company where you hire individuals to watch each other while they break into cars, yes, I think that would be considered organized crime.
Bizarre. I (US-based engineer with an Upwork account) was invited into a less sophisticated variant of the scam in spring 2021:
> Nice to meet you. I am looking for a US person who do business with me. You can earn money with a few cooperation. Do you know Upwork or Toptal site?
They also had the text of the message in a GitHub repo. I tried reporting them to GitHub, Upwork, and Toptal, but I don't think they knew what to do with it? I assumed my scammer was looking to evade banking rules or sanctions, but it could be for either fake employment or actual work with a US-based persona like in this case.
Same, although I was never asked to impersonate anybody. They just wanted to work using my real name/identity, and would throw some money my way every month. At the time I was annoyed/pissed, but after reading this I respect that they at least had the decency to ask for my permission lol.
Honestly, this is 100% Upwork's fault. Their platform is a race to the bottom, yet they make it very difficult/impossible for people from countries that can actually afford to make a living with those rates to sign up. So I understand why people resort to this behavior, even though I would never want to work with someone who would actually do that. Fuck those people.
This is utterly creepy. Kudos to the college kid who did the right thing here.
I've never had anyone try to impersonate me for a job, but I have had people steal my photos and create Tinder profiles using them in cities I don't live in (I've been alerted because people who recognized me sent me screenshots). I tried to catfish the person who was using my photos to catfish others, but was unsuccessful. I dreamed of doing what Connor did, which was to confront the person who was using my face on a video call.
I'm so sorry this happened to Connor but am grateful he documented this sort of scam, which I fear is probably a lot more common than we know. I see people on TikTok all the time encouraging these sorts of outsourcing scams of taking jobs on Upwork or something else and then hiring people to do the work on Fiver or in markets where the cost of labor is much, much lower. Do this with enough volume and you could make decent money, I imagine.
You're probably a larger target for that sort of thing. Luckily you have a larger-than-average number of people who would recognize your face to alert you.
A big reason why a lot of companies are trying to push people back to the office is they have low confidence that line managers will catch these kinds of problems, and many more - including 'the guys working 4 jobs and barely doing anything for us', the 'guy starting his own company that competes with us at the same time as working for us', the 'guy who farms out all his work to subs in India', etc.
It's easy to say 'if they don't notice, then clearly it's not a problem' - but it has downstream effects, like broken products, huge legal liabilities for the company including often scary handling of customer data to make it work, and morale hits as other folks pick up on things like this happening and being uncaught.
These are real, albeit currently low percentage/high risk things that happen. The more people get away with it, the higher the percentages of people who will try (people rationalize it to themselves as 'everyone else is doing it', and 'I'd be foolish to not do the same thing everyone else is'.).
The biggest issue I've seen with remote work (in practice), is it makes it really hard for a manager to see and actually understand what's happening (not just what people SAY is happening, which is rarely the same thing), and makes it easier for employees to hide things they don't want others to see. Which leads to more of everything from undiscovered-until-too-late burnout, to team members who have no idea what to do or how to do it, to opportunists grifting.
> A big reason why a lot of companies are trying to push people back to the office
Which is kind of useless for most of the points you described at the end. There are plenty of comments here really proving that you can scam even in person interviews. Let's say you are not scam, you pass an interview. You can still do all of those things while you work.
The only way to prevent this is by having keyloggers and similar tools on the work laptop so that you can actually see what people do. And even then, if someone does "enough", would you really check? Probably most people nowadays wouldn't care, as long as you deliver.
The truth is: most people are honest, they do "normal" work, they get a raise, etc. Then there is a percent of people which exploits the system. A system that let's be honest tries to profit from them too by giving lower wages, etc.
It’s harder/nearly impossible to scam at scale in person.
It’s also way more obvious and personal when it happens, and it’s a lot easier to actually physically arrest someone if it gets really weird or out of hand, not that it was common for that to happen.
I think we’re seeing the birth of a new industry, the equivalent of Nigerian email scams, but with job interviews.
I heard a story about this happening at an Indian subsidiary of an American company, the person interviewed by the US manager was not the person that actually took the role ! It was discovered a few months in as the quality was not as expected (the person was actually a developer but not nearly as good as the one that was interviewed, he hired the interviewed person to pass the interview).
If you are a software developer, check to make sure you aren't being impersonated on Upwork as well. A couple months back someone (I think I know who, but have no proof) was posing as me, and a suspicious client noticed that the person they were chatting with on video did not look that much like me in real life. Two other PHP/Laravel devs had impersonators on Upwork as well around the same time.
One of these other devs only noticed because the client sent a calendar invite to his real email, instead of the one provided by the impostor.
[edit - I'm reading through the original post, and I see now that this was all done through Upwork as well. Yikes!]
I actually have a weekly google alert that searches for my full name, which fortunately/unfortunately is basically unique. It's normally nothing but a handful of false positives, but the week I appeared in the local news lit it up like a Christmas tree.
I had this exact same thing happen a few years ago, with an internal employee.
They had gotten someone else from the India office to conduct the interview. He said his camera wasn't working and we didn't think anything of it.
He aced the interview, even made good recommendations on the project he would be running.
The guy that showed up wasn't even at a junior level. It became painfully obvious after a couple of days. Pure red flags but the highlight...
- When asking for a project plan on an enterprise level project his response was "I can code all this in 3 days".
- Proceeds to supply broken code.
- When mentioned the code doesn't work he gets aggressive and says other people on the team broke it.
- Code gets reviewed by a senior architect (Bob) from another team. Turns out code was copied from an external github. So even if it worked it would be illegal to use.
- They get aggressive saying that Bob is jealous.
- Bob proceeds to document in detail the codes origin, legal details and points out where the code is broken.
- Bob and senior management have a meeting with the guy, where he is asked supply his original code (which he can't). Is then asked to explain exactly what the code does.
- Bob puts the cherry on the cake where he finds a simple broken function that anyone junior developer could see is wrong. Asks him to explain what is wrong with that code.
After that the guy got fired. Not sure if they investigated further in the India branch. But it was embarrassing all round.
I'm still not sure how the imposter planned to keep the job after getting it. I suspect the stand-in expected money and didn't get it. So didn't support them.
The craziest thing I came across my recent travels to India is that people applying to jobs hire a shadow interviewee. They will sit in the same room controlling keyboard and mic. They will train you to do the fake lip movement. They will give interview while you face the camera. They charge you roughly 10% or so of what you would make if you land the job. I heard this from reliable sources where my friends came across such fake interviewers while interviewing and also friends who has seen some colleagues who hired these shadow interviewers to land a bigger / better paying job.
This goes even deeper. During pandemic, supposedly there are even shadow engineers who does the work for you. :-(
I run a job platform. This scam is pervasive, especially with contract work. We've had to get really good at recognizing patterns because their covers are really good (even faking passports and work history).
Many of the big contract platforms are dealing with this too. Hiring managers are getting tired of it and are 1) not hiring as many contract workers and 2) not using platforms to hire those workers.
Unfortunately, this hurts small companies more since their hiring practices are so lax and there's a crop of new ones every few months.
There are people out there right now putting a truly astounding amount of information on their wholly-public Facebook, Instagram and LinkedIn profiles.
My main message for people is to resist the social temptation to share every detail of your family's life on social media, in the long run it's better for your privacy, your family's privacy, your security, and reduces opportunities for malicious data mining.
It's sufficient to build an entire identity theft kit if you're a malicious actor wanting to impersonate somebody. Somebody would combine whatever is available from social media with things like linkedin profiles, CVs, github projects, other github-like-project profiles, and linkedin-type business networking site data.
Or at least a good enough to pass cursory inspection/examination identity theft kit to impersonate somebody with a close-enough email address, or a throwaway custom domain name registered for the purpose.
I would highly recommend anyone that does keep an account somewhere like Facebook to stop posting photos of your house, family members and to set all of your 'privacy' settings to whatever is the friends-only/maximum setting. Try looking at your own profile from a different browser with no cookies in a burner account or incognito mode and see if any of your personal life is visible.
While working for one of the largest consultancies, I had to interview an offshore candidate for an onshore position in my team. It was a database development job and I asked the typical SQL questions, data modelling, etc - all over Skype with no camera. The guy on the other side seemed very knowledgeable. Amazingly high level for the job actually, and better than what his CV suggested. Being an internal candidate, I did not suspect anything and recommended him for the job. A month or so after that, management flew him in and I got to meet him in person. To my surprise, his language skills and much less his technical skills were anywhere near what I experienced at the interview. He was very keen to be a manager, with very very poor SQL skills - even in theory. A friend of mine later told me that it is a common practice in the offshore dev center to let the good devs interview for positions and then to send another person to do the job. They apparently did that to clients quite often and it was not surprising to him that I got the same treatment - even though it was an internal assignment.
I mean, this is not incredibly different from consultancies sending their crack A-team to pitch a project and then a bunch of freshly-recruited graduates to actually build it. All big firms do it. I can see some particularly entrepreneurial fellow overseas experiencing it once and then going "well, if they can get away with it, why couldn't we...?"
Yeah I've had people ask to buy my codementor account (https://codementor.io/jleclanche). I forwarded all of them to support@arc.dev, but I suspect some people always say yes ...
If it's reasonably common, there might be a place for a "reputation protection" service in the tech community - a service that watches various contracting and hiring sites for its members names, then notifies the real person when their name is used.
I could see it being a real issue in the future if someone's professional reputation is tarnished this way. If a prospective employer searched for a candidate and found multiple profiles with very different skills listed, that would be a huge red flag. Worse, if the fraudulent person was hired and then fired, that information could find its way to places where the real person is applying.
If they were able to successfully land a job like this, I could also see that messing with the real person's tax situation.
... I'm off to look for my name on Upwork, I guess.
I had a similar experience back in 2008 when I started a fully remote digital agency.
One of my first employees was doing fantastic work, until his performance fell to 0 - no communication, no deliverables, nothing. Turns out, he stopped paying the subcontractor that was doing his job for him.
The subcontractor contacted me months after I fired the employee and confessed. Apparently, the long-pauses and loud typing during my conversations with the employee was the employee messaging the subcontractor asking for help answering my questions.
So, in my case, the employee was still the front. In this case, they're attempting to eliminate that bottleneck by just having the subcontractor impersonate the employee.
Whenever I read these kinds of super-complicated scams, I can't help but think if the scammer would have instead invested all that time and effort into legitimate tech and interviewing skills, he/she could have just come in the front door! It's like the person who spends hundreds of hours putting together the perfect exam cheating scheme, where they could have instead put in half of that time actually studying!
No matter how much work you put into setting up a scam, you'll never be able to beat the H1B lottery.
Companies know that they can pay less money to people in poor countries because an American wage in a third world country would have them live like kings. Going the honest route significantly cuts your profits if you live in these countries.
The "Plamen" person linked in this blog says he was educated in Sofia and Veliko Turnovo, Bulgaria. The average salary in Bulgaria ranges from $18k to $30k depending on the city (taking the optimistic route, here, sites like https://www.zaplatomer.bg/en/salaries-in-country give much lower numbers!); with an expected wage starting at $59k, they would be able to live a wealthy life earning twice the average wage just by getting lowballed by an American company. Spending that wage from a small California apartment wouldn't be nearly as profitable and comfortable as it would be living from a nice house in Bulgaria. All they'd need is a good internet connection and a shifted sleep schedule to take part in meetings.
That's assuming the guy can actually deliver on his tasks. My guess would be that these scammers have limited technical skills and rely on waiting for the slow evaluation process to fire them and then moving on to the next company.
In a lot of ways it's a convoluted form of arbitrage. These people "buy" developer labor in the cheap markets and "sell" in the expensive ones. Obviously bad when the developer labor doesn't get delivered as advertised. But if you can pull it off then mostly good for everyone.
The guy organising it appears to be living in a lower middle income country with technical skills limited to badly installing WordPress plugins and doubts about his spoken English.
Even if he actually has the capability to become a really good programmer, I'm not sure he's going to beat getting half of potentially dozens of US-based developers' contract incomes for less effort than spamming job boards and running a Slack channel
If the other thread [1] is to be believed there is no guarantee that the developers on the other side has similar skills. No need to dig up arbitrage when it could simply be a scam.
Even the person they hired here to pretend to be Connor said himself that's he's just a junior that would pretend to be a senior. Maybe the idea is simply to get a well-paid job, work a couple months, get fired (maybe even with a generous severance), and repeat.
Yeah it could be "just" a scam though the arbitrage is really a scam too. The other thread's doesn't make sense because the dev is still trying to work despite being immediately id'ed as a different person on zoom. This scam only makes sense to me to be doing something like stealing the signing bonus but actually trying to be a dev is curiously naive or stupid.
If the scammers found a naive patsy to be the 'employee' and used an experienced dev to do the interview, it makes sense.
At many companies, they wouldn't necessarily notice the difference right away too, if someone was pretending to work. Management is often overloaded or checked out. Depending on ethnicity, they might also be unwilling to bring up the issue.
For example, if the patsy sticks with it, who is going to call the bluff - especially if no one took a picture?
They could claim the manager was being racist by not being able to recognize them or something. If someone IS not great at recognizing/telling apart, say, Indians, it could sow doubt that would make it harder to address. And that is a lot of people in the US.
The longer the delay, and the more legal buttons get pushed, the more the company pays out before the scam is over, and the more lucrative it is.
It's not hard to find local cut-outs in most areas. In most cases, those folks are also patsies.
Another, different party who cashes checks written to their name in exchange for a cut, for example.
As an example, there is still the old in the tooth craigslist 'oops, I sent too large a cashiers check, can you send me the extra?' scam, which is an even more obvious ripoff, and people fall for that all the time.
If approached by law enforcement, their story would likely be they were working for X (different) company as an assistant or in finance, etc. The other company of course will be in a different state, country, or whatever, or maybe not actually exist, depending on the logistics of the money movement.
The scammers could easily have 10-20 different paychecks going to one person without anyone being the wiser - at least until the IRS got the W-2s or the cut-out started thinking about the long term consequences.
Scammers are used to a lot of churn with stuff like this, it's why these scams are hardish to run and aren't even more lucrative. Think breaking bad and 'Walt trying to ACTUALLY make money selling meth'. Lots of surprise expenses, people going sideways on you, competition you didn't expect, paranoia, logistics difficulties.
That's assuming they aren't just forging/stealing SSNs or identities and using some kind of front somewhere, like payday check cashing places willing to look the other way, or whatever.
There are plenty of folks running bad check scams or the like already, and they don't have the benefit of checks that will actually cash (all the time), like a big companies payroll check.
I wasn't even thinking about the fact that it leaves a paper trail. I was just thinking about the fact that the company who ostensibly hired "John Doe" is being given payment details for "Jack Frost".
It wouldn't be hard to have it be John Doe all the way through, at least for folks doing this. Setting up things like this is a common tactic in a lot of common financial crimes now a days.
While it's not at all surprising, it was a fun read. Having used Elance/Upwork in the past, I was pretty sure quite a lot of off-shore (Indian, Eastern European) companies do a similar scheme. At least some of them definitely pretend to be a single developer and/or let one developer with better skills (communication and programming-wise) do the interview and then throw cheaper "resources" at the actual project.
The surprising part was that Maris/PND seems to have a pretty good command of English himself, so he could have easily done this without involving other people and thus mostly avoid being caught. Though maybe he runs a larger operation and he simply needs more people to do this.
I saw "translation project", their sample documents, power plants chart, are written as confidentials internal use only. client location is palesthine territories. (There are no branch on this power plant company. )
I am not sure palesthine has internet enviroment and they can use upwork.
And on odesk, former upwork, a client ask me to work "online store management", actually they are fake identification goods seller, their server is also in panama. (banned but their sites can see on archive)
There are few credit check on these cool tech industries.
For AI tuning, margin revenue is the 1st priority.
Credit check maybe difficult, AI can't dispute for their instructions.
About 12 years ago, I attended a barcamp (blast from the past) where someone gave an SEO talk about how to hack search and adwords to provide no value but capture eyeballs and trick people into clicking on things to make money. I recall many references to a wider community they were a part of that did this, traded tips and tricks, and generally evolved their trade of grifting at scale.
I can't help but feel there's a whole community of people out there with few morals who are trading tips on how to set up scams like this. The "web of lies" seems so deep and complicated I can't imagine this whole thing was built in a vacuum by one person.
I think the root of the issue is LinkedIn. I know a number of scammers regularly monitor LinkedIn. When a new employee at our office updates LinkedIn they start getting email from the 'CEO', first asking for a personal cell number, and then asking to buy gift cards in a hurry.
This reminds me of the time I agreed to hear a seed pitch from a Web3 company and they accidentally showed a slide where they had copied text from my LinkedIn profile onto their team slide under an unnamed VP that was "soft circled". The text was distinctive enough that I immediately recognized it and it couldn't have been any other person. I'd never met them before that call and wasn't looking for a job.
Connor: I found it kind of a funny twist that when I wanted to leave a comment on the bottom of your blog, it assumes that my name is Connor Tumbleson. It's like you want people to pretend to be you ;)
This exposes the truth about showcasing who we are all the time all around the internet, why too many details are needed out there anyway? I will keep posting my CV online, but really, it makes me feel like I should not.
My name is evidently hard to pronounce, even though the spelling, which is seldom right, is phonetic. It is specific to an obscure ethnicity. Except for also being my father's name, it is globally unique. I own the .com of my first name. Despite the occasional annoyances, I appreciate it as a security feature.
I stopped joining interviews/working with companies for similar reasons. I do freelance. I suggest you to do the same, until the time when the market gives us an ethical and a fair working space. Unfortunately spamming/impersonating people became a normal thing and people don't even feel ashamed for it. They do it like its their normal job. (Especially Indians, sorryaboutthat but I won't be politically correct for this case. Work on fixing that in your community if you feel offended.)
Also the story sounds like he/she's somebody around your close circle. Maybe you can stop what you're doing and spend some time to filter some people out.
As for motivation, maybe cash out one or two paychecks? Dunno how it works in the US, but where I live that would be hard without any ID or tax information. Maybe they'll request the first paycheck as a cashiers check? Paypal payment? Who knows. But 1-2-3 months worth of US-level salary would be a fortune in some parts of the world.
In the days of remote work, it would not surprise me a bit if there are organized criminals doing this 24/7. Just churning out job applications, hiring people off fiverr, upwork, etc. to do the interviews, collect a paycheck or two and disappear. Could easily be worth $5000-$20000 pr. scam, if they manage to get hired.
I had to review a number of developer resumes from a similar site back in 2020. Reading through them absolutely set off my "this is a fake person" detector. The resumes had similar formats, they all seemed to point to a real person, but there was a lingering sense of similarity between them which was too much to account for. I though it might have been because the site provided a way to create resumes and they were all choosing from some common set of options or something like that. However, reading this account makes me think that a scam like this is an equally likely explanation.
What happened is fraud, and potentially harmful to your reputation. If you can afford it, consider seeking legal remedy. It sounds like the twits running this scam are amateurs and its possible services like Zoom could unveil better leads toward pinpointing the perpetrators if compelled. Google's impersonation policy seems particularly wanting. You could consider reporting to law enforcement as well, for what that might be worth.
Thanks for sharing and I hope your story serves as an example to those who are out there hiring to stay alert.
Interesting. I doubt it was the same person, but I was approached with a proposition regarding Upwork not super dissimilar to this three times by somebody on the Elixir Slack. I think it was the same "person" each time just with different accounts because they kept getting banned by the admins.
Basically the person would write to me and say something like, "I'm a good $language dev and am worth $120/hr but in my country that is really high pay and people won't pay it unless you're American. I'll get closer to $25/hr." Then the deal is something like this: "We will apply for jobs/contracts in your name, but I'll do 100% of the work and you keep half the money and send me the other half."
The worst part is, I get the feeling that the premise is actually true and that this person is merely trying to beat the system. However, I could never bring myself to do such a thing due to the dishonesty required. Secondarily (but importantly) I've been burned by low-cost foreign contractors that billed for over a week before essentially delivering nothing, so I'm a bit once-bitten twice shy. I likely never would, but have considered doing a similar strategy but in an honest way where I'm up front with the client that I won't personally be doing all the work, but instead will out-source it, but I would be their point of contact/PM and if the work wasn't acceptable then (worst case scenario) I would (re)do it all personally.
I was on the receiving end of one of these recently. I was looking for US-based contractor, found someone whose profile looked legit, and reached out. In the phrasing I got back via email, I knew this wasn't the native English speaker I was expecting.
>On September 14, 2022 I got an email from someone that reeked eerily of a scam, but it turned out to be quite real. The full text is below.
[...]
Am I just naive, or does the email that followed below not sound like a scam at all to anyone else? Getting this, my alarm bells would indeed go off, but more in the "this person is probably telling the truth, someone might be impersonating me" department, not in "this person is trying to scam me"
A long while back I was sitting in a coffee shop, and happened to meet a guy recounting his work history to a client. The hilarious part was hearing my life plagiarized off my web CV at the time. Seeing the con describe climbing an antenna mast where I worked was awe inspiring given he was over 350lbs. I tipped off the client to do his own verification after, as there was no way that guy was part of our small team at that time.
Some people are certifiably insane, and will con anyone to make money. Note, confronting psychopaths with proof they are liars is extremely dangerous. These are the people that will hold grudges for decades if they feel you owe them something, or do something nasty.
Weak Stenography in your CV is also good for auto-screening/blacklisting those engaged in social-engineering workers. You would be surprised who shows up. ;)
Is this going to be a new problem that the gov is not equipped to deal with? Are we going to need to be on high alert that one day the IRS is going to alert me that my tax bracket is 37% because of my income from the 6 jobs I'm working?
Then it will take months or years of legal battles to "prove" I didn't actually work 6 full time jobs this year.
I think this is probably more common than we might think. Given remote work being preferred lately, this is probably doable, especially if companies are hiring large numbers of random contractors. I know my old team members (I retired recently) have gone through a ton of remote contractors recently, many of whom were completely useless. Thankfully I only hired people before Covid hit, and at that point everyone was required to work in office (at least for the work I was responsible for). Everyone I did take on was either excellent or at least competant. I did hire most of them off of phone interviews only, so maybe I was lucky.
If an experienced person does the interviewing asking the right questions / requiring tests / etc might be insufficient to realize the person you are interviewing is not the person who will do the work. I wonder how you would catch this before actually having the "worker" start.
I guess this is a downside of all remote work assuming your company is less than thorough in checking references/documents/etc.
Quote: "I then learned this was a interviewee discovered through Upwork - so I asked for all the proof and continued my investigation
......
I'm not sure how this actually pans out if it works. Can you really refuse to use video for the entire contract of the job? How do you get paid if you need to submit tax documents? Do you pretend to be me forever?"
Having over 15 years working as freelancer through Upwork I can answer that.
1 - Can you really refuse to use video for the entire contract of the job? Yes, you can. But only if you're good at your job. 90% of my clients never knew my real face. I only did video calls with the other 10% of them while we were already deep in the project(s) and trust was already well established. I do prefer voice over written chat though so I have weekly calls with all of them.
2 - How do you get paid if you need to submit tax documents? Upwork is great in that perspective. They have a lot of FAQ helping you with all tax informations and if that fails you have live chat too, with support. However, in this case, being the fact it was an impostor, Upwork style of getting paid and filing for taxes are 2 different beasts they frankesteined together. You still get paid under the fake name using your desired method of payment and filing taxes under your real name, which is done outside of Upwork's control.
3 - Do you pretend to be me forever? Not necessarily actually. You can do bait&switch. Bait clients, do good work for them, create a great relationship with them. Then either you create a new profile under real you and move projects there or move them outside Upwork forever. The fake identity sham is only there to help land the clients in the first place. Once you hook them and they depend on you, they really don't care about Upwork's protection and all that, they just want work to be done.
This happened to me once. It got really weird. My partner and I didn't know there was a fake account made, and we later found out, for days this fake account was talking to my partner - being super nice and genuinely a better person than the actual real me.
Anyway, they later asked my partner to send money to their personal account. I was a little bit sad.
I've been approached several times online by different people who wanted to buy my CodeMentor (now arc.dev) profile. It's a pretty strong profile with a lot of good feedbacks, but I haven't done any work (mentoring) in the past few years.
I see how this could be valuable as it can be really hard to build credibility from 0. (Though it definitely depends on the particular platform rules/dynamics.) E.g. I used to have an Elance profile for 15 years or so, which got transitioned to Upwork, but it mostly got reset to zero. When I last checked about 5 years ago I was presented as someone who has never worked there and never had any feedback which would have made it very hard to win projects. (Not that it seemed worthwhile anyway.) So while it's 100% unethical, there is probably a pretty strong motivation for these kind of trickeries.
Email providers should publicly disclose how old an email address is, and email clients should warn about emails coming from brand new addresses. My gmail account is 15 years old, so any email I send is unlikely to be created just to impersonate someone else.
This doesn't help though if your name happens to be Kevin Smith or something.
Also just ratchets the value of "old email accounts" up a ton. Reddit has a similar problem with fraud coming from old tenured accounts with karma (upvote points similar to HN) becoming very valuable and targets for hackers and spammers.
I don't know about new addresses, but it sounds like more robust vetting is needed on the interviewing side. Resumes and initial screens have become potentially stale and too easy to fake.
Speaking of the "Kevin Smith" case, I know of someone with a very common name going into an interview for a job he applied for - he was underqualified for the role and was surprised he was selected. Turns out the company had mixed him up with another candidate with the exact same name and sent out the interview invite to the wrong person!
Sometimes just the possibility of it working, and the person's desperation, will cause them to try it. I've heard enough instances of people paying others to take exams for them that it doesn't surprise me that some people trying to do an interview that way, too. They think just getting the job will do something for them, and (for whatever reason) think they'll be able to keep the job once they have it.
I wouldn't be surprised to learn that these people think they have high-level skills, but some other factor is preventing them from getting the job. Sometimes it might even be true, but I'm better against them having the skill level they think they do.
> I've heard enough instances of people paying others to take exams for them
Back in the 90s I was becoming a math teacher at one university while I was working on getting admitted into an IT engineer course at another. Strangely enough, the other admittance exam besides math was physics and I sucked at that while obviously I was far ahead in math compared to my peers at the physics preparation course. So someone offered an astonishing amount of money to take the math entrance exam for them, enough to buy a small apartment with it -- and perhaps I would've been young and foolish enough to go with it except for one fact: they offered a falsified national id to go with it. That's five years in prison if you get caught with it and I noped the hell out of it...
In the case OP describes, the situation is similar: it's the documentation that catches you.
This story gave me an idea for a different kind of scam in which the scammer acts as a man in the middle between a candidate and an employer. The idea is that the scammer could pretend to be the employer, tempting the candidate to go through the interview process. Whether the employers decides the reject or extend an offer, in both cases the scammer "rejects" the candidate, and takes on the offer to cash out pay checks until they're being fired.
The main technical challenge for a scammer would be to create a trustworthy looking email address so as to not raise the candidate's suspicion. It might not work with big companies but I've seen some companies using 3rd party services to send interviews invitation so it's not completely unlikely that this could work.
Kind of related - I worked in the defense industry in the early 00s. I found out a couple years after I left a certain defense contractor that defense contractor was still using my credentials along with other current and former employees to submit for contracts.
So my guess is that the scam ends with the scammer negotiating a "deposit" to start contract work, and once the deposit is paid they disappear. Otherwise I think this scam would be a lot more work than just actually getting programming gigs and doing the programming work.
The way I read it is: the scammer will secure the contract using the help of their industry-decorated accomplice, and then outsource the actual work-related duties to developers they find on Upwork, etc.
I received a message from a stranger on LinkedIn in fall of 2020: “Good talking to you the other day.” I assumed they’d intended to message some other person with the same name, but no, it turned out that someone had applied for a developer position at their company as me. They gave me a link to the person’s profile on another site, which was basically a copy of my LinkedIn profile, with some details tailored (presumably) to the role in question. We both contacted the site and soon after the fake profile disappeared. I hadn’t thought about it since. A strange detail from my perspective, reading this thread: my first name is also Connor.
I had a similar experience on Triplebyte, but didn’t have the nerve to pursue the line as far as Connor did here.
Was reached out to on Triplebyte by a guy claiming to work for a large casino in Las Vegas which I won’t name. Asked me to sign an NDA before the interview or that he would tell me what the job was. Couldn’t find him on LinkedIn or anything. The NDA was a word document which I think I signed via online service but never physically opened on my machine because (thank god?) I don’t own Microsoft word, on a Windows machine.
Pretty sure it was some sort of scam, but I couldn’t for the life of me figure out what it was they were after. Perhaps this is it.
>So we can see the 35 members in this Slack, but I don't feel comfortable posting that list. I have no idea who is real or fake and who may be working for this company unaware of what is actually happening.
>So I sent an email to two of them after I found them on LinkedIn to further help investigate this. One immediately responded unaware of this behavior occurring and left the group.
Although I admire the authors restraint, I am more than a little unimpressed with one of the contacted being "unaware" of the behavior. "Excuse me, did you know you're in a group that is actively committing crimes?" How do you think they're going to respond?
Incredibly, I think a job posting with the same end goal has just been posted on Code Mentor, by a profile made only in June (2022). I could be wrong, but just in case - I took a screengrab to share with you all (find here: https://i.imgur.com/up7sMg3.png). In case I'm wrong, I've blocked out the profile in this screenshot - however if Connor wishes to investigate, I have saved more details.
These scams have been happening for decades. It's as hilarious as infuriating when somebody shows up to a job site and it's clearly not the person that was interviewed.
Let's say that this happens with some regularity: an imposter is hired to take an interview on behalf of a third party who is obviously not the same person. Let's say that, some of the time, this ploy is successful and the third party is hired for the position. Don't they just get fired immediately? Is this entire scam just about getting a couple day's salary? Or do some employers just shrug and go with the flow?
I had something similar happen to me a few years back. Someone using my photo and profile from my personal site and uploaded it to upwork to get contract work. I found out b/c someone hired them for a contract (thinking they were me) and got suspicious. The employer found my real email on my site and contacted me. Not sure what I can do to prevent it. I put a warning on my site saying to look out for impersonators.
If they want to actually start and collect a few paychecks, then they'll need to pass a background check from HireRight or whoever. This'll probably include transcript checks, verifying past employment, etc.
They would also need to steal the persons SSN and likely need to get through one of those identity check questionnaires from credit agencies. And they’d probably need to fake an ID as well.
What I can't piece together here is what the scammer's endgame is. They land a cushy developer job under some false identity and ... then what? They're not going to pay some random college student to attend every meeting, are they? Even if they were, are they going to be able to maintain the level of work they lied about? If they really had those skills, they would just interview on their own.
Maintaining is not the goal. Say you get a job that pays senior engineer money, and they fire you after maybe three weeks of you just saying "it depends" and pretending your connection is bad. You still made like $5,000. And you're probably running more than one of these scams at a time. And you're doing this from a relatively poor country with not much formal education. 100% worth it.
And who knows, maybe you manage to actually KEEP one of those jobs, which given how bad some employers are at figuring out who's good and bad at this stuff, is entirely plausible.
At a big telecom we had an employee that maybe closed 10 tickets in two years. He was the highest paid team member (as reported by our director) and worked remotely from an RV in Oklahoma. When he was finally discovered by our director, he was fired and his immediate manager was fired.
He was a long time employee with a legacy job title "wintel engineer." A transformational ex-IBM director was finally brave enough to PIP and fire him. I think he was mostly retired while putting in 8 hours of work a quarter.
Its possible they need someone with a "Senior" resume so they are able to charge $200/hour for their work. Then they are free to outsource it to 2 or 3 junior devs in a much lower priced market and pocket the difference.
They could be fully technically capable but unable to secure those jobs because of visas, location/timezone, the company having a prejudice against outsourcing/remote work, etc.
I had two past co-workers who were almost certainly having someone else do their work, I think (especially) at non-software companies folks just don't get caught.
Frankly, the work environment was slow-paced and generally non-confrontational so both co-workers I suspect of this behavior just managed to tread water. When I joined the group there was a very tight-knit group of 3-4 developers who were very protective of each other. There was always a handy reason why some schedule was slipping and the other fact is that in hindsight, there just weren't very high expectations for them to accomplish anything.
It would take months for the company to figure out that the person is not doing anything, is not who they pretend to be, and fire them. Months during which that imposter would have been paid to do literally nothing.
I guess at some company scale that would happen... you'd probably need pay someone to do onboarding for you (so you're not immediately flagged as a no-call-no-show), then you could go AWOL after that?
In roles where communication is fully asynchronous, a competent offshore dev whose written English is considerably closer to a native speaker than their spoken English might be able to hold onto the job for a while, especially if they're good at excuses.
If they're applying for US onshore jobs with below-local-market pay, they might even be considered relatively productive members of the team.
Reading this I was thinking about how desperate some companies are to hire anyone to get job done. And the definition of done in that case is just make the code working - no matter how low quality it would be and how hard it would be to read and update for the next John Doe from Upwork. It's a race to the bottom inside race to the bottom.
I'd love to understand the legal/tax aspects of this - what SSN and addresses does the "middle man" use - I get that it's easy to get an SSN but within a matter of a year most of the work would be discovered come tax time. And IMO the best parts of Tech are the actual vesting and RSU/Option packages an employee gets.
What are the chances its children behind this, maybe even American children lying about why they need a stooge? It would explain why they're not concerned about violating federal law, whatever else, I think also US Code Title 18 Section 241, Conspiracy Against Rights (a wild guess, iinal).
People, I really tried to read comments to understand if someone had my same question: what for?
Eventually you need to pay this person, he/she will need to give you some ID or passport, etc. How can someone just employ a name? Or is it just because they are contractors (so no document / background check)?
I know this is HN, but an entire thread about imposters and not one mention of Among Us... maybe that's just my viewpoint :)
But that said, I do wonder if Innersloth actually has to deal with similar issues like this, especially after the boom of interest in the game. Maybe not?
I've had the reverse experience on upwork: the client is asking for bids on a project but when you google their name and location it turns out they're in jail. When we had a zoom call their name was different.. I'll have to cancel the project i guess.
> Thankfully I'm not sitting on a Windows machine and can just preview the document via Google without a fear of infecting myself.
Is that true? Can you get infected by seeing a preview of a Google Doc from Gmail or even opening it on Google Docs? I thought the browser was isolated.
Someone created a github account with my name and has been squatting it for years.
Github support tells me they won't deactivate or rename the account (I don't want it, I just want it gone) unless I copyright my own name and file a copyright complaint with them.
It's so weird and creepy .. thanks for posting all the details of the investigation. I hope the person is nailed, but in the end this is the dark part of the internet. There's no end to fraud, identity theft and scams.
Good story, but how do you search on Google Analytics IDs?
“You can reverse those sites to find a couple hundred of domains on that IP, then cross-check the list against matching Google Analytics IDs and find almost 50 domains”
What is the end game from the scammer's point of view? Sign-on bonus? I don't understand how that would work given all the legal work required. At some point the fake identity must be made obvious?
Upwork is a cesspool. There's a lot of shady shit going on in there. Another scam they're doing there is for someone to borrow your Apple App Store or Google Play Account to upload their build.
The root problem we have on the Internet now is anyone can scam anyone without repercussions. We need real identities online, and perhaps an international body that can prosecute crimes.
Isn't this the same modus as the North Korea scams that we've seen a few times before ? We've seen similar stories on HN and there was a darknet diaries episode about this too.
what gets me about this story is that they chose a developer to impersonate who seems to have a pretty dang unique name. I share my name with only one other person in the world, but going by a quick google search at least, Connor is the only Connor Tumbleson in the world (or at least online). this seems like a pretty big liability—if I was in charge of running this nefarious group I would stay away from names like Connor Tumbleson, and instead go for impersonating Bob Johnsons and John Andersons or whatever.
This bring back memories and PTSD... Mine went so far that I cannot talk about it, as it nearly touch my very existence. Identity usurpation can go deep, down to the root certificate.
> I could not stand this anymore listening to someone legitimately claim they were me...So I turned on my camera, renamed myself back and asked the individual what the hell they were doing... However, before I did that. I wanted to childishly email the address of the person impersonating me.
WHY!? the undercover vicitm doesn't jump up and shout when the crime starts to go down, except to drive the plot in really bad tv series.
This could have been the beginning of a new Cliff Stoll Cuckoo's Egg thriller! I am dissapoint, but I guess "who has time for all that?" Interesting story nonetheless.
It brings to mind these immortal words (needs more line breaks but then it would be longer):
If you can keep your head when all about you
Are losing theirs and blaming it on you,
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or being lied about, don't deal in lies,
Or being hated, don't give way to hating,
And yet don't look too good, nor talk too wise
If you can dream - and not make dreams your master;
If you can think - and not make thoughts your aim;
If you can meet with Triumph and Disaster
And treat those two impostors just the same;
If you can bear to hear the truth you've spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to, broken,
And stoop and build 'em up with worn-out tools
If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breathe a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the will which says to them: 'Hold on!'
If you can talk with crowds and keep your virtue,
Or walk with Kings - nor lose the common touch,
If neither foes nor loving friends can hurt you,
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds' worth of distance run,
Yours is the Earth and everything that's in it,
And - which is more - you'll be a Man, my son!
If: A Father's Advice to His Son ― Rudyard Kipling
Many (most?) large companies might take months to fire someone even if it was blatant and obvious. Process to follow, etc.
Considering how distracted and overwhelmed many managers are right now, some might go years before catching on.
Even if no code got checked in. Chances are, they could also farm out a bit here and there to a friend to make
it a harder problem to resolve for the company.
sketchy interview stuff is how ronin got hacked. I feel like impersonating other people in a job market or "fake interviews" will be more common. Really scary and a relatively common practice compared to the knowledge out there about it.
Yikes... Scary stuff; better and easier to generate Deep Fakes will perhaps make this an even bigger problem in the coming years. We going to need builtin detection features in Teams/Zoom/etc.
Maybe deepfake-detection will be the next-gen's Anti-Virus business? :)
Anyone who would be interested in hiring me knows who I am. But I'm not someone you'd hire on the basis of keywords or a LinkedIn profile I basically haven't touched in years.
This story is also more fun from my position. I've been applying to internships and interviewing every week. They're mostly rejections. They're the same questions over and over with minor variation (sorry to top comment for "impersonating" your comment style). My days are deteriorating from a colorful sphere down to two points. In fact, down to two pointers, left and right, iterating over a list of heights to find how much rain water it can trap.
I'm about to repeat the experience for the 10th time and I'm 100% on autopilot. But suddenly, a man reaches out to me on email and offers me up to $80/hr to be his senior engineer. This feels sketchy, my girlfriend tells me, "you're good but let's be honest here...". Anyways, I proceed, it might just be the start of a beautiful thing. I'm asked to interview as one of our developers because English is not their best language. I'm a little bothered, but I was fine with it. But then I see the developer name: Connor Tumbleson. My laughter bursts and so does my suspicion: With a name like that, no way the guy doesn't speak good English. I look up Connor Tumbleson on linkedin, and my suspicions were proved correct. I detail everything to Connor, and now this is on the top of HN. I lost a opprotunity but gained a story of the lifetime.