Comprehensive steps to clean up an impersonation scam

If you’re a user of the Internet, you’ve likely heard about many complex scams; however, until you have experienced one first-hand, you may not have a full picture of how disruptive or time-consuming they can be to deal with. Our studio has operated for over 23 years, with a good reputation. Yet, in November 2023 we experienced a sophisticated impersonation scam. A recruiter claiming to represent our studio was hiring for an “optimization role” which required registration with a website, a buy-in of crypto-currency, and no way to reclaim lost money. The bad actors targeted candidates across Europe and caused damage to our online reputation, which took weeks to investigate and many man-hours to clean up.

After this troubling experience, I decided to write a guide for other companies who may experience something similar to follow. I am not a lawyer, and this guide is not comprehensive, but it should point you in the right direction if you experience something similar.

First of all, let me fill you in on what happened:

  • I started receiving emails on our website contact form, and on LinkedIn from candidates located in Europe asking if a role they were being recruited for was legitimate.
  • A recruiter with a similar domain name was using our logo, tagline and text descriptions.
  • The recruiter was posting job ads on LinkedIn and other recruiting platforms advertising for an “optimization role.”
  • Interested candidates were asked to register on their website, and directed to WhatsApp for communicating with a “hiring manager.”
  • The role involved a series of “tasks” that the candidate had to “buy into” using cryptocurrency. Each “task” would show growth in the candidate’s revenue and not allow withdrawls.
  • Some candidates reported losing over $10k.

Once I found out this was occurring I started tracking reports and mapping similarities between the stories. It was evident that the scammer’s mode of operating was very consistent, and difficult to track. I found that the website domain was registered in Singapore, job ads were posted on LinkedIn and quickly removed, and communication was occurring on WhatsApp. I consulted LBZ Advisory and Perkins Coie for advice.

I took the following steps to resolve this issue:

  • Organized statements, reports, and screenshots from victims. I kept my evidence clear and organized so I could easily refer back to it and look for patterns, and see if the scammer’s mode of operating was changing.
  • Wrote up an abbreviated and detailed summary of what happened and ran it past an attorney.
  • Filed a police report with my local city police department. Filing a police report puts into the public record that your company has no affiliation with the scammers.
  • Filed reports with national agencies including the Internet Compaint Center (ICS), Federal Bureau of Investigation (FBI) and the Feberal Trade Commission (FTC)
  • Made a public statement on my website, LinkedIn, and via email to customers
  • Determined how to report fraud to LinkedIn and WhatsApp, and instructed victims how to report incidents individually
  • Reported the issue to the website hosting company and domain registrar. Once I had all the evidence compiled, including reports to law enforcement agencies, I approached the domain registrar. With this evidence the registrar took swift action to remove the site.

If you are a victim of an impersonation scam, take swift action. During the time this was going on, I got a few bad online reviews for my legitimate business. This could have impacted my online reputation if I did not take care of it.