Wow. This is creepy. Props to the interviewer for allowing the real Connor to stay on the interview and observe.
This is one of my big problems with LinkedIn. We put so much information out there in public, it’s really easy for people do do this. That information can also be used for things worse than applying for jobs.
I think small companies hiring freelancers are most vulnerable to this. In the UK at least companies have to carry out very strict right to work checks, including passports, National Insurance numbers, etc.
A company I was working for wanted to bring on a couple of freelance devs for a short-term project and I had to handle the interviews.
I ended up uncovering a whole scheme where an experienced dev in the US would hop on the calls/video interview and then the actual work would be handed off to some other people based overseas.
If you tried to contact the “dev” for something, your call would be routed to a google voice number and you’d receive a text message in somewhat broken English shortly after.
Their scam only lasted a few hours with us, but I often wonder how well they are able to pull this off.
I was once pulled in to observe (in the “are you seeing this shit?” sense) an interview where someone off screen was answering questions and the person on camera was moving his lips. I’m not sure if they wanted me to share in the joke, or verify that there was no form of latency that would make lips and audio fail so badly to line up. I’m pretty good at pattern matching. There was no pattern. It was two guys pulling a fast one. Or at least trying to.
This was an outsourcing group. In the grand scheme of things, “white people are stupid” is not entirely wrong, but there’s a line you know. And there are lines beyond that line. And then there are these assholes off in the distance.
Had similar while hiring for a Sr Dev. The person who first joined the call was not able to articulate any of the frontend or backend work they had done at the previous contracted company.
Call goes static, call drops.
"Person" rejoins. Who is obviously a completely different person who was able to thoroughly fill in the previous details missed.
We ended the call there. Mistake: didn't require video for the session when the first individual proclaimed they were having issues with video.
I’m floored by this. We have a sr engineer who conducted an initial technical screen and swore he saw this happening, the person on screen moving his mouth while someone else talked and wrote the code. My managers recounted this story to me, laughing because they thought the suspicion was ridiculous and that the interviewer was just being paranoid (they had not been on the call). Turns out he was not paranoid…
> Sounds like they’re stealing that salary, not earning it.
On the contrary – if someone has been at a company for 9 months & had terrible early reviews, the company had about ~6 months to deal with them. In my experience, truly bad hires get lukewarm 30 day feedback, negative 3 month feedback, and are on a PIP soon after.
If you're there after 9 months, it suggests you've demonstrated some level of value to your employer.
I can assure you there are plenty of underperforming, incompetent and even flat out absent employees cozied up in hidden little niches at all kinds of companies that don’t let them go for a variety of reasons.
If the other thread [1] is to be believed there is no guarantee that the developers on the other side has similar skills. No need to dig up arbitrage when it could simply be a scam.
Even the person they hired here to pretend to be Connor said himself that's he's just a junior that would pretend to be a senior. Maybe the idea is simply to get a well-paid job, work a couple months, get fired (maybe even with a generous severance), and repeat.
Yeah it could be "just" a scam though the arbitrage is really a scam too. The other thread's doesn't make sense because the dev is still trying to work despite being immediately id'ed as a different person on zoom. This scam only makes sense to me to be doing something like stealing the signing bonus but actually trying to be a dev is curiously naive or stupid.
If the scammers found a naive patsy to be the 'employee' and used an experienced dev to do the interview, it makes sense.
At many companies, they wouldn't necessarily notice the difference right away too, if someone was pretending to work. Management is often overloaded or checked out. Depending on ethnicity, they might also be unwilling to bring up the issue.
For example, if the patsy sticks with it, who is going to call the bluff - especially if no one took a picture?
They could claim the manager was being racist by not being able to recognize them or something. If someone IS not great at recognizing/telling apart, say, Indians, it could sow doubt that would make it harder to address. And that is a lot of people in the US.
The longer the delay, and the more legal buttons get pushed, the more the company pays out before the scam is over, and the more lucrative it is.
It's not hard to find local cut-outs in most areas. In most cases, those folks are also patsies.
Another, different party who cashes checks written to their name in exchange for a cut, for example.
As an example, there is still the old in the tooth craigslist 'oops, I sent too large a cashiers check, can you send me the extra?' scam, which is an even more obvious ripoff, and people fall for that all the time.
If approached by law enforcement, their story would likely be they were working for X (different) company as an assistant or in finance, etc. The other company of course will be in a different state, country, or whatever, or maybe not actually exist, depending on the logistics of the money movement.
The scammers could easily have 10-20 different paychecks going to one person without anyone being the wiser - at least until the IRS got the W-2s or the cut-out started thinking about the long term consequences.
Scammers are used to a lot of churn with stuff like this, it's why these scams are hardish to run and aren't even more lucrative. Think breaking bad and 'Walt trying to ACTUALLY make money selling meth'. Lots of surprise expenses, people going sideways on you, competition you didn't expect, paranoia, logistics difficulties.
That's assuming they aren't just forging/stealing SSNs or identities and using some kind of front somewhere, like payday check cashing places willing to look the other way, or whatever.
There are plenty of folks running bad check scams or the like already, and they don't have the benefit of checks that will actually cash (all the time), like a big companies payroll check.
I wasn't even thinking about the fact that it leaves a paper trail. I was just thinking about the fact that the company who ostensibly hired "John Doe" is being given payment details for "Jack Frost".
It wouldn't be hard to have it be John Doe all the way through, at least for folks doing this. Setting up things like this is a common tactic in a lot of common financial crimes now a days.
Whenever I read these kinds of super-complicated scams, I can't help but think if the scammer would have instead invested all that time and effort into legitimate tech and interviewing skills, he/she could have just come in the front door! It's like the person who spends hundreds of hours putting together the perfect exam cheating scheme, where they could have instead put in half of that time actually studying!
In a lot of ways it's a convoluted form of arbitrage. These people "buy" developer labor in the cheap markets and "sell" in the expensive ones. Obviously bad when the developer labor doesn't get delivered as advertised. But if you can pull it off then mostly good for everyone.
The guy organising it appears to be living in a lower middle income country with technical skills limited to badly installing WordPress plugins and doubts about his spoken English.
Even if he actually has the capability to become a really good programmer, I'm not sure he's going to beat getting half of potentially dozens of US-based developers' contract incomes for less effort than spamming job boards and running a Slack channel
No matter how much work you put into setting up a scam, you'll never be able to beat the H1B lottery.
Companies know that they can pay less money to people in poor countries because an American wage in a third world country would have them live like kings. Going the honest route significantly cuts your profits if you live in these countries.
The "Plamen" person linked in this blog says he was educated in Sofia and Veliko Turnovo, Bulgaria. The average salary in Bulgaria ranges from $18k to $30k depending on the city (taking the optimistic route, here, sites like https://www.zaplatomer.bg/en/salaries-in-country give much lower numbers!); with an expected wage starting at $59k, they would be able to live a wealthy life earning twice the average wage just by getting lowballed by an American company. Spending that wage from a small California apartment wouldn't be nearly as profitable and comfortable as it would be living from a nice house in Bulgaria. All they'd need is a good internet connection and a shifted sleep schedule to take part in meetings.
That's assuming the guy can actually deliver on his tasks. My guess would be that these scammers have limited technical skills and rely on waiting for the slow evaluation process to fire them and then moving on to the next company.
Anyone who would be interested in hiring me knows who I am. But I'm not someone you'd hire on the basis of keywords or a LinkedIn profile I basically haven't touched in years.
A big reason why a lot of companies are trying to push people back to the office is they have low confidence that line managers will catch these kinds of problems, and many more - including 'the guys working 4 jobs and barely doing anything for us', the 'guy starting his own company that competes with us at the same time as working for us', the 'guy who farms out all his work to subs in India', etc.
It's easy to say 'if they don't notice, then clearly it's not a problem' - but it has downstream effects, like broken products, huge legal liabilities for the company including often scary handling of customer data to make it work, and morale hits as other folks pick up on things like this happening and being uncaught.
These are real, albeit currently low percentage/high risk things that happen. The more people get away with it, the higher the percentages of people who will try (people rationalize it to themselves as 'everyone else is doing it', and 'I'd be foolish to not do the same thing everyone else is'.).
The biggest issue I've seen with remote work (in practice), is it makes it really hard for a manager to see and actually understand what's happening (not just what people SAY is happening, which is rarely the same thing), and makes it easier for employees to hide things they don't want others to see. Which leads to more of everything from undiscovered-until-too-late burnout, to team members who have no idea what to do or how to do it, to opportunists grifting.
> A big reason why a lot of companies are trying to push people back to the office
Which is kind of useless for most of the points you described at the end. There are plenty of comments here really proving that you can scam even in person interviews. Let's say you are not scam, you pass an interview. You can still do all of those things while you work.
The only way to prevent this is by having keyloggers and similar tools on the work laptop so that you can actually see what people do. And even then, if someone does "enough", would you really check? Probably most people nowadays wouldn't care, as long as you deliver.
The truth is: most people are honest, they do "normal" work, they get a raise, etc. Then there is a percent of people which exploits the system. A system that let's be honest tries to profit from them too by giving lower wages, etc.
It’s harder/nearly impossible to scam at scale in person.
It’s also way more obvious and personal when it happens, and it’s a lot easier to actually physically arrest someone if it gets really weird or out of hand, not that it was common for that to happen.
I think we’re seeing the birth of a new industry, the equivalent of Nigerian email scams, but with job interviews.
I heard a story about this happening at an Indian subsidiary of an American company, the person interviewed by the US manager was not the person that actually took the role ! It was discovered a few months in as the quality was not as expected (the person was actually a developer but not nearly as good as the one that was interviewed, he hired the interviewed person to pass the interview).
Bizarre. I (US-based engineer with an Upwork account) was invited into a less sophisticated variant of the scam in spring 2021:
> Nice to meet you. I am looking for a US person who do business with me. You can earn money with a few cooperation. Do you know Upwork or Toptal site?
They also had the text of the message in a GitHub repo. I tried reporting them to GitHub, Upwork, and Toptal, but I don't think they knew what to do with it? I assumed my scammer was looking to evade banking rules or sanctions, but it could be for either fake employment or actual work with a US-based persona like in this case.
Same, although I was never asked to impersonate anybody. They just wanted to work using my real name/identity, and would throw some money my way every month. At the time I was annoyed/pissed, but after reading this I respect that they at least had the decency to ask for my permission lol.
Honestly, this is 100% Upwork's fault. Their platform is a race to the bottom, yet they make it very difficult/impossible for people from countries that can actually afford to make a living with those rates to sign up. So I understand why people resort to this behavior, even though I would never want to work with someone who would actually do that. Fuck those people.
If they want to actually start and collect a few paychecks, then they'll need to pass a background check from HireRight or whoever. This'll probably include transcript checks, verifying past employment, etc.
They would also need to steal the persons SSN and likely need to get through one of those identity check questionnaires from credit agencies. And they’d probably need to fake an ID as well.
I hope Andrew [0] — the college junior with morals who blew the whistle on the attempt to get him to impersonate the author — gets an internship or job offer out of this; he apparently was having a hard time with that.
The author's sleuthing is reminiscent of Cliff Stoll's The Cuckoo's Egg from 1989. [1]
> I hope Andrew [0] — the college junior with morals who blew the
whistle on the attempt to get him to impersonate the author — gets
an internship or job offer out of this; he apparently was having a
hard time with that.
Excellent point.
I've been wondering about ways to test students on "trust/morals" and
decided its one of the most valuable yet least well understood
qualities. Employers generally rank skills, knowledge, salary, even
age/gender/race above dependability/loyalty, or barely consider the
latter at all.
Other than lengthy vetting and imprecise security clearance procedures
this is such a hard quality to discern, and so costly when you miss
the mark. The costs of defection, industrial espionage, and sabotage
seem poorly quantified in HR. I think a corrosion of work relations
has come about from devaluation of workers qua humans, and the
corresponding disrespect people have towards their places of work. Is
that inevitable under capitalism/efficiency?
And, harder question... does it even matter? Especially once AIs and
remote agents take-over many jobs? Does a corporation care if the
worker is an imposter and liar who abused a false identity to get the
post, so long as they produce working results?
Is there a kind of moral Turing test here? What do work relations have
to do with human-relations in the limit of the present trajectory?
Also - how likely are they to be able to continue doing so, and how much of my companies sensitive information is being leaked to who knows where by whom? Including data that opens up the company to some giant liability lawsuit or PR issue later?
How would you like to constantly wonder if Steven in HR, who has enough of your personal info to take out loans in your name, can just vanish tomorrow without a trail?
I've simply asked candidates 'tell me about a time you had to make a moral judgement'. I'm kind of surprised that it's not a more common question, but of course that makes it work - truly immoral people would have a made-up anecdote if it came up regularly.
I remember in one job the company had a set of questions we had to ask candidates on top of the technical questions. One of them was “what would you describe as your biggest weakness?”
I always grown when I have to ask that question because you always get some stupid answers where people say things like “I’m just too organised” or similar spin to make a negative sound like a positive. Frankly I can’t blame them because it’s a ridiculous question to ask.
However this one candidate not only listed off one flaw but three of them. I remember thinking “shut up, shut up, shut up. You’re not supposed to answer this honestly!”
However this ironically turned out to be the reason I hired him. I figured if he is that honest and able to identify his flaws then he must have a good work ethic.
He turned out to be one of my best ever junior hires.
I tend to coach the question to prevent people from giving it a softball, with something like "I have certainly caused my fair share of crisis, what I'm interested in is the experiences you ..."
It's an adequate test to filter out folks who are simply incapable of accepting responsibility for their actions, or who have yet to really shoulder enough responsibility to meaningfully fail.
I'd have thought a lot of completely regular candidates would be a bit stumped by that (especially since many non-trivial moral judgements are personal life stuff that's really off limits for interviews)
Although maybe that's the point: psychopathic candidates end up making up fairly unconvincing heroic stories whereas regular people look a bit confused and maybe mention something they didn't do because they couldn't trust it was legitimate or ask if their decision to volunteer their time for $cause counts.
I think it goes without saying that interview questions are asking about your work life,. altho it might help if the interviewer specifies that anyway, i.e. "Tell us about a time you had to make a moral judgment at work"
The point is more that "moral judgements" like the time you pointed out that the company might violate the AGPL might actually be good stories to tell an interviewer if you've lead a drama-free working life building CRUD apps for regular employers, but are pretty hard to recall when the first thing the words "moral judgement" bring to mind are the time you had to stop interacting with X because they did Y.
In fact, it seems to actually count against me, as I'm sometimes accused of being "snobby."
Ah, well...
STORY TIME:
A few months after I had been promoted (the first time) to a manager, one of my new employees was hired by my boss' boss, while I was out on medical leave.
When I got back, I found out that he had made a promise to the new (now hired) employee, that he was not "legally" allowed to do, and had to let the guy do it (because he promised).
He asked me to sign it off.
I declined, sure that my job was in jeopardy.
Surprisingly, he took it well, and it was never mentioned again (until now). He actually had a lot of Integrity, and was uncomfortable with it (it was a mistake; not deliberate).
I once had a job where my manager asked me to fake some results to deceive a customer. I refused. Later the manager apologised to me and upon reflection agreed it was wrong, and the matter was never brought up again. But I had a better relationship with that manager after that.
Perhaps at the end of the day that's what the scam was about, getting Andrew an internship. I mean if I was writing the movie that would be the twist at the end
Sometimes just the possibility of it working, and the person's desperation, will cause them to try it. I've heard enough instances of people paying others to take exams for them that it doesn't surprise me that some people trying to do an interview that way, too. They think just getting the job will do something for them, and (for whatever reason) think they'll be able to keep the job once they have it.
I wouldn't be surprised to learn that these people think they have high-level skills, but some other factor is preventing them from getting the job. Sometimes it might even be true, but I'm better against them having the skill level they think they do.
> I've heard enough instances of people paying others to take exams for them
Back in the 90s I was becoming a math teacher at one university while I was working on getting admitted into an IT engineer course at another. Strangely enough, the other admittance exam besides math was physics and I sucked at that while obviously I was far ahead in math compared to my peers at the physics preparation course. So someone offered an astonishing amount of money to take the math entrance exam for them, enough to buy a small apartment with it -- and perhaps I would've been young and foolish enough to go with it except for one fact: they offered a falsified national id to go with it. That's five years in prison if you get caught with it and I noped the hell out of it...
In the case OP describes, the situation is similar: it's the documentation that catches you.
These scams have been happening for decades. It's as hilarious as infuriating when somebody shows up to a job site and it's clearly not the person that was interviewed.
Yeah I've had people ask to buy my codementor account (https://codementor.io/jleclanche). I forwarded all of them to support@arc.dev, but I suspect some people always say yes ...
I submitted my own blog here, but then my intentionally configured HN timeouts locked me out. I was wondering why my little Linode was dying.
Yeah this was an incredibly odd and creepy experience that I continue to investigate here and there. I really appreciate the interviewer for letting me stay on and confront the imposter.
Username seems familiar. I have spent a lot time with your apktool, few years ago. For the first time, I saw your real name and photo. Thank you for this amazing tool.
Many (most?) large companies might take months to fire someone even if it was blatant and obvious. Process to follow, etc.
Considering how distracted and overwhelmed many managers are right now, some might go years before catching on.
Even if no code got checked in. Chances are, they could also farm out a bit here and there to a friend to make
it a harder problem to resolve for the company.
As for motivation, maybe cash out one or two paychecks? Dunno how it works in the US, but where I live that would be hard without any ID or tax information. Maybe they'll request the first paycheck as a cashiers check? Paypal payment? Who knows. But 1-2-3 months worth of US-level salary would be a fortune in some parts of the world.
In the days of remote work, it would not surprise me a bit if there are organized criminals doing this 24/7. Just churning out job applications, hiring people off fiverr, upwork, etc. to do the interviews, collect a paycheck or two and disappear. Could easily be worth $5000-$20000 pr. scam, if they manage to get hired.
So my guess is that the scam ends with the scammer negotiating a "deposit" to start contract work, and once the deposit is paid they disappear. Otherwise I think this scam would be a lot more work than just actually getting programming gigs and doing the programming work.
The way I read it is: the scammer will secure the contract using the help of their industry-decorated accomplice, and then outsource the actual work-related duties to developers they find on Upwork, etc.
This story is much more fun when you come at it from the interviewer's position. You've been doing interviews every week. They're mostly rejections. They're the same questions over and over with minor variation. You're about to repeat the experience for the 18th time and you're 100% on autopilot. But suddenly you're in a spy thriller. This is the greatest thing that's ever happened.
Is it a good legal/corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate? Holy fuck, no. Is it going to be WAY more thrilling? Oh my god yes; how could you not?
Now that I think about it, I bet you could put together a pretty successful YouTube series of messing with zoom interviews in ways just like this. Get someone's identical twin to join the call and make them fight over who's the real one. Bring time travel into it. Make outlandish demands of the interviewer to prove that they're not a Zorblaxian spy.
Not Zoom interviews, but there are Youtube videos of people messing up with other people on Omegle, with a fake skip screen. From the point of view of the pranked, what happens is they get to someone that ends up skipping them, get a different person, and the previous person shows up in the background or something.
Oh, I'd be so in to take part in this drama. It would probably be one of the most memorable job interviews of all time.
And I doubt there would be too many legal or corporate ramifications from allowing someone else to be on the call with their camera off. These are contractor positions, not full-time. Frankly, it's a risk I would take to be able to witness this sort of thing in real-time.
Eh, don't bet on it. What if #2 was real, and #1 was someone stalking #2? Or an abusive ex?
If #2 doesn't get the the potential job, they could come after you for all sorts of things - emotional damages, economic damage (from not getting the job), etc. They might even be able to get the court to force you to give them the job, or at least waste years of your time and mental health dealing with legal hassles.
It's hilarious and awesomely entertaining, but don't do it if you have assets someone could go after, as eventually, someone will.
I mean, you're hiring a contractor off of Upwork, not from a reputable consultancy (to be clear, I'm sure established consultancies do shady shit too, but the risk profile is different), so I think the risk is pretty small. We're talking edge cases on a scenario that is already an edge case.
Yeah, I have to imagine they might be using a group account on Upwork and then misrepresenting the coder as a part of their team, but I don’t know enough about how Upwork works.
I posted about this blog post on Twitter and was directed a Reddit post [1] showing how little Upwork seems to care about fake reviews and stolen work product, so it appears Upwork has a history of ignoring fraud, regardless of what their terms say.
Scammer can open a bank account using a fake ID for Connor.
So they hire the real Connor but money goes to a foreign country, to an account owned by the imposter.
I think the fact that it's a zoom interview changes things.
Even if one of them is stalking the other, it's not like they're physically in the same conference room together. the worst they can really do is yell at each other.
> Is it a good legal/corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate?
Consider the situation from the perspective of the interviewer: They don't have all of the background we did while reading this blog. They haven't even had time to process what Connor #1 said by the time that Connor #2 arrives.
The decision to hear them both out for a few minutes is reasonable, IMO. At that point in time, Connor #1 could have been lying as far as the interviewer knew. Letting them both exist in the meeting immediately cleared up any confusion.
Letting them both in the same room at the same time was probably the safer thing. Maybe there’s an argument, or maybe one bounces, clearing it up.
But having one person hide is riskier. It means a random person could eaves drop on my interview by just pretending to me and telling this story.
I mean, super cool though. I imagine my adrenaline would be going as the interviewer. I’d probably chill out when I realized this was identity theft with extra steps, not a Kyle Reese situation.
Stalkers gonna stalk. The “all of this” would just have to be getting the interview link/time (calendar or email access) and then showing up a bit early to tell the story.
It is very very unlikely and I don’t judge the interviewer for how they handled it.
I get the sense that "real Connor" must have been extremely good at concisely explaining the situation and giving the interviewer exactly the information he needed to believe real Connor and understand the situation. It made me think of one of those movies like groundhog day or "source code" where someone has multiple tries and eventually comes up with the most efficient possible thing to say to get someone to trust them. Well done!
I feel like this PND thing might just be an agency for the folks on https://www.reddit.com/r/overemployed to outsource the acquisition of their 2nd, 3rd, 4th jobs.
An interviewer whom asks all the same questions is better suited in HR or hiring accountants. That's called a quiz, not an interview.
When interviewing, you do an actual interview, which is where you research whom you're interviewing to gain good questions to ask so you get good answers back.
The staleness and bore of interviewing is entirely the fault of the individual. Especially when they think whiteboarding compsci topics is meaningful.
I think this is probably more common than we might think. Given remote work being preferred lately, this is probably doable, especially if companies are hiring large numbers of random contractors. I know my old team members (I retired recently) have gone through a ton of remote contractors recently, many of whom were completely useless. Thankfully I only hired people before Covid hit, and at that point everyone was required to work in office (at least for the work I was responsible for). Everyone I did take on was either excellent or at least competant. I did hire most of them off of phone interviews only, so maybe I was lucky.
If an experienced person does the interviewing asking the right questions / requiring tests / etc might be insufficient to realize the person you are interviewing is not the person who will do the work. I wonder how you would catch this before actually having the "worker" start.
I guess this is a downside of all remote work assuming your company is less than thorough in checking references/documents/etc.
If it's reasonably common, there might be a place for a "reputation protection" service in the tech community - a service that watches various contracting and hiring sites for its members names, then notifies the real person when their name is used.
I could see it being a real issue in the future if someone's professional reputation is tarnished this way. If a prospective employer searched for a candidate and found multiple profiles with very different skills listed, that would be a huge red flag. Worse, if the fraudulent person was hired and then fired, that information could find its way to places where the real person is applying.
If they were able to successfully land a job like this, I could also see that messing with the real person's tax situation.
... I'm off to look for my name on Upwork, I guess.
I had a similar experience back in 2008 when I started a fully remote digital agency.
One of my first employees was doing fantastic work, until his performance fell to 0 - no communication, no deliverables, nothing. Turns out, he stopped paying the subcontractor that was doing his job for him.
The subcontractor contacted me months after I fired the employee and confessed. Apparently, the long-pauses and loud typing during my conversations with the employee was the employee messaging the subcontractor asking for help answering my questions.
So, in my case, the employee was still the front. In this case, they're attempting to eliminate that bottleneck by just having the subcontractor impersonate the employee.
This exposes the truth about showcasing who we are all the time all around the internet, why too many details are needed out there anyway? I will keep posting my CV online, but really, it makes me feel like I should not.
394 comments
[ 4.2 ms ] story [ 456 ms ] threadThis is one of my big problems with LinkedIn. We put so much information out there in public, it’s really easy for people do do this. That information can also be used for things worse than applying for jobs.
I think small companies hiring freelancers are most vulnerable to this. In the UK at least companies have to carry out very strict right to work checks, including passports, National Insurance numbers, etc.
I ended up uncovering a whole scheme where an experienced dev in the US would hop on the calls/video interview and then the actual work would be handed off to some other people based overseas.
If you tried to contact the “dev” for something, your call would be routed to a google voice number and you’d receive a text message in somewhat broken English shortly after.
Their scam only lasted a few hours with us, but I often wonder how well they are able to pull this off.
This was an outsourcing group. In the grand scheme of things, “white people are stupid” is not entirely wrong, but there’s a line you know. And there are lines beyond that line. And then there are these assholes off in the distance.
Call goes static, call drops.
"Person" rejoins. Who is obviously a completely different person who was able to thoroughly fill in the previous details missed.
We ended the call there. Mistake: didn't require video for the session when the first individual proclaimed they were having issues with video.
On the contrary – if someone has been at a company for 9 months & had terrible early reviews, the company had about ~6 months to deal with them. In my experience, truly bad hires get lukewarm 30 day feedback, negative 3 month feedback, and are on a PIP soon after.
If you're there after 9 months, it suggests you've demonstrated some level of value to your employer.
Even the person they hired here to pretend to be Connor said himself that's he's just a junior that would pretend to be a senior. Maybe the idea is simply to get a well-paid job, work a couple months, get fired (maybe even with a generous severance), and repeat.
[1] https://news.ycombinator.com/item?id=32996457
At many companies, they wouldn't necessarily notice the difference right away too, if someone was pretending to work. Management is often overloaded or checked out. Depending on ethnicity, they might also be unwilling to bring up the issue.
For example, if the patsy sticks with it, who is going to call the bluff - especially if no one took a picture?
They could claim the manager was being racist by not being able to recognize them or something. If someone IS not great at recognizing/telling apart, say, Indians, it could sow doubt that would make it harder to address. And that is a lot of people in the US.
The longer the delay, and the more legal buttons get pushed, the more the company pays out before the scam is over, and the more lucrative it is.
Another, different party who cashes checks written to their name in exchange for a cut, for example.
As an example, there is still the old in the tooth craigslist 'oops, I sent too large a cashiers check, can you send me the extra?' scam, which is an even more obvious ripoff, and people fall for that all the time.
If approached by law enforcement, their story would likely be they were working for X (different) company as an assistant or in finance, etc. The other company of course will be in a different state, country, or whatever, or maybe not actually exist, depending on the logistics of the money movement.
The scammers could easily have 10-20 different paychecks going to one person without anyone being the wiser - at least until the IRS got the W-2s or the cut-out started thinking about the long term consequences.
Scammers are used to a lot of churn with stuff like this, it's why these scams are hardish to run and aren't even more lucrative. Think breaking bad and 'Walt trying to ACTUALLY make money selling meth'. Lots of surprise expenses, people going sideways on you, competition you didn't expect, paranoia, logistics difficulties.
That's assuming they aren't just forging/stealing SSNs or identities and using some kind of front somewhere, like payday check cashing places willing to look the other way, or whatever.
There are plenty of folks running bad check scams or the like already, and they don't have the benefit of checks that will actually cash (all the time), like a big companies payroll check.
Or, in video form, the Kay & Peele Bank Heist[1]
1: https://www.youtube.com/watch?v=jgYYOUC10aM
Even if he actually has the capability to become a really good programmer, I'm not sure he's going to beat getting half of potentially dozens of US-based developers' contract incomes for less effort than spamming job boards and running a Slack channel
Companies know that they can pay less money to people in poor countries because an American wage in a third world country would have them live like kings. Going the honest route significantly cuts your profits if you live in these countries.
The "Plamen" person linked in this blog says he was educated in Sofia and Veliko Turnovo, Bulgaria. The average salary in Bulgaria ranges from $18k to $30k depending on the city (taking the optimistic route, here, sites like https://www.zaplatomer.bg/en/salaries-in-country give much lower numbers!); with an expected wage starting at $59k, they would be able to live a wealthy life earning twice the average wage just by getting lowballed by an American company. Spending that wage from a small California apartment wouldn't be nearly as profitable and comfortable as it would be living from a nice house in Bulgaria. All they'd need is a good internet connection and a shifted sleep schedule to take part in meetings.
That's assuming the guy can actually deliver on his tasks. My guess would be that these scammers have limited technical skills and rely on waiting for the slow evaluation process to fire them and then moving on to the next company.
https://news.ycombinator.com/item?id=32996457
It's easy to say 'if they don't notice, then clearly it's not a problem' - but it has downstream effects, like broken products, huge legal liabilities for the company including often scary handling of customer data to make it work, and morale hits as other folks pick up on things like this happening and being uncaught.
These are real, albeit currently low percentage/high risk things that happen. The more people get away with it, the higher the percentages of people who will try (people rationalize it to themselves as 'everyone else is doing it', and 'I'd be foolish to not do the same thing everyone else is'.).
The biggest issue I've seen with remote work (in practice), is it makes it really hard for a manager to see and actually understand what's happening (not just what people SAY is happening, which is rarely the same thing), and makes it easier for employees to hide things they don't want others to see. Which leads to more of everything from undiscovered-until-too-late burnout, to team members who have no idea what to do or how to do it, to opportunists grifting.
Which is kind of useless for most of the points you described at the end. There are plenty of comments here really proving that you can scam even in person interviews. Let's say you are not scam, you pass an interview. You can still do all of those things while you work.
The only way to prevent this is by having keyloggers and similar tools on the work laptop so that you can actually see what people do. And even then, if someone does "enough", would you really check? Probably most people nowadays wouldn't care, as long as you deliver.
The truth is: most people are honest, they do "normal" work, they get a raise, etc. Then there is a percent of people which exploits the system. A system that let's be honest tries to profit from them too by giving lower wages, etc.
It’s also way more obvious and personal when it happens, and it’s a lot easier to actually physically arrest someone if it gets really weird or out of hand, not that it was common for that to happen.
I think we’re seeing the birth of a new industry, the equivalent of Nigerian email scams, but with job interviews.
Exciting!
> Nice to meet you. I am looking for a US person who do business with me. You can earn money with a few cooperation. Do you know Upwork or Toptal site?
They also had the text of the message in a GitHub repo. I tried reporting them to GitHub, Upwork, and Toptal, but I don't think they knew what to do with it? I assumed my scammer was looking to evade banking rules or sanctions, but it could be for either fake employment or actual work with a US-based persona like in this case.
Honestly, this is 100% Upwork's fault. Their platform is a race to the bottom, yet they make it very difficult/impossible for people from countries that can actually afford to make a living with those rates to sign up. So I understand why people resort to this behavior, even though I would never want to work with someone who would actually do that. Fuck those people.
Much easier to just use a real person's identity.
Non trivial stuff for a specific target.
The author's sleuthing is reminiscent of Cliff Stoll's The Cuckoo's Egg from 1989. [1]
[0] Andrew blogs at https://unfooling.com/, according to the article.
[1] https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)
Excellent point.
I've been wondering about ways to test students on "trust/morals" and decided its one of the most valuable yet least well understood qualities. Employers generally rank skills, knowledge, salary, even age/gender/race above dependability/loyalty, or barely consider the latter at all.
Other than lengthy vetting and imprecise security clearance procedures this is such a hard quality to discern, and so costly when you miss the mark. The costs of defection, industrial espionage, and sabotage seem poorly quantified in HR. I think a corrosion of work relations has come about from devaluation of workers qua humans, and the corresponding disrespect people have towards their places of work. Is that inevitable under capitalism/efficiency?
And, harder question... does it even matter? Especially once AIs and remote agents take-over many jobs? Does a corporation care if the worker is an imposter and liar who abused a false identity to get the post, so long as they produce working results?
Is there a kind of moral Turing test here? What do work relations have to do with human-relations in the limit of the present trajectory?
It's definitely a concern when you need to worry about spies infiltrating your company
It's surprising how illuminating the responses are.
I always grown when I have to ask that question because you always get some stupid answers where people say things like “I’m just too organised” or similar spin to make a negative sound like a positive. Frankly I can’t blame them because it’s a ridiculous question to ask.
However this one candidate not only listed off one flaw but three of them. I remember thinking “shut up, shut up, shut up. You’re not supposed to answer this honestly!”
However this ironically turned out to be the reason I hired him. I figured if he is that honest and able to identify his flaws then he must have a good work ethic.
He turned out to be one of my best ever junior hires.
It's an adequate test to filter out folks who are simply incapable of accepting responsibility for their actions, or who have yet to really shoulder enough responsibility to meaningfully fail.
Although maybe that's the point: psychopathic candidates end up making up fairly unconvincing heroic stories whereas regular people look a bit confused and maybe mention something they didn't do because they couldn't trust it was legitimate or ask if their decision to volunteer their time for $cause counts.
It doesn't seem to win me any points.
In fact, it seems to actually count against me, as I'm sometimes accused of being "snobby."
Ah, well...
STORY TIME:
A few months after I had been promoted (the first time) to a manager, one of my new employees was hired by my boss' boss, while I was out on medical leave.
When I got back, I found out that he had made a promise to the new (now hired) employee, that he was not "legally" allowed to do, and had to let the guy do it (because he promised).
He asked me to sign it off.
I declined, sure that my job was in jeopardy.
Surprisingly, he took it well, and it was never mentioned again (until now). He actually had a lot of Integrity, and was uncomfortable with it (it was a mistake; not deliberate).
* take them on a tour of your chocolate factory
* ask them to pull a magical sword out of a stone
People trying to get cheap labor and instead get defrauded.
I feel bad for Connor though.
I wouldn't be surprised to learn that these people think they have high-level skills, but some other factor is preventing them from getting the job. Sometimes it might even be true, but I'm better against them having the skill level they think they do.
Back in the 90s I was becoming a math teacher at one university while I was working on getting admitted into an IT engineer course at another. Strangely enough, the other admittance exam besides math was physics and I sucked at that while obviously I was far ahead in math compared to my peers at the physics preparation course. So someone offered an astonishing amount of money to take the math entrance exam for them, enough to buy a small apartment with it -- and perhaps I would've been young and foolish enough to go with it except for one fact: they offered a falsified national id to go with it. That's five years in prison if you get caught with it and I noped the hell out of it...
In the case OP describes, the situation is similar: it's the documentation that catches you.
"Hi, Billy
How are you?
I checked your Codementor account, it is great.
I am *** **** from Ukraine.
I am 32 and I am also a computer programmer.
I want someone who can help me.
Would you lend me your account?
If you borrow it, I can earn a lot of money.
I will pay 100 usd every month.
Regards."
Yeah this was an incredibly odd and creepy experience that I continue to investigate here and there. I really appreciate the interviewer for letting me stay on and confront the imposter.
Considering how distracted and overwhelmed many managers are right now, some might go years before catching on.
Even if no code got checked in. Chances are, they could also farm out a bit here and there to a friend to make it a harder problem to resolve for the company.
In the days of remote work, it would not surprise me a bit if there are organized criminals doing this 24/7. Just churning out job applications, hiring people off fiverr, upwork, etc. to do the interviews, collect a paycheck or two and disappear. Could easily be worth $5000-$20000 pr. scam, if they manage to get hired.
Is it a good legal/corporate decision to hide the person who claims to be the original and let him listen to the interview with the other candidate? Holy fuck, no. Is it going to be WAY more thrilling? Oh my god yes; how could you not?
And I doubt there would be too many legal or corporate ramifications from allowing someone else to be on the call with their camera off. These are contractor positions, not full-time. Frankly, it's a risk I would take to be able to witness this sort of thing in real-time.
If #2 doesn't get the the potential job, they could come after you for all sorts of things - emotional damages, economic damage (from not getting the job), etc. They might even be able to get the court to force you to give them the job, or at least waste years of your time and mental health dealing with legal hassles.
It's hilarious and awesomely entertaining, but don't do it if you have assets someone could go after, as eventually, someone will.
I wonder what financial fraud they'll need to do to get the funds as I'm assuming UpWork has to deal with tax payments being pulled out.
I posted about this blog post on Twitter and was directed a Reddit post [1] showing how little Upwork seems to care about fake reviews and stolen work product, so it appears Upwork has a history of ignoring fraud, regardless of what their terms say.
[1]: https://www.reddit.com/r/legaladvice/comments/xavntw/freelan...
I dont think it will be too difficult for a scammer to setup a bank account with a false name.
Even if one of them is stalking the other, it's not like they're physically in the same conference room together. the worst they can really do is yell at each other.
Consider the situation from the perspective of the interviewer: They don't have all of the background we did while reading this blog. They haven't even had time to process what Connor #1 said by the time that Connor #2 arrives.
The decision to hear them both out for a few minutes is reasonable, IMO. At that point in time, Connor #1 could have been lying as far as the interviewer knew. Letting them both exist in the meeting immediately cleared up any confusion.
But having one person hide is riskier. It means a random person could eaves drop on my interview by just pretending to me and telling this story.
I mean, super cool though. I imagine my adrenaline would be going as the interviewer. I’d probably chill out when I realized this was identity theft with extra steps, not a Kyle Reese situation.
Incentive to do that would have to be pretty wild.
It is very very unlikely and I don’t judge the interviewer for how they handled it.
Only if the random person somehow found out the meeting code.
When interviewing, you do an actual interview, which is where you research whom you're interviewing to gain good questions to ask so you get good answers back.
The staleness and bore of interviewing is entirely the fault of the individual. Especially when they think whiteboarding compsci topics is meaningful.
If an experienced person does the interviewing asking the right questions / requiring tests / etc might be insufficient to realize the person you are interviewing is not the person who will do the work. I wonder how you would catch this before actually having the "worker" start.
I guess this is a downside of all remote work assuming your company is less than thorough in checking references/documents/etc.
If it's reasonably common, there might be a place for a "reputation protection" service in the tech community - a service that watches various contracting and hiring sites for its members names, then notifies the real person when their name is used.
I could see it being a real issue in the future if someone's professional reputation is tarnished this way. If a prospective employer searched for a candidate and found multiple profiles with very different skills listed, that would be a huge red flag. Worse, if the fraudulent person was hired and then fired, that information could find its way to places where the real person is applying.
If they were able to successfully land a job like this, I could also see that messing with the real person's tax situation.
... I'm off to look for my name on Upwork, I guess.
One of my first employees was doing fantastic work, until his performance fell to 0 - no communication, no deliverables, nothing. Turns out, he stopped paying the subcontractor that was doing his job for him.
The subcontractor contacted me months after I fired the employee and confessed. Apparently, the long-pauses and loud typing during my conversations with the employee was the employee messaging the subcontractor asking for help answering my questions.
So, in my case, the employee was still the front. In this case, they're attempting to eliminate that bottleneck by just having the subcontractor impersonate the employee.