I got a human being at Google to look into my problem and take action after sending a police report to Google‘s legal department certified mail return receipt along with a letter describing how someone was impersonating me and my business using a Gmail address in an attempt to commit fraud.
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
Wasn't expecting this comment to go far. This took place about a month ago. For those who are interested, here is the address I sent the police report and cover letter to:
Google LLC
Attn: Legal Department – Custodian of Records
1600 Amphitheatre Parkway
Mountain View, CA 94043
In the cover letter I outlined the problem and the desired remedy (shut down the gmail account and preserve IP and other information for law enforcement), and attached two other documents: an annotated printout of the email thread from a prospective victim of the scam (who sensed something was fishy and contacted me through my website) and the local police report I filed to document the attempted fraud in my name.
Someone at Google contacted me about a week later and confirmed that the account was shut down. I don't know if they did anything else regarding preserving data or shutting down any other Google services this person was using.
I also made a report to the FBI’s Internet Crime Complaint Center, although TBH it looks like a black hole that lets the feds say they are "doing something" for ordinary victims.
Having worked in compliance engineering I have also reported through the IC3 portal, and spoken with lawyers and analysts who register with FinCEN (which, to be clear, is maybe just a step beyond "My Uncle works at Nintendo...") and I have heard that those reports do get reviewed and often acted on, but yes, you will typically never hear back from them. (FinCEN has its own reporting structure, but we also submitted certain reports through the IC3 portal as well.)
Honestly, the "acted upon" part needs to be highlighted in tangible ways, otherwise people will be suspicious that nothing ever happens to our reports, leading to fewer reports being submitted.
During the IC3 reporting process I was asked to submit the name of people behind the scam, if known. I knew one of them because the scammer asked for a wire transfer to a named account at a bank in Oregon. Probably a mule.
Does anyone at the FBI or other agencies actually do anything with this information, such as contacting the bank in question or correlating it with other investigations? That's what I would expect if law enforcement were serious about enforcing the laws on the books. But there is no indication that anything happened, other than a confirmation number being spit out on a web page that my report had been received. That's why I made the "black hole" comment earlier.
If the IC3 portal highlighted specific cases or stats ("thanks to reports submitted to IC3, n investigations were initiated/suspects charged/convictions secured") that would really help convince ordinary victims that the government is taking tangible steps to fight this scourge of small-scale scams and frauds that affect millions of people every year.
There are strict rules about not talking about open investigations because of so-called "Tipping-off" rules. It can carry some pretty serious penalties - jail time, fines. I agree it would be nice if the FBI itself made some announcements about these sorts of things, and they might do that in aggregate, but if you're a bank or fintech employee and you're in communication with the FBI you absolutely cannot say anything about it. Even confirming that an investigation existed could be penalized.
> Even confirming that an investigation existed could be penalized.
I didn't know that. But that is another point that could be highlighted on the IC3 homepage or confirmation, along with aggregated data about enforcement actions resulting from submissions from ordinary victims.
My assumption is that they at least have an intern read them, but only act on reports likely to lead to major cases, for some value of "major" that includes cases where terrorism, large sums of money, or Important People are involved, or more generally cases that could lead to seriously good/bad PR if pursued/ignored.
De minimis non curat FBI.
They may also flag certain cases to be passed to other relevant authorities like FinCEN, the Secret Service, the Postal Inspection Service, various military investigative services, or even the intelligence community (assuming NSA doesn't already intercept the mailbox which would be a very reasonable thing to do).
"Acted upon" in these sorts of bulk data contexts typically means "charge them for an extra count when we pick them up for something else".
It's like the internet crimes version of putting the serial number of stolen property in a police report. They ain't looking for it, but they'll tack the charge when they inventory a crackhouse bust and that number pops up stolen.
They aren't dedicating serious resources to speculatively looking at the reports and trying to assess patterns like some TV cop looking at a series of dead hookers and saying "aha we have a serial killer on the loose".
Oh that's a good idea! I got locked out of my YouTube premium account and they kept charging me. Couldn't get in contact with anyone at YouTube because the YT premium support line is behind the YT login. So I had to change my credit card number. Somehow they still kept billing the card, so the credit card company said they'd have to close my account entirely to get Google to stop billing me for a service they wouldn't let me cancel.
That's a built-in thing; Visa, MasterCard, Amex all have updater services that ensure trusted merchants get the replacement card seamlessly. This leads to annoying edge cases like yours.
BoA issued me a new card after a fraudulent charge, the next year on the same date the same fraudulent charge showed up (annual billing cycle). This happened for more than three years because after they issued a new card they updated the service that billed the fraud with the new number.
You have to realize that once Google flips the bit on you and they think you are trying to scam them (or others via them) you are absolutely dead to them. They don't want to hear from you ever again. You're banned to hell. The fact that a billing system didn't get switched off isn't so surprising; the internal architecture of their systems is so complicated that it would take multiple human lifetimes to explain how it all works.
> The fact that a billing system didn't get switched off isn't so surprising; the internal architecture of their systems is so complicated that it would take multiple human lifetimes to explain how it all works.
There was a lawsuit about a decade ago where a company was owed about $500k in ad fraud refunds and Google kept saying they had paid it, it ended up being an incomplete part of their software that had inadvertently withheld $75 million!
You can create as many virtual cards as you want. And surprisingly, I've rarely encountered a vendor that rejects them. I set one up for pretty much every recurring service charge, just because it's so easy to do.
It costs a few hundred a year for personal banking, but if you register an LLC (which in MO costs ~$10) you can use your EIN to get a business account. Did
it a couple times, once for my non-profit and once for my consulting LLC.
That sounds like what Privacy.com does, but the virtual cards can still charge right through after you shut them down. NYTimes did that to me, after my trial sub expired, and Privacy did nothing to block it.
Are the virtual cards credit cards or hooked up to your account (i.e. debit cards)? there's a big difference. Also, they're not a bank so FDIC insurance and other bank aspects are different. Not what I'd personally use for my long-term savings-oriented finances, but fine for more operational things.
That's an uphill battle, I tried doing that with a gym once who said to cancel, I had to come in only on Tuesday in the morning when the manager was there with a certified notarized cancellation form.
No, I did not identify myself as a lawyer. I just wrote the letter as a victim of a scammer using Google services to impersonate me.
But I was careful to use certified mail return receipt as google’s legal office knows that this can be used for documentation and proof if the case ever goes further.
In other words, having a paper trail is more likely to get acted upon.
IMHO its doesn't matter who you are. You don't need to be a layer to protect yourself in the right way. if you send a letter with evidence, certified with return receipt, if as a business, or a person, this is a good chance of liability if you don't respond if it ends up in court. There can be consequences for non-reposes. I have always had good results using this method. But you got to be clear about:
A. What the problem is
B. Why you think there should be a response (I.E: What could happen if a response does not get acted on from your perspective, what harm could be continued, ect.)
C. Set a requirement for a resonable response time and some kind of fee schedule or possible outcome if there isn't a response in a reasonable amount of time.
Yes, they could easily spin up another gmail address.
The other part of the scam involved sending money to a bank account in Oregon with someone else's name attached to it. I notified the bank in a similar manner and hope they shut it down (not confirmed; my next step is to notify the Oregon banking regulator about the incident).
The hope is that once the bank account and gmail account are shut down the scammer will stop or move on. But I am concerned this could be a whack-a-mole problem that doesn't go away.
You can't send high volume through new accounts. Usually when a gmail account is being used for real spamming, it's an established one that's been taken over and the spammers are just discharging the accumulated reputation of the account.
> Usually when a gmail account is being used for real spamming, it's an established one that's been taken over
My incident is unlikely to be a real account being taken over. The name format was "firstnamelastnameofficial@gmail.com" and I have a somewhat rare name ... probably well under 40 people worldwide with the exact spelling.
Yes, with an actual payment (processed credit card transaction), a signed contract with clear payment terms, or a convincing promise to pay such as a written instruction to send an invoice.
A lot of startups have made the mistake of thinking "customers" are the same as "downloads of a free app" or "people who created an online account" or "people who signed up to be notified of the actual launch."
Accelerators once encouraged this ("you have to show progress to investors on demo day!") but unless you have actual paying customers it's not a real business.
On the afternoon of October 6 1989 I attended a Fugazi concert in Cambridge Mass, probably one of the best live shows I've ever seen.
Last year I casually searched YouTube for some shows I had attended in my youth and this one popped up, recorded by a high school classmate who happened to be there, filming from the side from a balcony or rope rack used by stagehands.
I then went to the Fugazi Live Series archive to see if there was better quality audio (the band recorded most of their shows from the 1980s through the early 2000s, and posted almost all of them in the archive). That October 1989 concert was in the database (https://dischord.com/fugazi_live_series/cambridge-ma-usa-100...), and there were some comments by others who attended, but there was no supporting media other than a single photograph.
So I emailed the address on the website:
Hi, regarding this show someone created a video recording from which the audio can probably be extracted. It's on YouTube here:
I was at the show but not near the stage. It was a memorable show for me and many others according to the description on the official Fugazi archive.
The uploader of the video (my high school classmate, who I believe was a member of the FUs at some point) says:
"In 1989, I went to the First Congregational Church, In Harvard Sq. Cambridge Massachusetts, in hopes of getting into this Fugazi show. Unfortunately, the promoter pre-sold the tickets to people he knew. Thus there was a large crowd of people trying to get in without tickets. Fortunately for me, I had been friends with him before, and he let my girlfriend and I in. Once inside, I asked Guy if I could videotape the show, he told me to go ahead... as long as I sent a copy of the video to Dischord Records... I never did... I just wasn't responsible enough in those days to bother... anyway, here it is, the full show, in all it's faded and low resolution glory... so go ahead, enjoy, and share."
To my surprise, Ian MacKaye responded! While he could extract the audio from YouTube, he wanted to know if I could get in touch with my high school classmate who might still have the original tapes which would have better quality. I did, and my classmate actually got the tapes (from his old girlfriend, who had them in a box in her basement) and shipped them off to Ian. At some point they will be properly digitized and put on the Fugazi archive.
I had a long interview with Ian about archiving which I hope to post on my blog later this summer. To make a long story short, he's amassed a huge collection of materials from Fugazi and his previous bands (most notably Minor Threat) which includes concert audio, studio audio, video, photos, concert flyers, and every piece of fan mail they received at Dischord House from the 1980s to the present day.
He's very systematic about organizing the archives, thanks to interactions with trained archivists including several working for the federal government (he's based in Washington DC).
Minor Threat was before my time, but I've seen Fugazi and The Evens a few times. Ian always puts on a great show. He seems like a really thoughtful, detail oriented guy. I'm not surprised that he keeps organized archives or that he found the time to respond.
My blog is related to my genealogy business, not music. But the story about archiving old audio and video is relevant to the struggle of many genealogists to preserve old media, a frequent topic on the blog:
> I was able to distill a few bottles of home made apple wine that I had screwed up some additional flavorings on. It took a couple of hours for 3 or 4 bottles.
My grandfather used to make something called Apple Jack using a method known as freeze distillation. He'd put fermented cider (widely available in rural New York) in a cask and place it out in the barn on a really cold night. The water would freeze, but the alcohol would not and could be tapped.
So "the water freezes, the alcohol does not," is not actually how freeze-distillation works. The entire batch freezes solid. You then let the block melt and collect the first meltings. If you start off with a 5% ABV solution, freeze it, and then melt off half of it, you'll end up with two halves where one is maybe 7% ABV and the other is maybe 3% ABV. You will need to reprocess those halves to further concentrate (yes, both halves, you want the alcohol from the 3% portion, too, but you have to do them separately or you're back to where you started) with your level of efficiency being limited primarily by your patience and how cold your freezer can get. Probably not cold enough to get above 20% ABV [0].
One problem with freeze-distillation is that it's more like removing watery alcohol and taking everything else than it is like in boil distillation where you're trying to remove alcoholic water and leave everything else behind. So you still need to make multiple runs to get the ABV up, but boiling will remove impurities, whereas freezing will concetrate them.
[0] IDK, that's just a guess, I'm not inclined to look it up. I'm not writing a reference guide here.
Just telling you how my father remembered it. Not sure how big the cask or barrel was, but if time and temperature are controlled, how will that affect the rate of ice formation inside the cask? What happens to the remaining unfrozen liquid in terms of ABV?
Sorry, it's just that these kinds of threads have a lot of people repeating things that aren't really all that correct. It creates an image of things that doesn't match reality that continue to persist in the collective conscience. Like how hibernation for bears isn't really "the bear sleeps all winter." Anyway, neither here nor there (I'm still not happy I lived 35 years of my life believing bears curled up in caves and take 3-month-long naps for winter. It's preposterous on its very face).
Solutions of alcohol and water are weird. If you had a solution of salt and water, you could boil 100% of the water out in one go and have 100% of the salt left over. With alcohol and water, you don't get that. You get a continuum of concentrations that changes over time, as the distillation progresses.
And there is more than one alcohol that you're dealing with, with different phase change temperatures for each. So it's a bit like homeopathy. At any particular point, you are dividing the batch into two sections, one that is increasing on the gradient of alcohol concentration and one that is decreasing. But each part of the batch will actually have some proportion of each chemical in it. All you can do is change the relative proportions and repeat until you've changed the ratios such that the one you don't want is negligible.
Water's freezing point is 0C, of course. Methanol's is, like, -97C. Ethanol's is around -115C. Something like that. So "the water freezes first". But it's not just water. It will be some proportion of all three, as well as trace other acetyl alcohols where the flavor comes from. It's just that more of it will be water than what you started. On the flip side, the ethanol freezes "last". But again, it will be a certain proportion of all three. So the "remaining, unfrozen liquid" increases in ABV over time. But the frozen liquid is not free of alcohol. And if we were trying to run a production distillery, we'd want to reprocess the frozen portion to extract the remaining aclohol from it as well.
It's an infinite series on which we're performing a manual, physical Taylor expansion approximation.
One of the nice things about boiling distillation is that it is the methanol with the lowest boiling point and the water with the highest. So, you can more easily bracket your product away from the beginning parts of the process to avoid the methanol. You can't really do that with freeze distillation, because the methanol is sitting in the middle between the water and ethanol in the phase change spectrum. Thankfully, it's impossible to make yourself go blind from in-good-faith home brewing and distilling. The amount of methanol you can produce will--at worst--give you a wicked hangover. But that's why more people don't do freeze distillation.
The New Yorker also comes with Apple News+ subscriptions (part of an Apple One plan that many people get for extra iCloud storage) which further includes a number of top-tier and local news orgs such as the Wall Street Journal, LA Times, SF Chronicle, Times of London, etc.
I believe this is what we call small claims court in the United States. The threshold varies by state, but it is a very effective way to deal with recalcitrant companies both large and small.
Amazon still charges ebook publishers the same “delivery fee” for each sold digital copy (US$0.15/megabyte) as it did in the mid 2000s when Kindles came with 3g chips.
Maybe the technical requirements at the time were a good excuse but as soon as you demonstrate the market will tolerate that why on earth would you remove it?
To turn around the famous quote: "Amazon's margin is someone else's opportunity". :)
The Amazon flywheel is all about reducing costs to consumers. The moment that stops happening, consumers can get caught by offers elsewhere, and the flywheel can start to go backwards.
That's not exactly true, they expanded the free tier from 1 to 100GB/mo (1TB/mo out of CloudFront) and dropped egress from ~20c/GB to ~9c/GB. This was due to pressure from the Bandwidth Alliance formed by all the other Clouds and spearheaded by Cloudflare.
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
reply