Most of us have seen phishing emails—maybe a dodgy e-mail address asking about details for a bank you don’t even use, or badly spelled requests to reset a password on an Amazon or Netflix account. They’re nothing new—for as long as the internet has existed, people have found ways to exploit others through it—and they’re usually pretty easy to spot. But until recently, I had no idea that there were scammers specifically dedicated to targeting the graphic design community.
Earlier this year, I got an email from Andy Reynolds, a former graphic designer who now runs his own PR business. Reynolds wrote that while his graphic design site is still up and running, it’s rarely used, so he found it odd to get “not one, but two out-of-the-blue requests” for design work, using very similar language and quoting the same price. The first request was from “Dave powell” [sic] asking him to design a logo. “I didn’t respond immediately as I’m concentrating on my publicity business and was not interested in taking on any design, particularly a logo,” Reynolds told me. Months passed, Reynolds forgot about it, and then he got a similar email from “James Browne.”
“I felt unprofessional for not responding to either, as I make a practice of doing so,” Reynolds says. He apologized to “Dave” for the delay, and asked if he could provide more details as to what he needed, then responded in the same way to “James.” There was a little back and forth; Reynolds asked for more details, the client’s website, and images, to get an idea of what this potential client wanted. He was told the businesses were new and didn’t currently have websites. Dave just wanted a logo, James wanted a logo and brochure. “James also wanted the logo to involve an ‘ancient chair.’ Whatever the fuck that is,” says Reynolds.
If that wasn’t weird enough, both men used remarkably similar wording when describing what they wanted. “I was struck that they both used the same language, in that they wanted ‘a mature and presentable design’,” says Reynolds. He then emailed James to see if he had a colleague named Dave Powell who might also have contacted him, since they had asked for the same thing and quoted the same budget ($2,000). James said he did not, and had never heard of him.
Obviously, this was all rather suspicious, so Reynolds googled “graphic design email scam” and found a Reddit thread from December 2018, with many others describing his exact experience. Some people even described receiving text messages with design proposals, which varied from “Christian t-shirt logo designs,” to a logo and brochure design for “BLACK DIAMOND FURNITURE,” “Lambent Dreams Furniture,” or “Ashglade Furniture&Home.” Often these requests were identical, with the only difference being the email address and name of the sender. Most weren’t fooled, and many, like Reynolds, reported the emails to the FTC. “It’s pretty easy to tell a scam when they just dump the entire project on you and never mention cost,” one Reddit poster pointed out. “Also, the grammar is a dead giveaway.”
Despite the red flags, it’s somewhat understandable when someone falls for these scams. There’s the promise of a large pay-check, for one, and many designers are used to doing a good amount of prep work for a potential client before the paid design work even starts. One Reddit user on the thread decided to engage with the scammer, even speaking to him on the phone. “I talked to a guy named ‘James’ who could barely speak a word of English… also, I heard other people who were talking in the background, which made it sound like I was talking to a person in a boiler room.”
A few Reddit users described going as far as making a proposal and estimate, and some even got to the invoicing stage. “I sent an invoice for $8,000 and he was fine with [that], but wanted me to send another invoice of $10,000 so I can pay $2,000 to his consultant to release the raw files,” says a woman who was asked to work on “Marvelous Bridal Couture.” “I told him I couldn’t do that, and then I get a email about him dying of lung cancer.”
The last comment made me curious: What is this scam exactly? What’s the end game? How can scammers possibly profit from asking you to make a logo design? I decided to do some digging.
The “Catfish:” Beth Williams
A couple of months ago, I set up an email address and assumed the name “Beth Williams,” a chipper character from Montana (no idea why, never been there) who’s not shy of an emoji or several. Beth is jovial, homey, believes in the inherent goodness of others—she’s the sort of person who buys box sets and makes red velvet cupcakes. You know the type.
As Beth, I sent an email to “Eugene Hill,” whose email (which is, rather bafflingly, email@example.com) I got off the Reddit threads. I told Eugene that a designer friend had passed on his name because they were too busy to take on new work. Eugene got back right away, with no questions about who’d passed on their message and no requests to see my work (though I/Beth offered to send my non-existent portfolio). I was offered the job right away.
Eugene just wanted to talk money: He was very keen indeed to get a down payment over to me, pronto.
What followed was a peculiarly familiar exchange, in which I was offered the job of logo and brochure design for a company involved in the “importing and exporting of furnitures.” The budget was $2,000 (we’ve heard that one before), but I was told I should let him know if my estimate would be for more than that. He added, “i want you to know that this is the first time I will be doing a Logo design so I can only give you little details then you can decide on designs but I want the color to consist of Black and Gold with an image of an ancient chair” [sic]. Oh, and his website was still under construction.
I asked a number of times for any assets at all—even just a few phone snaps of the sort of furniture he imports and exports. I asked if this was a paid pitch, or if he was just “happy to hire me simply on the recommendation.” I suggested that we chat over the phone or on Skype. But Eugene just wanted to talk money: He was very keen indeed to get a downpayment over to me, pronto. After my third request for images or further details of the designs he was after, I got this reply:
Poor Beth was confused. What was all this about? Why is he on about sports accessories? It sounded as if he were asking if she could use his card details to transfer money into her account, keep what he owed her, then transfer the surplus to another account.
This kind of scam is generally known as imposter or third-party fraud, and it follows the same steps each time: The “imposter” (in this case, Eugene) pretends to be a client with a large-ish budget. They approach a business or service provider (Beth), usually by email, occasionally over the phone, or (rarely) in person, and describes the task in hand. The imposter places an “order” for either goods or services (in our case, design work), and provides a credit card number for the service provider to charge.
Just before the sale is agreed, the scammer asks for a favor of some sort, usually helping them pay a third party, and give any number of bizarre reasons they can’t do it themselves. The payment would be made using their card, with what ostensibly seems to be their money, often with a little extra to cover fees, or even offering a “tip” to thank the service provider for their help.
“They’re called phishing attacks because, much like baiting a lure, they won’t work unless you bite.”
At first blush, it may seem like there’s little risk involved. What could go wrong? You’re just moving other people’s money around—it’s not your own money, right? Wrong. A few weeks later, chargebacks start posting to the scammed party’s account and they realize they’ve been duped. By that time, the fraudster—and the money for the third-party—has usually disappeared.
The Bait: Why Logo Design?
To get a better understanding of the scam, we spoke to Californian intellectual property lawyer Leslie Burns. “The scammer makes it look more legit since they offer to pay via credit card, but then rescinds or cancels the transaction,” she says. “Another possibility is that the scammer is using a stolen credit card number. The payment would then appear but later will get flagged or cancelled when the fact that the credit card number was fake or stolen is discovered. By then, the scammer has his money.”
In other words, if Beth had accepted the offer, she would have paid herself using Eugene’s credit card. The money would have hit her account, and then she would have paid out this other consultant. After that money was cashed by the consultant, Eugene would have cancelled his transaction, or perhaps the bank would have caught on that it was a stolen card. “There can be a significant delay before the credit card processing companies and the banks realize that the credit card was somehow fraudulent,” Burns explains. “By the time it does happen, the target has already forwarded the money to the third party. When the fraud is caught, the bank/credit card company will take all the money back and the designer would then be out the amount forwarded to the third party as well as probable transaction fees. Banks hate this stuff, by the way. So do credit card companies.”
Luckily for Beth, none of this happened. Eugene and I never did manage to get hold of each other on the phone. I left it alone for a while and stopped checking the email account—I’d wanted to chat with Eugene, not least to see if I could do a convincing Montana accent. The last email I sent was on August 20, 2019, and a few weeks later on September 8, he replied that he was still looking for a designer. My non-existent portfolio I hadn’t sent must have been really good.
This type of imposter fraud can and does pop up in all kinds of fields, so why was this one specifically targeting graphic designers? One potential reason is that graphic design is now a more widely recognized field. It’s common knowledge that if you have a business, you need an identity design—or at least a well-designed logo—which makes design ripe for scammers targeting service providers. Asking for a logo in exchange for a fee is the type of straightforward transaction that the scam needs to work.
Those most at risk are freelancers—designers whose websites and emails are easy to find, and who are used to getting clients via word of mouth and communicating primarily over email. And the number of freelance designers is on the rise. According to the 2019 Design Census, 9% of the industry is freelance (up from years prior), and 9% are self-employed. In the UK, one in four creative economy workers are freelance, according to London advice and data platform GLA Economics). And indeed, freelancers make up a large part of the millennial work force. Even if these scams are unlikely to work, especially around internet-literate designers, they do point to a phenomenon worthy of our attention: today, there is a growing number of precarious workers who are working solo, looking for clients, and largely doing business online. This makes for a larger pool of potentially easy targets for scammers.
The Switch: What You Can Do About It
It’s not just the makeup of the workforce—scammers are also getting more sophisticated. One Reddit user reported a scammer telling her he’d said he was “good friends” with one of her former clients, and many have said they’re seeing such scams pop up on usually legit sites like LinkedIn. To help designers navigate such things, Tech Learning Collective partnered with the music venue and arcade bar Wonderville NYC over the summer to teach people how to recognize fake websites and other online scams. It used an “attack/defense” exercise focusing on web-based social engineering attacks, teaching participants both how to launch their own attacks as well as how to defend against them. “Thankfully, it’s easy to spot—and even to perform—these tricks if you have the right guidance,” said the organizers. “They’re called ‘phishing’ attacks because, much like baiting a lure, they won’t work unless you bite.”
Tech Learning Collective uses a helpful analogy to explain the prevalence of phishing scams: “When you ask the patron next to you to watch your belongings, your stuff will probably be safe when you return. But how safe would you feel if the patron at the next table turned to you and offered to watch your belongings when you next time you needed to use the restroom? If you had two different reactions to these scenarios, you already have the intuition you need to understand how the overwhelming majority of cybercrime gets a foothold inside your company, home, or organization’s network.”
Still, it’s good to know what to do when something feels off. So how do you avoid getting scammed by fraudsters targeting graphic designers? I’ll leave you with some tips from Tech Learning Collective and attorney Leslie Burns:
- If you accept credit card payments, be aware that you’re liable for chargebacks.
- Don’t accept credit card numbers by email, as this could further expose you to potential fraud in future.
- In situations like those described above, work with your payment service provider (PSP) to run basic checks such as Address Verification Service (AVS), or Card Verification Data (CVD).
- Never agree to pay a third party, such as an illustrator or photographer that you haven’t hired yourself. “Best practice is for the designer to get an up-front payment for a percentage of their estimated total, another payment at another milestone perhaps, and final payment at delivery of the final files. If there are vendors involved—like the designer hires a photographer—then the client should pay the vendor directly or front the payment to the designer, never the reverse,” says Burns.
- If someone asks you to front money, report them to your state attorney general, as well as the FTC (Burns points out that there are state and federal laws at issue), and if there are companies involved (like Quickbooks, here), “contact those companies and file complaints with them as well,” she adds.