Latest in Gear

Image credit: jamierigg.co.uk

My other life as a Kickstarter scammer

A personal experience with online identity theft.
309 Shares
Share
Tweet
Share
Save
jamierigg.co.uk

I have the process down to a tee. I start by browsing Kickstarter, looking for projects with active campaigns. There's no specific selection criteria. Perhaps I find one that's just gone live, or one coming to the end of its fundraising window. I reach out with a message, explain who I am and invite the project contact to book in an interview. On the call, I feign interest, ask the right kind of questions and promise a write-up on Engadget in the near future. I leave it a day or two and reach out again, saying I've heard great things from others about a specialist that can increase a project's exposure for a daily fee. A highly unethical move for a journalist, but I set to profit from it, so what do I care? The Engadget article never materializes, of course, because this person isn't me.

I first found out about my impersonator, who I'll call Fake Jamie, from a LinkedIn message that popped up in late August last year. "Did we speak today?" the first line of the message read in bold. The person who contacted me had just launched a Kickstarter project, and apparently, I'd reached out to "help spread the word." I'd even pledged over $100 to show my enthusiasm. We'd set up an interview and on the call, I'd mentioned I know a guy that can improve the reach of Facebook ads. He's worked with various successful campaigns, and his service fee ranges from $150 to $250 per day.

The project creator was seriously considering it but had done the research. Before the interview, they looked me up; they knew what I sounded like, and the voice on the end of the Skype call was not me. They wanted to believe they were about to get press exposure, and that perhaps this highly recommended marketeer could give the project another boost. Still, they were glad they hadn't been duped.

I didn't think much of this first event. If anything I was flattered. Someone out there thought I had enough clout to be the frontman for an elaborate Kickstarter scam. But then the emails started coming in... one after another after another. Clearly I was naive to think, Once thwarted, twice shy.

I've received the odd LinkedIn message from suspicious project creators, but primarily they forward me email exchanges they've had with Fake Jamie, adding the question: "Is this really you?" The formula is always the same: Reach out on Kickstarter, follow-up via email, conduct interview, then talk up the services of someone that can give the campaign a better shot at meeting its funding goal.

Some of the finer details change. Fake Jamie has said on occasion that he wants to feature the project in new crowdfunding roundup column he's spearheading for Engadget; sometimes he says he's just going to cover it outright. He originally began plugging a Felix Benson as the magic-worker, but in the most recent example, it's Brett Pearson. The service they offer changes, too. Sometimes it's the promise of better Facebook reach, maybe, or a more prominent spot on the Kickstarter site.

Fortunately, Fake Jamie raises a bunch of red flags. For one, recommending the services of a marketeer is a bizarre if not entirely unethical move on behalf of a journalist. He also targets a variety of campaigns, several of which, such as fashion projects, would obviously fall outside of the purview of a consumer-tech publication. Not to mention that Engadget rarely covers crowdfunding campaigns anyway, given the inherent risks.

The most obvious red flags, though, are that Fake Jamie doesn't use an Engadget email address nor, for reasons I'm still completely stumped by, my picture. The Kickstarter profile image he originally used isn't me, though it is one of a nerdy type with rectangular, black-rimmed specs similar to ones I wore until recently. But you only have to Google me or go to my Engadget editor page to find an official-looking headshot for all your scamming needs. And as I've said, Fake Jamie doesn't sound like me -- he isn't even British -- but you would have to go out of your way to find an Engadget video I've fronted to note that inconsistency.

Jamie Rigg

Actually me (ignore cheesy pose thanks)

Beyond these cracks in Fake Jamie's facade, I've learned that many Kickstarter project leads are wary by default. I've come across various questionable Kickstarter campaigns in the past, from straight up money-grabs to attempts at selling white-label Alibaba wares for twice the price. Then there are the ones where the updates just stop coming one day, and products that are eventually delivered fall short of the original promise. I've had the pleasure of throwing money at a few of these myself. Kickstarter is a risky place, but that applies to project creators, too.

You can understand why they're targets. Many will have quit jobs and/or blown savings to make this product or that company happen. And they need help, hence turning to crowdfunding in the first place. If someone crawls out the woodwork and says they can drive traffic to a campaign, it's within the creators' interests to listen. Some of the Kickstarter landing page is manually curated, but other parts are algorithmically filled. From what I've read, aspects like how much traffic your campaign page gets, and how quickly it approaches its funding goal factor into your Kickstarter ranking, as it's called. But the so-called services I've found online that claim to game the system look sketchy at best. Then again, any seller of likes, clicks or fake reviews can be characterized as "sketchy," I suppose.

One creator told me about a project that employed one of these services, and with excellent results. What they thought was genuine engagement, however, turned out to be dummy accounts that canceled their pledges just before the end of the funding window. Fake Jamie, then, isn't really doing anything new, he's just adding another layer and an air of legitimacy by promising a write-up on this site alongside his completely impartial advice.

My initial flattery quickly turned to frustration, among many other emotions, as Fake Jamie grew more prolific. The fact he was using my name made me feel strangely responsible, and I began spending an increasing amount of my time responding, day or night, to the suspicious creators who were reaching out. I offered my phone number and spoke at length with people and teams that wanted a side of explanation with the main course of me dashing any hopes they had of appearing in Engadget.

Identity theft is something we're all supposed to be wary of. But I had always pictured it as someone trying to socially engineer my mother's maiden name out of me or stealing my passport from a hotel room drawer. I never imagined someone would take my name and my work, purely to use as a tool to scam others. That's a special breed of violation: Not opportunistic, but premeditated. And the deeper I went down the rabbit hole, the stronger that feeling of violation became.

Fake Jamie hasn't just been pretending to be me but has also established a paper trail of sorts. I discovered a Facebook profile, for instance, that was set up around the time this all started last August. Again, the picture isn't me, but it's another dude with rectangular, black-rimmed specs that could pass as me at a very cursory glance. And I know the Facebook account is supposed to be me because the header image is the same one Fake Jamie has plastered on his website. Yes, he registered a fucking website, jamierigg.co.uk, in order to have a semi-legit email address to run the scam from. The stones on this guy. The banner image on Facebook and the site, I've managed to trace back to royalty-free stock image library rawpixel.com. Once more, it doesn't look unlike me, and it's shot in a convincing setting.

The color version of the stock photo used on jamierigg.co.uk (Photo: rawpixel)

Obviously, I began fighting back as soon as I received that first LinkedIn message. I started up a dialogue with Kickstarter, which immediately banned the account he was probing from. Days later, he had an identical account that was registered several years prior to the banned one. You can change Kickstarter account details, though, so I assume he must've bought one, if that's something you can even do. That second account was also swiftly banned, but Fake Jamie was evolving. He began setting up accounts in other names, including one impersonating Amber Bouman, our Community Content Editor. Others sported more generic names like "Linda from Engadget," but the initial outreach would always lead back to Fake Jamie eventually. Kickstarter has kept broadening its net, killing accounts claiming to be associated with Engadget, and it appears the game of whack-a-mole has worked, at least for now.

I informed Indiegogo about the situation as a matter of course, but Fake Jamie seems to have limited his activity to Kickstarter. I also got Oath (now Verizon Media), Engadget's parent company, involved. After all, Fake Jamie is only impersonating me is because of the brand I'm attached to, and I figured a huge corporation might be better equipped to find the killswitch. I've also logged a cybercrime case with the UK police, but there is little anyone can do or has done beyond the top-level investigating I've performed already.

I know the Skype account he uses (or has used); I even have a recording of an "interview" he conducted with a Kickstarter project creator. But technically he doesn't exist. He is me, albeit with an Australian accent, so there's no telling where he's actually based. And all I have to show are indications he's impersonating me for the purposes of defrauding people. Since I only hear from those suspicious of Fake Jamie, I have no concrete evidence he's ever succeeded. Only email threads with people he's failed to defraud.

The profile picture used on Fake Jamie's Facebook account Facebook

Even his website leads to a dead end. Technically, every .co.uk domain must have a named registrant, as per the rules of regional registry Nominet. But Fake Jamie purchased the domain in August last year through name.com, so that third-party is listed as the registrant. And the website itself is hosted by DigitalOcean, but contacting its "trust and safety team" has been a thoroughly fruitless exercise. "Just because the domain is hosted on our network, does not mean the emails originated from our network," a line in the latest email I received reads. I've provided what I believe is enough evidence of abuse, but from the tone and frequency of Digital Ocean's responses, I see that the company has little to no intention of taking the matter seriously. Business is business, I guess.

The point might be moot now, anyway. So far this year, I haven't had another "is this you?" email come through, and towards the end of last year they were already becoming few and far between. Between Kickstarter banning accounts and contacting those who may have been targeted, plus a now-deleted KickstarterForum post and Reddit thread that warned of the scam at its peak, the jig might well be up. Or perhaps another journalist now has a pestilent online double masquerading as them.

I wasn't sure when exactly to publicize this on Engadget, in the same way one doesn't release details of an exploit until it's been patched. While I rarely think about Fake Jamie these days, the whole episode still doesn't sit well with me. Most of all, it makes me uncomfortable to think about all those who perhaps didn't reach out -- the ones that took it all at face value and were defrauded for their trust. After all, Fake Jamie wouldn't be doing this, or keep doing it, if nobody was falling for the charade.

So beware of the internet, and if you find yourself talking to me online, remember it might not be me. Unless it's on a dating app. Then it's almost definitely me.

Page 1Page 1ear iconeye iconFill 23text filevr