
Our Favorite Scammers - DiabloD3
http://www.head-fi.org/t/701900/schiit-happened-the-story-of-the-worlds-most-improbable-start-up/5130#post_11289247
======
dejv
Schiit Happened is one of the best HW startup book I ever read, so many gems
inside. Somebody extract the chapters from the forums and created pdf out of
it (with permission of author) and you can download it from here:
[https://mega.co.nz/#!RU0SVD5I!9Dn7tK_tXDvjoRCfJ7vV5JFn43-lu1...](https://mega.co.nz/#!RU0SVD5I!9Dn7tK_tXDvjoRCfJ7vV5JFn43-lu1avhxivLnbMWqE)

~~~
voltagex_
Is the linked story in that book? The chapters don't line up.

~~~
DiabloD3
The three newest chapters form a new book, starting again at chapter 1. The
linked story is from the new book, the pdf is the old book.

------
Slartibreakfast
It's good to see a business sharing stories of having been scammed - a lot of
times start-ups are so involved in the process of growing the business and
making sales that they forget to remember to train their sales team to have
good operational security.

A start-up that I worked for got taken for over $100K by a scam artist who,
believe it or not, used a picture of a famous middle-eastern leader on a fake
driver license to open an account - I'm not kidding. The guy was instantly
recognizable from any recent TV news story, and yet the scam artist pasted
that picture onto a drivers license (that had otherwise legit information on
it) and faxed that in when he opened an account. After opening the account,
the scam artist then filed a change of address, which shifted the shipping
destination from a swanky neighborhood full of mansions (where the scam artist
had stolen an identity from) to a dilapidated building in a really bad part of
town. The operations team didn't catch any of this, and shipped the
merchandise.

They were only able to get the feds to catch the guy when he showed up and
tried to pull off a second heist a few months later.

~~~
noonespecial
I suspect the photo was a kind of test to see if the target was asleep at the
wheel. If the photo had been instantly recognized, the scammer would have
simply moved on in search of softer targets.

~~~
Slartibreakfast
The irony of it was that they already had a whale on the hook. The person
whose identity that they had stolen was someone with an incredible net worth.
They actually had direct access to his bank account and funded the account on
our side with an ACH transfer. The bank reversed the transfer once the guy
figured out his account had been hit, but by then it was too late on our side
and the goods had already gone out the door.

I have no idea why they used that picture - they took a template driver
license, populated it with the guy's personal information, pasted the picture
on it, then faxed it to us. I suppose they figured it would be so grainy from
the fax that it wouldn't be obvious, or maybe they just did it for the lulz.

------
ericabiz
Great post, and something not many people consider when starting a startup.

This happens with any mid-high ticket item you sell, unfortunately. I ran a
hosting company for 6 years and we had rampant fraud even back then. The
"tells" were often the same--high-$ orders submitted by someone who hadn't
talked to you first, etc.

I do remember a couple of gems from my time running the company. Once, I had a
friend who lived in the UK at the time call during UK business hours to verify
that a customer had actually placed a large order. (This was back >10 years
ago when calling the UK from the US was quite expensive--it was easier and
cheaper to have my friend call!) It turned out the order was for real, and we
got a happy new customer.

On the flip side, we had a customer order and pay for a server for 6 months
with no usage. Suddenly he started using it--for spam! Usually when this
happens it means the server has been hacked. Not in this case, however. The
dude was a bona fide spammer wanted by the FBI. We seized the server, called
the FBI and reported it.

The guy had the nerve to then charge back ALL of his 6 months of hosting
through Amex. (Turns out that was part of the scam--Amex allows you to charge
back exactly 6 months of purchases.) We filed a counterclaim with Amex, but
they sided with him (any merchant who accepts Amex will not be surprised by
that story.) We contacted Amex directly letting them know their card holder
was a spammer, but he charged tens of thousands of dollars a month on the card
and we got nowhere. I suspect in this day and age of social media, we would
have gotten a lot farther with it.

Years later, I heard Microsoft, of all companies, finally tracked him down and
got him arrested:
[http://www.nbcnews.com/id/18955115/ns/technology_and_science...](http://www.nbcnews.com/id/18955115/ns/technology_and_science-
security/t/one-worlds-top-spammers-held-seattle/) He had the nerve to use his
real address with us, too, which I hope helped the FBI's case. I have the
dubious honor of having talked to him on the phone when he was spitting mad
after we shut his server down.

There are some real whackjobs out there. Unfortunately, you'll often meet them
when you run an online business.

------
bequanna
"No processor, no matter how good, and no matter how iron-clad their policies
may seem, will take 100% liability for scammers. Yes, even PayPal, with their
“100% guarantee against fraud.” This is the reality. There’s a lot of fine
print for them to hide behind."

My experience having a merchant account that accepted credit cards was that
payment processors accept absolutely NO liability. The merchant pays 2-3%
(more for AMEX) and is usually on the hook for 100% of the fraud.

~~~
dedward
Exactly. If there is a chargeback, it's a chargeback. That comes straight out
of your merchant account, you don't get paid.

Further, your monthly fees and percentage may go up if your chargeback rate is
not kept at a reasonable rate... IIRC there is a fairly direct relationship
there. If you can manage to be a low-chargeback account, you can negotiate
better deals.

------
DiabloD3
Schiit is probably my favorite start up of all time, and it is great that
they're writing about it, and I suggest everyone read the entirety of the Book
of Schiit.

The Book of Schiit TOC is here: [http://www.head-fi.org/t/701900/schiit-
happened-the-story-of...](http://www.head-fi.org/t/701900/schiit-happened-the-
story-of-the-worlds-most-improbable-start-up#post_10194517)

Disclaimer: I have a Schiit Bifrost Uber USB and Schiit Asgard 2 on my desk.
They are amazing, worth every penny.

------
mojuba
Just finished the book, and yes it's probably one of the most inspirational
books on startups out there. Getting too technical at times, then too
businessy...

Got me thinking that this is a kind of an open-source business. Apart from
financials pretty much everything else is done openly through this "ongoing
book": R&D, production issues, sales, customer support. Kudos to this guy and
a big thank you for sharing all this.

(Though I still don't get the reasoning behind the name of the company. I
honestly wouldn't have bought anything from them if not this brilliant book.)

~~~
meowface
I can't say I understand the name either; I think it may have been a mistake.
But I am a happy owner of a Schiit amp and DAC, and I absolutely love their
startup tales, so they could call the company "Horse Fuckers Ltd." for all I
care.

~~~
mojuba
The name you give is a statement of a kind. Like it or not it's your attitude
towards your own products and your customers too. Schiit was meant to be cheap
but great quality, so I could interpret it as "somewhat sophisticated shit",
hence the unusual spelling. I know, it was meant to be funny and slightly
controlversial, but you always have a wide choice of names that meet both
criteria. And what you choose in the end is your statement.

------
mojuba
Why isn't there a centralized black list of addresses that are known to have
received fraudulent orders? Just like with IP addresses that are known to have
spammed.

~~~
DiabloD3
Dynamic IPs, proxies, (purposely or accidental) open APs, stolen phones, etc.

~~~
zo1
He's referring to physical addresses, not "IP" addresses.

------
joshmn
Not to be spammy or anything, but since I had a great response to helping out
four different teams with fraud detection, I'll drop this here:

If anyone experiences things like this, or are wary of it happening to your
business/startup/whatever, and would like some advice on how to either avoid
it or identify it, my email's in my profile.

I wrote the book.

------
chx
So how do you prove yourself if ID is no longer accepted? It does happen that
I travel to somewhere and need various stuff stat. Especially if it's a
consulting gig stretching to months. You can't prepare for everything, hell,
sometimes you can't prepare for anything, it's just put down the phone, throw
clothes in the suitcase, airport, next you can breathe a little you are on
another continent. Crazy life.

Obviously, I only have a Canadian credit card. In the past, this was settled
via a quick passport and/or credit card scan. And I understand you guys... but
please understand me as well.

~~~
gaadd33
Do you buy lots of high end audiophile stuff on very short notice for
consulting gigs? If so it seems like cultivating a personal relationship with
your vendors would probably pay out in spades. If not, I'm not quite sure what
your problem is unless you need high end audio gear in every hotel room you
visit?

~~~
chx
No, but I suspect if high end audio gear dealers rule ID scans out then others
will too.

