

Ask HN: How do you handle an impersonator? - throwmeaway

Hi,
I work at a non-tech startup (financial services industry, not evil), and we're having trouble with someone trying to use our firm's name for their own ends.<p>We first found out about this through one of our founder's friends who was based in the UK branch of a major bank. He told us that instructions had been given out to ignore emails and calls claiming to be from my company. Till date we have never spoken with them, but they are a long term target we hope to convert.<p>We've seen internal emails discussing the issue, and it seems this individual had called multiple times to obtain phone numbers and names of people in the department. Bizarrely, he tried to impersonate the Financial Times and our firm in the span of ten minutes. Fortunately his voice was identified and the bank sent out an email letting people know he was a phony.<p>We suspect that he was part of some sort of unscrupulous recruitment agency, since he was primarily focused on getting names of people to talk to. We figured it was best to let the issue slide. A key fact though, was that the faker knew that we were active in country A, and at one point said that he was based out of Country A.<p>Now a few weeks later, we found an account on LinkedIn trying to masquerade as a Director of our firm. The account is based out of Country A, and I suspect that it is the same idiot trying to run another scam. I've spoken to LinkedIn and I am getting his account flagged, hopefully I can prevent some of the damage he may end up doing.<p>It is particularly painful for my company - our reputation and brand is one of the most important assets we are building up, as the industry really values trust and security when dealing with its vendors. 
We are worried that a reputation we have spent 4 years building up is being damaged by some dead beat, who we cannot figure out how to get a hold of.<p>Has anyone faced something similar? If so, how did you handle it? Any advice or suggestions are welcome.<p>PS: Please excuse my word and sentence usage, I will try and clarify as much as I can. Thanks in advance for any thoughts or input!
======
jacquesm
The first order of battle would be to figure out who this is.

Once you've done that and it turns out you are in the same jurisdiction or one
where you think justice will be done you could have a lawyer draft a nice C&D
and send it off to him by registered mail. It's all fun & games until the
doorbell rings.

If the impersonator is abroad and in a jurisdiction where he won't be bothered
likely the harm they can do is limited.

If he is near you and he does not stop then the next step would be to sue him
for trademark breach and anything else that you think will stick.

What I'm wondering about is what he is trying to achieve, have you figure that
out? Is he trying to damage you, steal your customers, defraud someone?

Knowing the perps goal will go a long way in to figuring out a strategy to
deal with him.

~~~
throwmeaway
A C&D sounds like exactly what I would like to send him, along with a few
other things.

Regarding his motives - at this point I am leaning strongly towards Greyhat
recruiting, but this guy seems to be doing moronic things, which complicates
analysis.

Case in point: He went ahead and spoke to the head of the department to ask
for names of people he could contact. Now a shakedown of this nature is best
started from the bottom - targeting people who don't have experience and can
possibly get bullied. Talking to the HoD is hubris/stupidity or the desire to
malign us. We can't be completely sure what.

We were concerned that this guy was trying to ruin our rep. Fortunately since
we have evidence that he tried to represent the Financial Times as well, it
suggests that he was being opportunistic in choosing us.

It is possible that he may be trying to defraud someone - an outcome we had
not considered.That would be something we need to find out.

I think the next steps will have to be talking to the original bank he
targeted, and seeing if we can find some way to help them, and get more info
on this person. Perhaps that will give us a lead and we can find him from
there.

What concerns me is that there is little I can do to prevent this stuff, aside
from dedicating someone to figure out every possible place our name can come
up and making sure that those locations are searched regularly.

~~~
jacquesm
Here is a google search that will turn up some useful reading material:

[http://www.google.com/search?hl=&q=corporate+identity+th...](http://www.google.com/search?hl=&q=corporate+identity+theft)

I wish you best of luck with this, it's a complicated issue and the
authorities are not set up to take care of it.

------
JonnieCache
Sounds like it could be part of some sort of spear-phishing or other social
engineering.

If I was going to phone up people I didn't know and lie to them to get them to
tell me privileged information, I'd definitely pretend to be from a real
company, and I'd choose one that would have a real reason to be contacting
them.

The fact that they were only looking for peoples names and numbers points
towards this even more tbh. Working their way up the chain of command and all
that. Let the police know in any event, so you have a trail of deniability if
things turn nasty at a later date.

Or they could just be dodgy recruiters. Greyhat recruiting is pretty much
social engineering anyway.

------
GiraffeNecktie
You need to get his address and have a lawyer send a very sharply worded
letter that lets him know that he's in your gunsights. Don't write this letter
yourself, or if you do, have a lawyer check it over before you send it. There
are laws against making threats (even against someone who might be breaking
the law).

------
ams6110
I'd be inclined to try to find a tech-savvy private investigator (no idea how)
to track them down. These guys have backchannel contacts with law enforcement
and can find out things that you may not be able to on your own.

------
runjake
If you're in America, I may be able to help.

~~~
throwmeaway
Thank you very much for your offer;sadly we're a bit further afield.

