Author: Bruce Byfield
Be on guard against alleged representatives of Linux Corporation offering to buy your photos — it’s a scam. That’s the message that Indian models and photographers should take to heart, if the experiences of Rohan Patwari and Praveen Toshniwal are any indication. They tell a story that, indirectly, shows both how well-known Linux has become and how mysterious it is to people outside the free software community.
Recently, Patwari and Toshniwal individually approached Linux.com with almost identical stories. Both are young models with profiles on Explocity.com. Although Explocity is a legitimate Indian city portal site, their profiles may have allowed those claiming to be from Linux Corporation to locate them.
Both men received emails from someone going by the name Dwight Franklin, who claimed to be a freelance model scout from London acting on behalf of Linux Corporation. Franklin’s message, which is full of spelling mistakes and typos, describes the Linux Corporation as “a renowned company” that “is known as one of the world’s best SMTP, POP3 & IMAP email service providers and web developers.” According to Franklin, the company wished to buy 30 photos at a price of £5,000 apiece for use as screensavers, desktop wallpapers, “flash templates and webmail compose backgrounds.”
The contact information for the Linux Corporation was given as linux.project@linuxmail.org and linux.online@linuxmail.org, using the domain names for the long-running Linux Online site.
Asked to send a half dozen sample photos, Patwari and Toshniwal were contacted by someone claiming to be Gary Ackerman, a project coordinator for Linux Corporation. Ackerman informed each man that their photos “have met this company’s quality control standards” and asked to receive the rest.
In return, each man received a “contract certificate” decorated with a scrollwork border and a red seal at the bottom, with Tux and a Unix logo at the top of the page. As well as repeating the information given by Franklin, the contract described “Linux Company” — not “Corporation” — as “the mother company of Unix Systems” and included such bits of information as “Your photos intended for purpose can be from online portfolios, albums, gallery and archive Photos” and the assurance that “your photos will not be mutilated in form of semi nudity or full nudity.” The contract was signed by Gary Ackerman and a name that is obscured by an Approved stamp, but looks something like “Peter J. Kinksky.” The contract gave the address of the company as #90 Sloane Street, SW1, London and gave the company Web address as either www.linux.org or www.linux.com — the URLs, of course, of Linux Online and this site.
As well as signing the contract, Patwari and Toshniwal were also asked to fax copies of their passports and driver’s licenses. In order to receive payment, each was told to contact the Halifax Bank of Scotland, where the company had an account.
Next, the two men received emails from Bill Pascrell, Jnr., who claimed to be director of operation for the Halifax Bank of Scotland’s Transfer Office and gave his address as hbos.plc@financier.com. This email, which was full of grammatical mistakes, asked the men to pay for the cost of transferring the money that was owed to them, as well as insurance — a total of £335 pounds for Patwari, and £1,035 for Toshniwal.
Reluctant to pay such a sum, Patwari asked if it could be deducted from the cheque, only to receive another email signed by Pascrell, claiming that “International banking laws states, ‘Deduction cannot be made from an insured cheque.’ This is so because it will make the money intended for transfer,fall short of the amount written on the cheque,since it has been insured based on the amount written on the cheque and not less than the amount. If any deduction is done,the insurance policy will become null and void,hence indemnity will not be paid in course of any ill occurrences and this will pose a risk to you.” As “sole trustee of Linux Corporation,” Pascrell continued, “it is this bank’s responsibility to protect its vast funds in this bank,” concluding with “you will be solely responsible for this bank’s transfer charges, which must be done before the transfer of your money and not after.”
Toshniwal expressed his doubts about the transfer charges to Ackermann, who put him in touch with Fred Martins, who claimed to be Xpress Courier’s regional dispatch officer for the United Kingdom. Toshniwal was told that he would have to pay the courier between £350 and £910, depending on how quickly he wanted his cheque delivered.
At this point, both Patwari and Toshniwal started investigating what was happening. During the course of their investigations, they contacted Linux.com, and supplied copies of their correspondence with Linux Corporation and its representatives.
“To say the least,” writes Toshniwal, “I was fortunate enough that I didn’t go through the payment process. [Otherwise,] I wold have lost a good amount of money.”
Conceivably, the two men might lose more than that. Having sent their identification to Linux Corporation, they could conceivably find themselves victims of identity theft. However, so far, that has not happened.
Dissecting the scam
Even at a glance, the exchanges between Patwari and Toshniwal bear all the hallmarks of a fraudulent exchange. The course of the story closely resembles the classic advance fee frauds, also known as 419 fraud.
Moreover, the format alone is enough to raise suspicions. A few typos or grammatical mistakes are common enough in emails from companies, but, without exception, all documents that the two men received were poorly written, spelled, and formatted. In fact, it is difficult to believe that any company would allow people capable of so many errors to represent them publicly. The fact that some of these documents were obviously meant to be form documents only makes their legitimacy more dubious.
In addition, contacting Linux Corporation or its representatives proved impossible. Writing as a journalist, anonymously, or through a third party, and both asking questions directly and when posing as a potential seller of photos, I received no replies to my emails. Using the phone numbers provided was equally unsuccessful, although one call was answered and quickly disconnected.
Tracking the people named in the correspondence by other means was no more successful. A Dwight Franklin is listed on Purestorm.com, a portfolio posting site for models, photographers, and agencies, but did not reply to a query. Perhaps coincidentally, when I opened an account on Purestorm.com, it was suspended within minutes after I had used it to contact the Franklin listed on the site.
The single definite statement comes from Jason Clark, senior media relations manager at the Halifax Bank of Scotland. “Bill Pascrell Jnr doesn’t exist,” Clark says, “Well, certainly not as an employee of HBOS. It’s the second time in a few days I’ve had an enquiry using this name.”
The only unusual aspect of the situation is the degree to which jargon is used to create an air of legitimacy. For instance, the original contact email from Dwight Franklin explains that the photos’ copyrights would be “in accordance with the provisions of the Companies Allied Matters Act as pronounced by the British Corporate Affairs Commission and endorsed by the British Copyright Council.” Although the British Copyright Council exists, an Internet search reveals no Companies Allied Matters Act in the United Kingdom, and no British Corporate Affairs Commission.
Interestingly enough, however, a Companies Allied Matters Act does apparently exist in Nigeria — a fact that, when combined with the alleged English address and the notoriety of Nigeria as a center for email fraud, might indicate that the apparent scammers are expatriate Nigerians living in London.
Similarly, the contract’s mention of common email protocols seems designed to impress. A true Internet provider would probably never mention them — but use of the jargon might suggest legitimacy to those without any technical knowledge of the Internet.
However, the most successful use of jargon is the use of the Linux name. In the last few years, the name has become well-enough known that many people have vaguely heard it, but relatively few outside the world of high-tech know anything about it.
Certainly, neither Patwari and Toshniwal knew any details about Linux (nor should they be expected to). Neither knew enough to know what Linux was, or how it was organized, let alone to appreciate the unlikelihood of it being connected to email services or Web design. Told briefly how GNU/Linux was organized, Patwari replied that “I was fully aware about Linux. Though I didn’t know that the Linux operating system is developed by volunteers and groups of companies — and not by a single corporation.” Similarly, Toshniwal replied, “I had a little knowledge about Linux, and [knew] they also had an operating system, i.e., Unix.”
The knowledge reflected in these replies is not so different from what I have heard from family and friends outside the technical community. It suggests that evoking the name of Linux is ideally suited to such scams, being familiar enough to sound legitimate, but not so much that many people can question its use, or realize that it is not developed by a single company.
Toshniwal says, “It would be great if the United Kingdom’s government and people from this country [India] take serious action against those people who plan such scams and trap innocent people for their personal advantage.” That is unlikely to happen, mainly because the names and contact information are all undoubtedly false. No doubt they are already changing the details of their operation. However, until they do, watch for the names and the scam — and remember that, if an offer sounds too good to be true, it probably is.
Categories:
- News
- Community