Q&A for my webinar on scams targeting language professionals
As announced during the webinar, I’ll be answering some questions that were asked during the Q&A at the end of the webinar.
Q regarding CV theft scam: Why do you call it “identity theft” if they are substituting their contact information for yours in the CV theft scam?
A: Sometimes the scammers do not substitute the entire name, only the address/phone number; sometimes they substitute part of the name. In many cases this suffices to ruin the actual translator’s reputation. Thus, while these scammers may not ruin your credit score, they may be able to ruin your business. For more info, see the Translator Scammers Directory.
Q: My email address is only listed in the directories of professional associations. How do these scammers get my email in the first place? Did they hack the association website?
A: I believe I can answer this question in my capacity as webmaster of the Northern California Translators Association (NCTA). The NCTA website has not been hacked. I can’t speak for other associations, but NCTA (and also ATA) has implemented various measures to deter robots from crawling the site and obtaining member emails automatically. However, since our members want to be found by real human clients, there’s no 100% foolproof way to keep scammers out, but let clients have access to the member database. In fact, a couple of weeks ago I checked the access logs for the NCTA website and noticed that a particular IP address spent hours going through the member database manually and extracting members’ email addresses in painstaking manual labor. I have since implemented another measure that makes such an endeavor even more cumbersome for scammers, while hopefully not deterring real clients. Since our members want to be found by humans, there are only so many security measures I can implement as webmaster. In the end, it’s up to the individual member to discern whether an inquiry is from a real client or from a scammer.
And when in doubt, all associations have discussion forums for members, where the members can ask other members in case of a suspicious inquiry. For ATA members, there’s the ATA Business Practices forum, and for NCTA members, there’s the NCTA Members forum.
Q: How does email spoofing work exactly?
A: I’ll spare you the overly technical details. But basically, the “from” email address that’s displayed in an email program is only a label that can be changed relatively easily.
A good analogy would be an old-fashioned physical letter. The recipient’s address must be correct in order for the recipient to receive the letter. But the sender’s address can be any address you want if you just put the letter into a mailbox, with sufficient postage, of course. However, you can still figure out where the letter was mailed from, by looking at the postmark. The postmark identifies the post office that accepted the letter, which may be entirely different from the address that’s written as the sender’s address.
Similarly, every email carries the identification of the sending server in the email header. That sending server’s ID can be entirely different from the “from” email address, which can be fake. The sending server ID, however, cannot be faked. I explain in the webinar how to display and decipher the full header of an email.
Q: Do you have any general tips in regards to cyber security?
A: This would fill another webinar by itself, but in a nutshell: Always use a secure password, and never reuse the same password for all your online logins. You can use a password manager or some other system to construct safe and secure passwords. Always run antivirus software on your computer. Then, always have a recent backup of your computer, in case you do click on the wrong link and get a virus. This also helps in case your computer motherboard or hard disk decides to fry itself to a crisp. And never give out too personally identifiable information to random people on the Internet.
Q: If I receive a phone call, how can I tell whether the phone number is spoofed or not?
A: You can’t, really. In case of a company or other business client, I would recommend replying that now is not a good time and you’ll call back in 5-10 minutes. Then I would search for the company in your favorite search engine and call them back under the number stated on the website. You may then be on hold and/or transferred to the right person, but this way you can be sure that you are actually talking to who they say they are.