Studio News from John, Part 8: Fighting Scammers

As production continues on "My Love Affair With Marriage", there's not a whole lot for me to do while Signe is drawing, except to send out the W-2 forms to the actors who performed voice-overs (and who are all legally considered employees, as I mentioned in a previous post) and also 1099 forms to the vendors like the sound studios, the film's editor and consultants.  

So I've been spending my days on other matters - like getting stills and work-in-progress photos sent out to someone who wants to write about the making of "Rocks in My Pockets" in his book, or making sure that Signe's recent trips were properly credited to her frequent-flier mileage accounts.  And it seems a good portion of my day is now spent fighting spammers and scammers.  

Spammers are easy, I can deal with unwanted e-mail by marking mail for my "junk" folder, or by unsubscribing from as many lists as i can.  Then there are the phone calls, and I can't remember the last time someone called the studio and didn't offer to get us a better deal on our internet service, or get us to the front page of some Google list in some way or another.  

Do you remember the last time you were excited to get a phone call?  I think back about 20 or 25 years ago, when everyone started getting cell phones, for a while the attitude was, "Hey, someone's calling me on my cell phone, isn't that great?"  But these days it's more like, "Who the hell is calling me on my cell phone?  They've got some nerve..."  

Then there are the e-mails you get when your web-site has a contact form of any kind.  The spambots travel the interwebs, looking for these contact forms, and when they find one, they send you an e-mail that says something like, "Hi, I saw your web-site and I like it a lot!  But I can help increase your traffic by adding a link to it from my site.  Will you please do the same?" and these are pretty easy to spot because they're so generic, they don't make any specific references to WHAT they saw on the web-site, and the marketing they're offering is incredibly vague as well.  

But Signe got a spam that offered her $500 per month if she would run ads on her web-site, and she asked me to look into it.  She said she had a dream where somebody paid her money every month to do nothing.  I had to tell her that I didn't think it was real, that it was probably a scam just to get her to follow a link, and that spammers prey upon people like independent filmmakers with fantasies of easy money.  God knows what could have happened if she followed that link, the next thing we know, her computer could be infected with malware and her bank information's been passed off to Albanian hackers who will gladly transfer away all of her money to Russia. 

So now we've circled the wagons here, and we're trying to defend ourselves as best as we can, but the struggle continues every day.  Last month we were had an issue with the new scanner, and Signe asked one of our interns to find out if the scanner could output directly to Photoshop, which would speed up the process (and with 145 scenes to scan, any streamlining of the process would be an incredible help.)  The intern Googled "Epson scanner" and called the first phone number that came up, then before we knew what was happening, she had granted someone remote access to Signe's computer, and they were telling her that the computer was full of viruses and we needed to pay $100 for software that would clean it up.  Great, except that wasn't the issue she was asked to research, and I don't think she called the real Epson help line.  Thankfully, we didn't give out Signe's credit card number.  

These days, you can't trust a link that will protect your computer from viruses - when chances are good that following that link will GIVE your computer a virus.  What a scam, right?  First they infect your computer then they charge you $100 to get rid of it.  It might even be funny if it weren't so horrible.  The internet is like the new Wild West, it's a lawless place.  Having unprotected sex with a stranger is probably more virus-free than following a link on your computer. 

Sturgis got an e-mail reminding him to renew the domain registration for - which is a URL we used during the Kickstarter campaign last year to help promote the fundraising efforts.  Since Sturgis is away in Portland, Maine appearing in a play, he asked me to look into it and renew the domain, since we may need it again in the future.  I'm going to re-print the e-mail here as a public service to illustrate our problem.  Can you spot the indications that this e-mail is NOT legit? 

Screen Shot 2018-02-01 at 3.48.18 PM.png












The first tip-off that something wasn't right was that link at the bottom - I clicked on it and it led me nowhere, to an invalid page.  I know, I shouldn't have even clicked on a strange link, I was really living dangerously there!  But what the heck is "Sochi2018"?  The winter olympics were held in Sochi, but in 2014!  And Sochi's in Russia, does this mean that Russian hackers are really trying to trick us?  

The second clue that something wasn't right was the return e-mail address, which has an "AU" at the end, short for Australia, and looks like it comes from some kind of travel club.  What does that have to do with domain renewal?  

The third clue is the "call to action" with the tight deadline and the veiled threat - if we don't respond to this notice by January 20 (and it was sent on January 19) we could LOSE THE OFFER, and by implication we could then lose the domain if we don't act RIGHT AWAY.  

Finally, after staring at this e-mail for about 10 minutes, I realized there was nothing legitimate about it at all.  Nothing added up, it made no sense and I had to conclude that it wasn't real, just spam.  Somebody looked up the domain registration via WHOIS and found a web-site that was up for renewal in a few weeks, and decided to send an e-mail to the owner on file, Sturgis, and try to get him to follow a link, or maybe renew the web-site with THEM instead of the company he initially registered it with.  

I went to the file cabinet and found the receipt from the initial domain registration, which was made through - and not some travel club site in Australia, as it turns out.  Sturgis gave me his GoDaddy account information, and I signed on to find out that the domain was due to expire on February 5 (NOT January 20) and was already scheduled for automatic renewal, so there was no need to panic, or follow strange links from spam e-mails.  

Right now we're not really using that domain, and going there just re-directs the user to Signe's main web-site.  But we could use the domain again in the future if we run another fund-raising campaign.  So we don't want to lose it - we could transfer it to Signe's SquareSpace account, but that takes about 12 or 13 steps, you have to unlock the domain, request an authorization code, review the DNS and privacy settings, etc.  It's easier just to let automatic renewal happen and then we can re-visit the hosting issue this time next year. 

On a related note, after the Kickstarter campaign was over last February, Signe and Sturgis wanted to move forward with making a new web-site for the film "My Love Affair With Marriage" and they decided that the simplest URL to register would be - makes sense, right?  Only they found out that this URL was already taken.  How was this possible, was there another movie being made with the same exact title?  

This is where I stepped in to do a bit of internet sleuthing - because we can use the WHOIS domain look-up in reverse too.  I found the name and contact information for the person who registered that domain, and they just happened to do that right in the middle of the Kickstarter campaign.  I also found out this person had registered several other domains, all of which had names similar to projects that were hot on Kickstarter last January.  She saw the KS campaign for the Yobo Hammock Stand, and she registered - she saw the KS campaign for HANA Luxury Playing cards, and she registered - she saw the KS campaign for Tempus Spin Coin and she registered

Ah, so it seemed we were dealing with a Domain Squatter, someone who buys up a bunch of domains cheaply in hopes of selling them back to companies for a profit.  It turned out she had registered 57 domains, none of which were active.  She may have registered the URL but the makers of that product decided to sell their merchandise with the URL "" instead.  Good for them. 

Signe called the Domain Squatter (I won't print her name here), who said she needed that domain to help promote her line of pet food.  Right, because you see a lot of dog food these days with names like "My Love Affair With Marriage"... Does that sound like it comes in beef flavor, or maybe chicken?  Anyway, Signe offered her $100 for the domain name, but it seems like there was a difference in opinion over the URL's value, the Squatter figured it was worth $8,000 instead.  Again, it's the Wild West out there, with no laws against this sort of thing. 

Signe declined the Squatter's offer, she figured we could always use a slightly different URL, like, or another similar variant.  But the good news is it's almost one year later now, and that domain will be coming up for renewal, so perhaps she won't renew it.  Since we last spoke to her, the Squatter appeared on ABC's "Shark Tank"  to pitch her line of dog food.  I haven't seen the episode yet, but maybe the Sharks offered her a deal, and she can now get out of the business of shaking down filmmakers and hammock makers by buying up the web-sites they might want and selling them back at 80,000% mark-up.  We should find out in a couple weeks.  

No lie, as I typed this up, there was a knock on the studio door.  Someone's knocking on every door in the building, handing out his business card for his printing services.  Compared to the people who are sending us phony e-mails and robocalls EVERY DAY, there was something about this guy that was refreshingly honest.  Unless, of course, he was casing the building for places with no security systems that he could come back and rob later.  Am I being too paranoid? 

Come to think of it, he did look a little bit Albanian...