I don't mind being open about the fact that I pretty much fell for a digital marketing scam enquiry I'd received through my website last week.
I have to give the disclaimer here that normally I am pretty good at spotting scams, which can be summarised by the admission that I am a very naturally sceptical person (both online and offline!) 😬
Somehow this lead enquiry slipped through my usual radar, I think because of the different lead enquiry system I have in place (more on that later).
I wanted to own up to my mistake, largely because if I can still fall for scams having spent (wasted?) the best part of 15 years at a computer, maybe it could happen to someone else too???
Typical Online Freelancer Enquiry Scams
Scams come in all weird kinds of shapes and varieties - that's probably just a byproduct of the evolution of the internet over the years - from your more sophisticated Whatsapp scams that target those vulnerable people who happen to be looking for a fulltime job (often immitating HR departments of genuine legit companies), to those that are just trying to pull some kind of generic fast one.
Most scams involve being sent what you might call "the lure" - something of value/desire is tantalisingly dangled under your nostrils, and because your guard is down somewhat (you really want what it is that they're offering) you might act a bit foolish and end up left with your trousers round your ankles.
So the first thing you need to do is keep an eye out on any "too good to be true" offerings. In my particular case this was a lead enquiry, apparently from a fairly established brand called Nulo (although it wasn't exactly a household name - I'd not heard of them), offering big money to help with a marketing campaign.
I was actually busy at the time / wasn't a lead I could fulfill properly, so I ended up sharing it around... which made me feel a lot worse (which I will come to later!).
Online Marketing Phishing Scams
I think that there are scammers out there who continuously target a range of businesses in the marketing and consultancy space, so their likely hitlist will include:
- Agencies providing marketing services
- Web development agencies offering overlapping services
- Freelance marketers
- Consultants in similar spaces
This is quite a big network for them to try and target with their perfect lead enquiry, and out of the millions of possible options out there you can begin to understand that it only takes a handful of them to fall for it to make it worthwhile. What ease and power have our technological advancements provided for the evil scammers to benefit from!
So - the scammers write up a very appealing job enquiry for most people (ELON MUSKS WANTS TO PAY YOU $1,000,000 TO RUN META ADS FOR TESLA - ARE YOU INTERESTED?!) but you might wonder what the actual scam is - what's the trick?
In many cases it might be as simple as asking you to download a full brief or detailed proposal from the client, linking to what might appear to be a trustworthy PDF but which inactual fact is a masked URL (which takes you to a nasty .EXE file containing a virus, malware or worse).
This appears to be what happened to me with my recent scam encounter - they tried to trick me into downloading some dodgy files.
This might not always be the "play" of the scammers though. Sometimes they might drag out the job/gig offer, and after a period of back-and-forth at some point they might ask for some kind of pre-payment, or for you to share your bank details. Hopefully by this point red flags should be burning your retinas ⛳
There may be other opportunities for scammers to exploit here, but largely they result in spreading a virus/spyware/malware, or in tricking you into sharing sensitive financial info, before they extract money from your account. Perhaps there are other end goals for the criminals - but that's probably the gist of it.
What do Typical Scams (Targeting Marketers) Look Like?
I'm going to share the anatomy of the scam I feel for, and break it down bit-by-bit, to try and outline what it is you should be on the lookout as a marketer / someone working within the digital marketing industry. There's probably bits of this that align across other trades/sectors too.
I should note that the initial lead I received was via my Typeform which is in use on my contact page. Submissions here are saved in a spreadsheet on my Google Drive. I get pinged (via email) when a nead lead comes in. The form is presented within cells of a spreadsheet and this can make it harder (or easier) to spot a spammy enquiry.
Warning #1 - The Contact (Any Existing Relationship with the Sender?)
Sophisticated scammers (which might be classed more as social-engineering, a more sinister and advanced form of scamming) might look to target an existing relationship that you might have built up with someone, but I think for the majority of cases the scammer will likely be an unknown/new contact.
In my case it was a message sent from a person posing as the Head of Marketing at a sustainable pet-food brand (Nulo) in the US. I kind of assumed this was a genuine enquiry because I try hard to attract sustainable brands but it's more likely this was a happy coincidence, not that they were taking advantage of this.
I had no prior contact with this person or with this brand - and I think most scams (aimed at marketers) will follow this path. An important note here is that the scammer appear to be presenting themselves as a genuine employee of Nulo (Brandon Monroe) - which obviously isn't great, and helps to add credance to their scam.
Warning #2 - The Message (What are they Offering?)
Usually when I get a genuine lead enquiry from a business looking for marketing support (eg Google Ads help or SEO support), they're unlikely to talk money in their initial message enquiry.
I think this is a really big red flag if money and budgets are included, especially when they are a big number (hundreds of thousands of dollars for example!).
In my case they were offering huge budgets and had initially sent a very unpersonalised message about Google Ads - but actually in their follow up message they talk about social media profiles (eg Facebook) which isn't something I offer, so there was a mis-match in their messaging which again should be a bit of a warning flag. Even if it's not a scam it's probably a lead from a company that doesn't know what they want - a big red flag in itself!.
I had replied to their initial enquiry because I thought it was legit, and to CC someone in who I wanted to suggest they speak to - another PPC consultant I had been recommended (more on this later) - and it is a bit weird they replied to my message in the way they did.
In the case of the person pretending to be Brandon from Nulo there were other weird behaviours within the email:
- Not necessarily weird but it's rare to have an initial email that goes into so much depth about the project (normally it's an email asking if you are interested in having a chat to discuss a project / check you have availability).
- The budget was written in a strange format ($69,000.000) - what is that about?
- Very high payment terms on offer ($5000 or $8000 per month plus bonus!)
- Weird language used when referring to CPC (represents this as a %) and then uses this to refer to cost-per-conversion (which CPC doesn't usually refer to, it is normally the cost-per-click for ads run).
- The big thing you should be checking for here is the "proper" email address of the sender, accessible if you hit the arrow next to the recipient's name to open up the email headers.
From here you should spot that the senders email address uses a variation of the brand - nulo-eu.com.
I admit I did spot this but had assumed this might be a legit European version of their website - but even if visiting this URL (which I don't usually recommend) I'm taken to an error page.
I think a genuine brand (or a half-decent scammer) would have redirected or pointed that URL at the nulo.com domain.
Sometimes you will find an insecure message flagged here, which is a good indicator of being a scam, and often the sender will be impersonating a different domain (these will often get flagged by Gmail as being a phishing spam, and shouldn't reach your inbox).
What happens if you download the file?
Whilst I can't say for certain what happens if you click the link in this message to get the details of the made-up gig (which definitely is some kind of malware/virus) it's definitely not something you would want to try.
Some virus protection software might protect you from this (and I'd have hoped Gmail would have been better at detecting and flagging this) but I don't think we can always rely on virus protection sadly - what if this had been received via a direct message on social media, or on WhatsApp?.
In the case of this scam I actually went through a lot of effort trying to share this lead within my network - BECAUSE I THOUGHT IT WAS A GENUINE/GOOD GIG!
So, I wanted to share it with another contact and what I ended up doing instead is sending the scam to another great PPC consultant I was recommended (shout out - and apologies again, Sofia!) via a kind suggestion from the brilliant digital PR specialist Jo O'Reilly.
Thankfully at some point the penny did drop in my head when I re-read the message I had forwarded across to Sofia - at which point I warned that it might not be legit / be on your guard.
Side note - this was the very first contact I've had with Sofia, who know thinks of me as a grade A idiot!!! 😂
TLDR; Scams in the Marketing World are on the rise - stay alert!
I have a hunch that these kinds of marketing lead phishing enquiries/scams are on the rise as more and more people look to profit from misleading others on the web.
I've received a lot of such enquiries over the past few months, and have seen other marketers sharing similar scams in the spaces within which I operate, unwittingly falling for them as I also have done.
I think the best advice for you here is to stay alert and be wary with all cold enquiries - especially those unsolicited enquiries that promise huge riches for the successful applicant!