Ask HN: The "Japanese Developer" Scam
I've been the target of a new scam, (or a new twist on an old one) that I haven't seen anywhere else. It seems to be targeted at web developer freelancers. I'd like to tell you about it and see if you've experienced this as well.
The scam is as follows:
1. A person who claims to be a developer from Japan contacts you after finding your details on a site (in my case, Braintrust). They claim to be working with a team of web developers, and they even have a porfolio of sites they've worked on in the past.
2. Because they are from Japan, they can't easily get US contracts and US dollars.
3. So they want to use your freelancing profiles (Upwork, fiverr, etc) your IP address (Using TeamViewer), and your US bank accounts to secure those contracts. They'll split the profits with you 50/50. All you have to do is let them apply to jobs using your account, show up for the online interviews and pretend that you're the one doing the work.
The first time I was contacted, I spoke with the person over Google Meet and Discord. He seemed sincere, and I entertained the thought because I had worked for companies that employed overseas contractors previously. I knew it was legal and possible on some level, though I refused to let the person use my freelance accounts or access my computer, and I refused to break the ToS of any freelancing site.
He still agreed to my conditions and claimed to be willing to work on any gigs that I could get. We chatted for several hours, but after I slept on it, I blocked the person from all communication.
After that, I was contacted two other times, from two different email addresses, with similar introductions that I suspect lead to the same scam.
This is very high-effort on the part of the "scammer", involving video calls and long chats lasting hours, which makes me question if the person isn't sincere, but just ignorant about the legal issues at play here.
Has anyone else encountered anything like this?
Besides breaking the ToS of freelancing sites, what would be the legal ramifications of agreeing to such an arrangement? If a Japanese person who says they live in Japan contacts you and speaks English that isn't super broken, you can safely assume it's a scam. Roughly 2% of Japanese nationals living in Japan can speak English at this level. If you want to really double check - tell them "it's cool how you guys also take the plastic ring off plastic bottles, not just the cap" If they say yeah we do that that is 100% confirmation that they do not live in Japan. Super tech-specific one - ask them you want to make sure they're Japanese so you'll ask them to write something every developer can write in... 5-7 seconds max. When they confirm and are waiting, ask them "at your previous/current company or your friends' companies, how do people name their personal channels? what is the specific kanji ppl put at the end?" This kanji is super hard to google and even harder to write phonetically, but every Japanese engineer who has ever used Slack knows how because there's almost like a "hack" for writing certain other characters that end up getting converted into that kanji. This is so fun - 1 more: Ask them what their favorite hummus flavor is. Basically no one in Japan (even people who have lived outside of Japan) knows what hummus is (I guess Slack even tried to teach them by making it a notification sound lol) I googled his discord identifier (not the display name, but the one you can't change), and it is apparently an Indonesian surname, so I think you're right, he's not Japanese at all. I got the same emails and even messages on LinkedIn for years. They usually start with a sincere message, and then ask "do you know upwork?" Last week was my first encounter with a Japanese developer. I've been curious about the scam as well. My guess is that they're setting up accounts to pay you with stolen credit cards, and then you're going to wire that stolen money back to them (as it's clean now?) But who knows. We need a Krebs on Security article. It's good to know that I'm not the only one! So what's the scam? I've been getting similar outreach and my imagination fails to come up with any bad scenario, apart from maybe getting a residential IP, if you let them use yours. It might be a circumvention of ToS, but not everything you find morally dubious is scam. (I'm still very curious though. Feels like there's somethingore to it but my imagination fails me. Unless you're specifically targeted as a person-of-interest aka spearphishing) I don't think it's exactly a scam at this point (unless if you mean scamming Upwork or the clients). My guess is that these individuals are located in less favorable countries (ie: Russia) and need a proxy to export their tech skills. Japan sounds less scary than Russia. > but just ignorant about the legal issues at play here. The persons have no legal issues. They'll probably ask for their share to be paid in crypto. You have the legal issues but then you will also be getting 50% for doing nothing. There's an interesting podcast about this: https://www.youtube.com/watch?v=XpkNGMSWbYk Wow thanks! At least the person I spoke to asked permission to impersonate me first. > So they want to use your freelancing profiles (Upwork, fiverr, etc) your IP address (Using TeamViewer), and your US bank accounts to secure those contracts. They'll split the profits with you 50/50. All you have to do is let them apply to jobs using your account, show up for the online interviews and pretend that you're the one doing the work. This is Nigerian Prince level of obvious red flags. > they can't easily get US contracts and US dollars. > they want to use your US bank accounts to secure those contracts > I refused to let the person use my accounts > He still agreed to my conditions and claimed to be willing to work on any gigs So how you gonna get the money to them? Isn't that the whole reason they claim they can't deal with clients directly? It's relatively easy for a US person to do an international wire to Japan. It wouldn't be a big deal to do a monthly wire from all the development they're supposed to be doing. That doesn't mean clients would want to do it. There's a component of real business in being a US face and accepting US checks at a US address for outsourcing. Of course, coming from a cold email, it's almost certainly a scam, regardless of the alleged country of developers. We hadn't hashed that out before I broke contract with him. I suppose there would be some way to wire hm 50% of the money. Western Union wire transfers maybe? I've never sent money overseas, so I wouldn't know. edit: I clarified in the original post that I wouldn't let him use my freelance accounts. Of course I wouldn't also give him any of my banking information either. I like this post because it starts with a description of what it’s like to be a potential victim and ends with > Besides breaking the ToS of freelancing sites, what would be the legal ramifications of agreeing to such an arrangement? A question that would be useful for a potential attacker to help assuage the fears of future potential victims How so? If I were to pretend to be a potential attacker, and if I knew how this would be illegal, I would either A) lie to the mark, or B) tell the mark how to do this legally. In case A, I would be at risk of being found out if the mark does a google search. In case B, there would be no problem. So I don't see how this would help a potential attacker. Lying is already a given when it comes to scammers. This is the 419 Nigerian Prince scam, they say they will share millions with you but need your SSN, bank account number, etc to establish a transfer. It is an old scam. https://en.wikipedia.org/wiki/Advance-fee_scam in this case they are Japanese web developers. The old saying goes, "If it sounds too good to be true, it most likely is." The person I spoke to didn't say anything about needing my SSN, or bank account number, or any sort of "advance-fee". "Nigerians" don't usually offer to win contracts, show their faces on the webcam, chat with you for hours, have you stand in for an interview, complete work, and THEN ask for 50% payment after it's all done. I don't think it's this. Not even close. I have heard about the scam before somewhere. If not 419, then it is something else. It definitely isn't? Doesn't sound like the nigerian prince scam whatsoever. They do probably just want a Upwork/Fiverr account, will they do less than legal things with it and get you banned, yeah probably.