16 April 2020 | 25 Comments
Recently I mentioned in our 2019 stakeholder report that “2019 was a string of unfortunate events involving a prolonged series of threats, harassment, attempts at character assassination, and triangulation fraud.” While I don’t want to provide more ammunition to the person behind all of that, I’m worried that some of these techniques might be used to hurt my fellow creators and publishers, so today I’m going to share our experiences and some solutions.
I’ll start with the stories, and then I’ll get to what creators and consumers can do to avoid, prevent, and report these scams.
Last summer, I started hearing reports of people buying Wingspan from a website called Daranzon.com. This was at a time when no one had Wingspan in stock, including Stonemaier Games. Unwitting customers would pay via PayPal and even receive a UPS tracking number…but then nothing would arrive.
Eventually Daranzon was shut down, but it was only the beginning. Since then there have been dozens of scam websites, many of which use the exact same template:
While these websites often feature Wingspan and Scythe, our products are far from the only items they feature. There doesn’t really seem to be a pattern to what they offer. My guess is that they have a bunch of filler items to look legitimate, and then they have a few high-SEO products.
Some of these websites advertise heavily on Google, Facebook, and Instagram. I have no doubt that they have scammed consumers (and the legitimate retailers those consumers could have bought from instead) out of hundreds of thousands of dollars.
If it stopped there, it would suck, but it wouldn’t be terrible. Unfortunately, it gets much, much worse.
Last November, I got a call from our friends at Meeplesource–Cynthia and Chris are some of the best people in the game industry. They noticed some suspicious activity on their webstore, and they wanted to see if I noticed anything on my end.
Sure enough, there were a number of “high risk” orders in Shopify that we had recently shipped. Shopify tags orders if they identify them as medium- or high-risk, but they don’t alert you–you have to notice the order and cancel it on your own (and not all high-risk orders are fraudulent).
The orders had a distinct pattern to them. They all had different billing addresses than shipping addresses, and the billing addresses were all in Pennsylvania and New Jersey.
Meeplesource dug deeper, and they soon learned that our companies were the targets of triangulation fraud. Here’s how Meeplesource explains what that means:
They run “cheap deals” and other websites using fake information as if they were located in the US. They collect money for sales by PayPal, and then use stolen credit cards to “fulfill” their “orders” using legitimate websites with legitimate products…. When the true cardholder sees the fraudulent charge, which it is, they dispute it with the card issuer who charges back the merchant. That’s who ultimately pays for the well-intentioned buyer’s Wingspan game…. The scammer is not shut down by PayPal as long as they are able to successfully “fulfill” their buyers’ orders via a stolen credit card purchase.
Stonemaier got a little lucky in that the products the scammer targeted in November quickly sold out, so there was a limit to the extent of the scam at that point. I soon started to receive chargebacks (hundreds of people had their credit cards stolen and misused, and they deserved to get the money back for products they didn’t order). Typically these resulted in us paying back the credit card companies plus an additional fee, all for games that we shipped to people who ordered from the scam websites. At least they received what they ordered, even if they didn’t order from us!
And we’re not alone. Meeplesource has been hit hard too (in terms of both time and money), and I’m sure other legitimate online retailers have been defrauded. At first we weren’t sure if that was the case–if it went beyond just Stonemaier and Meeplesource–but I alerted the retailers on our mailing list after we started to suspect it wasn’t just us. Whenever the scammers can’t get a real company to fulfill the order, the person who placed the order on the fake website simply loses their money (it doesn’t seem that PayPal is helping any of them, using the UPS tracking numbers–the fake numbers–as justification).
I wish that I could end this description with some good news, but there really isn’t any. We are 99% sure we know who the scammer is, based on some early mistakes they made covering their tracks, but law enforcement has so far been slow to act on the many leads we have provided. Hopefully that will change in the future as we continue to provide new and additional evidence.
This is completely unrelated to the scam/fraud I described above, but it involves a similar topic.
A few days ago, I was alerted that a company in Iran, Hezaartoo, was printing a Farsi version of Wingspan. This was news to me, as I had never heard of or heard from this company–we don’t have a publishing partner in Iran. It’s a full-on counterfeit version of our intellectual property.
After I commented on a few of Hezaartoo’s Instagram posts about the counterfeit, I heard directly from several employees at the company. They said they had tried to contact me (they provided a screenshot of an email sent in December to “firstname.lastname@example.org”, which is not a functional email address), and when they didn’t hear back from me–instead of trying to contact me on Facebook, Instagram, YouTube, this blog, Twitter, Skype, a real email address, etc–they decided it was okay to proceed to publish a counterfeit version in Iran.
In talking with the various Iranians who commented and messaged me (including a game cafe I chatted with on Instagram Live), the issue is much bigger than Hezaartoo. Due to international sanctions and government restrictions, companies in Iran have difficulty importing products made elsewhere. And even if they can make a licensed product in Iran, it’s difficult to transfer payment out of the country.
I sympathize with all of that. It doesn’t make IP theft and counterfeits okay, and we’ll never work with companies like Hezaartoo that choose to steal, but it’s opened my eyes to the situation in Iran. I’m currently in the process of finding a legitimate company there and a legal way to work with them, as gaming is a universal language.
What Can Creators Do to Stop and Prevent Fraud?
I’ll break down my suggestions below. As I said, my attempts to get law enforcement to pursue the scammer have not been fruitful–these are all temporary bandages. So if you have other/better recommendations, please note them in the comments.
- Tell the hosting service
- Internet Crime Complaint Center
- contact local law enforcement (which can escalate to the FBI)
- contact your state attorney general’s office
- Report scam ads to their advertising services (Google, Facebook, Instagram)
- Install a fraud-block app (there are many options, and it depends on your e-commerce platform)
- Institute a no-tolerance policy on high-risk orders (yes, some are legitimate, but is it worth the risk?)
- Carry cyber-fraud insurance (I started doing this after November’s incident via www.kreismannbayer.com)
- Contact your lawyer to learn about your actions and costs
- Broadcast it. Let people know about the counterfeit so they know not to support the fraudulent publisher. That’s one of the reasons I’m sharing the news about Hezaartoo here, and I also shared the news with Eric at BoardGameGeek this weekend (I haven’t heard back yet, so I’m not sure if it’s the type of news BGG will actually broadcast).
- If the counterfeited product is being sold on Amazon, here’s some information to consider.
I’d also recommend that creators watch this excellent video containing 10 legal tips from Pencil First Games’ Eduardo Baraf.
- Many of the forms mentioned above–especially the ICCC, FTC, and CFPB–exist to protect consumers, not companies. So if you’re ever defrauded, report it to one or all of those organizations.
- If you see an ad for a product that seems even a little bit fishy, consider reporting it to Google, Facebook, Instagram, etc (wherever you see the ad). As seen in the example to the right, the ads look real, so I don’t know how you would know the difference, though if it’s from an online retailer you’ve never heard of, you should be at least slightly suspicious of it.
- Buy only from publishers, local retailers, and well-established websites, especially if the offer seems too good to be true. This is especially the case for hard-to-find products, and even moreso during the holiday season when scammers prey on consumers who are eager to find the perfect gifts for loved ones.
I think it’s truly terrible that this scammer (and other scammers) have stolen from consumers, retailers, and publishers. I hope you haven’t had this happen to you and that you remain safe, healthy, and secure, especially in these uncertain times.
If you have any additional information you would like to share to help creators identify, avoid, and report fraud, please share your insights in the comments.
If you gain value from the 100 articles Jamey publishes on his blog each year, please consider championing this content!