virodome17 Is A Gmail Scammer

Pardon the extremely-specific post, but I’ve found myself at the center of a bizarre case of mistaken identity and writing publicly about it seemed like the best option to stop it.

Someone with the email address ‘[email protected]’ is emailing small independent online product manufacturers with an identical scam: they’re a huge fan of their products, but cut themselves on the packaging while opening it, and want a refund and damages. Screenshots of two examples are below, minus the photo of a gross bloody finger.

These companies are then contacting me via Twitter, Instagram, and email because they think that I’m the one that sent it. What gave them that impression? Well, take a look for yourself at the Google results when searching for that email address.

Despite the keyword “virodome17” not appearing anywhere on those pages, Google not only returns my 2016 tweets about Gmail’s “mic drop” April Fool’s joke, but also my LinkedIn page.

Combine this with the fact that the scammer signs his name “Andy,” and you can see where anyone would get the wrong idea that I was the sender. Is the scammer even impersonating me? It’s hard to say — “Andy” is a common name, and they’re not using my last name or any other aspect of my identity. They also don’t have control over what pages the Google algorithm returns, so it’s plausible this is just a bizarre coincidence.

Regardless, Google is ultimately responsible in two ways:

  1. The Google algorithm is irrelevantly returning my personal information for a completely unrelated search, leading to this identity mixup.
  2. Despite multiple reports to Gmail of fraudulent activity over the last year, the [email protected] is still actively attempting to defraud others with a Gmail account. I received two separate companies contacting me about this issue in the last 24 hours alone.

My hope is that Google indexes this blog post and it starts showing prominently for anyone searching for the scammer’s “[email protected]” address. But if you work on Gmail or Google Search, it’d be amazing if you could do something about it.

If you’re a company that received this scam and found this page, please post a comment about your experience. I’d love to see more screenshots, and I’ll post an update here if anything changes.

As a fun linguistics side note, I was curious about how both emails end with “do the needful,” a turn-of-phrase I’ve never heard before. Digging into it, this expression is apparently popular in India but rarely used outside of it, meaning “do the right thing.” The Guardian calls it “the granddaddy of all Indianisms,” so I think I have a pretty good hunch where this scammer’s from.

Update: Another company reached out to me on Twitter with the same experience, and I’ve confirmed privately they were using the same template scam. Multiple Google employees also contacted me privately to say they’ve escalated this search ranking issue, so I hope this will be resolved soon.

In the comments, yet another company the scammer contacted noted that the Gmail account is now bouncing, indicating Google’s taken action against it.

And, as predicted, the #1 Google result for [email protected] searches is now this post.

I doubt this will put an end to the scam, but it’ll hopefully end my role in it.

Comments

    I don’t know if this is still the case, but for a while the Google algorithm would favor sites that a given link text would point to. This was how folks google bombed junk previously.

    Maybe this idiot created a bunch of junk pages that pointed his email address at your pages?

    Seems unlikely since those pages would also presumably show up in Google, but there’s nothing. I think it’s just a quirk of their ranking algorithm.

    LOL, I’m responding to one of these scam emails now and landed on your twitter account too! Sorry for the PITA this scammer must be creating for you but thanks for posting this.

    Extremely-specific posts are the best! Looking forward to a follow up explaining the “why” of this. In fact that’s why I came back to check today…

    Yesterday I noticed that Google partially explains the search result when you click the vertical stack of dots next to the Twitter results, specifically “These search terms appear in the result: gmail and com“. So I wondered whether “virodome17” might be the equivalent of, say, the worst misspelling (effectively a hash) of some token highly associated with you, like “andybaio” or “waxpancake”. But if Google’s search algorithm is doing some fuzzy matching here, I’m not sure how, because if I change one letter in “virodome17” or increment the number or remove a letter, the results go to zero. Another hypothesis is that there’s something in the page source (or only visible to the Googlebot user-agent), but not visible on the page that contains/implies “virodome17”, but again, I found no smoking gun after a few moments pecking around.

    Another clue, the text of email reads like a dialect of English other than American. On a lark I Googled the most conspicuous phrase “I am hoping you would do the needful” which returned a number of results suggesting that “do the needful” is a common phrase in Indian English.

    Is it possible that Google returned results linking to your Twitter feed because someone with the Twitter name “virodome18” commented on your Tweets? Or followed you, or wrote a bot to create thousands of bogus websites that link to your Twitter feed, each of those sites stuffed with content to help strengthen the association between the virodome18 name and you? I can’t imagine it’s just a quirk. Given your “footprint” on the web, scammers like virodome18 could try to do some basic SEO tricks to try and take advantage of that.

    When I used to use my two letter Twitter handle (I don’t any more – you can ask me about it elsewhere), I saw very similar “gaming.” Scammers like virodome18 would spawn thousands, if not hundreds of thousands, of sites with content that had just slight tweaks, linking to my Twitter feed. It seemed pointless, but I could imagine it’s possible they were setting up for exploiting the association somehow. Hard to say really. Despite the scammer’s efforts, it might have been completely ineffective. I suspect it was, since the last time I looked, most of those kinds of spammy sites stopped showing up in results for searches of my Twitter handle on Google.

    In any case, I’m glad you’re not cutting your fingers and getting your body fluids on things.

    I just noticed my typo, where I write virodome18 instead of virodome17. Searching for virodome18 actually points back to this blog post, clearly showing the “virodome17 is a Gmail scammer” title. I feel like the typo was a preemptive strike against virodome17, should the scammer decide to increment to the next name.

    It’s possible, but I’m pretty sure those pages would also show up in the search results if they existed, and they don’t seem to. If you do a verbatim search for “virodome17,” virtually no results appear except for the guy’s Sinisterly forum profile (and now, pages related to this blog post).

Leave a Reply

Your email address will not be published.