Tag: business

CEO Spoofing Scams

There have been increasing numbers of reports recently of CEO spoofing (なりすまし) of internal company emails that are actually from criminals looking to have the recipient send money somewhere.

A common scenario is one in which the president or some other senior executive asks an employee to send money, usually not revealing that action to other employees. The email will be fashioned to look authentic.

It now looks like I have received a similar email, spoofing me—it was a terrible job, however—as the sender sent to an alias email address I (the CEO) use only for receiving inquiries.

The immediate giveaway was that it was signed in a way I never sign my emails, but rather the way my name is written only on my physical business cards.

It asks me to start a group on LINE (an immediate “thug tell”) and tells me that there is “no need” for me to invite other people. It’s understandable that they don’t want me to invite other people, since they know that would alert others who could alert me to the scam.

I am instructed in the email to send the QR code of the group to the criminal and they will take it from there. Right.

The most disturbing thing about this is not that it is an email from a criminal—millions of emails from criminals are sent all the time—but that it clearly used a written form of my name in the signature that you can only learn by receiving my business card.

This criminally intended email was addressed to an email address that is not associated with a targeted employee, but that had been exposed in automatically harvestable form on a government website for quite some time. I removed the address from that site long ago, but it is surely in the database of cyberthugs and making the rounds, based on the spam that is collected in my spam folder on my server.

The lesson I see from this is that at least one of the persons to whom I have given my physical business card, probably recently, is a criminal. I don’t give my business card out lightly, however.

I can just imagine what happens to the many people who plaster their email addresses all over cyberspace, a very reckless strategy.

Lesson learned. I need to be more careful with even my physical business card.

My suggestions for the increased security risks these days are:

(1) Never put an email address you use for daily business emails anywhere online in a form that can be automatically harvested by criminals. Posting it as a graphic is one option, but even those graphics can be decoded by criminals.

(2) If there is a danger of some other entity putting your email address online (and advantage sometimes, of course), use only an alias email address to avoid disclosing the associated “real” email address that you normally look at and send from.

This enables you to tell where people got your email address. and that is made even easier by creating numerous purpose-specific aliases.

Never disclose an email address online that you can send from as an inquiry address, as your inadvertently sending from it can compromise it by verifying it for criminals.

(3) If possible, print your name on your business cards in a form that is slightly different from what you normally use in daily business emails.

(4) Beware of handing your business card to reception desks at trade shows and to hotel front desks. I slightly suspect that the criminal email I received was because of handing my business card over to a tradeshow receptionist. The organizations that run those trade shows for manufacturers here in Japan are not necessarily looking out for the security of the visitors to the trade shows they run for their clients. I am considering changing the email address to a new alias address on my business cards every time I order 100 or so.

Additionally, although it’s a different problem entirely, I once gave my business card to a hotel and was soon deluged by spam from the hotel group, the spam being sent from some someplace in Southeast Asia, and it took forever to get myself off the list.

The above suggestions about email aliases might not be easy unless you have registered your own domain, but with use of things like Gmail being quite unprofessional and the increasing need to interact with direct clients as a survival strategy, professional translators aiming at surviving would gain an advantage by not using free email for business.

A few suggestions that might be useful

[I have covered some of the points cited here in my IJET-30 presentation in Cairns in 2019, and I hope some colleagues can continue to offer actionable advice to at least the few translators who will be left standing after the AI dust clears.]

There are few survival paths for agency-dependent freelance translators who might survive the AI transformation that has demoted professional human translators to unrealistically low-paid AI repair workers.

One path is to work in-house. Because the agencies controlling most of the market and clients have very few translator employees relative to the volume of translation they purchase and resell, in-house employment will need to be sought at non-translation entities. That is not possible for some freelancers, conditions such as location presenting hurdles. There are, of course, many more hurdles to negotiate in obtaining an in-house position.

If you want to continue translating and are currently relying on work from agencies, just about the only other path is to start actively engaging in the business of translation and behaving like you’re in business. You will need to walk the walk if your goal is to break away from agencies and sell to direct translation clients.

Some of the things you should do first are trivially easy, others are difficult.

  • Stop using free email services for business. Things like Gmail are unprofessional and do not inspire trust. Quitting them is trivially easy.
  • Register your own domain—this will enable you to have your own business email address(es) and a website. This is easy to do and won’t be free, but you’re in business, and businesses have expenses.
  • Build your own online presence with your website. Where you need to be as a professional translator in business is not on a platform such as LinkedIn, with over a billion other users, where the clients you need will not find you. Building a website is not that difficult. One dumb way to do it is to buy a book about it and borrow the html code, after which you can learn to add and modify the site as appropriate. Then start learning about websites. For people not wanting to struggle with html and css, another method, if you can get over the ethical hurdles, is to ask an AI model like Claude to provide you the code for a website. It won’t have lots of bells and whistles and it won’t be very elegant, but you’ll have a website of sorts in no time. Because of the potential difficulty in adding material to your website, however, it’s best not to order a website from an entity that packages the site design with its hosting services, as some make it difficult to manage the site yourself, this leading many people to have essentially abandoned websites.
  • Once you have your website, grow it to demonstrate that you’re still active and can write things of substance, another way of saying don’t take the commonly seen approach of having a website that is no more than a CV and a plea for work.
  • Build a network of specific individuals (known as humans in real life) at entities you want as clients—that’s best done in real life, not just sitting in front of your computer. Online is not real life, and the chances of you reaching those individuals on LinkedIn or the like are extremely slim. Network building in real life is a much more difficult feat than the earlier items.
  • Turn your computer off and get out in the real world, where potential clients hang out. Interactions in those places, high-risk as they may seem, will be much more valuable than hanging out with colleague translators, be it online or in person.
  • If you haven’t yet done it, acquire field-specific expertise that can be convincing when interacting directly, including face-to-face, with a potential client who has that expertise. This must be to a level that is convincing when done in an environment in which you cannot use Google. Direct clients will find you out quickly if you try faking expertise.
  • If you are living in your B-language (source-language) country, acquire spoken ability in that language to a level that would be convincing in live conservations with natives of that language. This is not a given; Dunning-Kruger is not your friend, and this is a particularly critical deal-breaker for native English speakers trying to obtain Japanese clients here in Japan.

The last two items can require an investment in at least time and perhaps money as well.

Also, remember that, unlike the translation-brokerng agencies, you can’t lie about your abilities with impunity. Agencies can lie about their 1000s of experts, but you are alone, and your potential direct clients will discover that quickly; you won’t be able to hide.

Speaking of not hiding, disclose your physical address—not just your country—on your website.

Some of these things might seem unnecessary or be impossible for many freelancers. If that is the case, it might be better to abandon the idea of starting to operate and behave professionally. Without the professional infrastructure, skills, and behavior, it will be difficult to build trust with entities that are themselves operating as full members of their business communities.

A new level of desperation by a Global South Linkedin user: Using AI to automate the process of clicking on click work

These days many freelance translators, post-editors, and anything-they-can-getters have apparently taken to sitting in front of their computers, constantly refreshing numerous click-work sites in hopes of both clicking before someone else and offering a low enough rate to get whatever scraps fall off the click-work table.

Today while scrolling through LinkedIn posts, I was presented with a post from a fellow in Cameroon offering a bot to automate the process, so now you can more efficiently catch those scraps dropped from the click-work table. Brilliant, just brilliant.

Click-work dependency didn’t start recently, and now it appears to be the normal method of getting work for many people even not in the Global South who formerly actually made a living by doing translation.