Dave: We are back. Joe, I recently had the pleasure of speaking with Chris Parker, he runs whatismyipaddress.com.
Joe: I use that site frequently.
Dave: It’s a handy service.
Joe: It is.
Dave: And he’s got some stories to share so here’s my conversation with Chris Parker.
Chris: I started whatismyipaddress.com back in early 2000. I think it was January, so we’re just a little bit over 19 years now. It was originally designed to solve a technical issue I was having at a company I was working for. We were having problems with our internet connection, this is ’90s, I can’t imagine ever that happening, and we didn’t know what our IP address was. You can get online, check AltaVista because there was no Google then, Lycos, whatever and there really wasn’t an easy way to find out what our office public IP address was. I thought, “I can be clever. I have a little bit of programming experience. I’ve got an internet connection at home. I’ve got an old Windows in T-Box. Let me put together a website that just answers that question.” That’s how it started.
Dave: It’s hard to think back to a time when just that was difficult information to find and so a utility like that would have been extraordinarily useful.
Chris: It was. Unfortunately, at the time, I didn’t realize until many, many years later that it actually was profoundly useful for a tremendous number of people and I found out by the hard drive getting full of the logs from the website.
Dave: Oh, wow. That’s great. Wow. Your popularity exceeded what you’re expecting there.
Chris: Yeah. I think part of it was because it was never planned to be a business. It was never planned to be much of anything except this was a solution to a problem that I was having, and I thought, “Well, other people might be having the same problem so let me just make a website that solves just that.”
Dave: Let’s fast forward, we’re almost 20 years past that, what’s going on over there these days?
Chris: I’ve built a tremendous amount of content around educating people about privacy, security, online safety. It really alarmed me after a number of years the contacts I was getting from people, people wanting support saying, “Hey, I’ve lost my life savings to this person I met online. I’ve never met them in person but all I have is their IP address. Can you help me find them?” It really was a devastating thing to hear.
People losing their life savings, cashing in their retirement to help this poor person that they met online because they’re having medical conditions, or their kid was in an accident. When you look back at it as a third-party you go, “Oh my gosh!” They can just see red flags all over the place but once you get emotionally connected, people are just giving up everything and at the end of it they have nothing except for, “Well, I’ve got an email address from the email we sent back and forth. Can we find the person from that?”
Dave: How do you respond to someone like that?
Chris: The answer is generally, “Unfortunately, you’re probably not going to get any of your money back. You’re probably never going to see it.” Because usually, these people, at least more recently, they’re using VPNs, they’re using internet cafes, they’re in third world countries where the laws are going to make it a lot more difficult to find the person even if you could find out who the internet connection belong to. Are you going to be able to find that person? Was it a burner cell phone that they were using? It’s just really very difficult these days. You’ve got to watch it from the front-end.
Dave: What are some of the scams that you’ve seen over the years?
Chris: Probably one of the more recent ones, I believe you guys have talked about it, it’s a sextortion scams where you’re getting an email that says, “Hey, I’ve compromised your computer. The way I’ve proven that I’ve compromised your computer is here’s your password which I’ve gotten from one of those data dumps. If you don’t send me X amount of money via Bitcoin, I’m going to post all the illicit videos that I’ve recorded from your computer of the sites you’ve been visiting. You don’t want you and your whole family to be humiliated so pay up.”
Dave: You’ve had some personal experience and folks have come after you as well.
Chris: Yeah, I definitely have had some personal experiences. One of the first websites I built back in the late ‘90s was an online bookstore competing against Amazon—who would’ve thought it?
Dave: How’d that work out for you, Chris?
Chris: Definitely not well. They won the battle.
Dave: I see. Okay.
Chris: But this was back when I was in college and probably considerably more naïve than now. The biggest order I got was someone wanting to ship Bibles to a church in Nigeria. I thought, “Wow. This is awesome. I’m helping people out. I’m helping a missionary work. This is really cool. Yeah, I’ll process that credit card. I’ll go down to the FedEx depot with the FedEx number that they’ve provided and let me FedEx this to them halfway around the world.” About a week later, I get a call from my bank saying, “This large charge has been rejected, refunded, in fact, it’s fraudulent.” I was devastated. To me it was, “Why would anyone want to steal Bibles?” That’s just a horrible thing.
Dave: Yeah, it’s a little insult to injury there, isn’t it?
Chris: It was definitely insult to injury. But that really gave me the realization that people who are out to commit scams really have no ethics whatsoever and they’re going to do whatever they can do to make a buck. Heck, I wish they would employ all this intelligence that they’ve got into constructive things, but they’ve applied to destructive things. They’re out to get whatever money they can from people. They’ll take advantage of oceans. They’ll take advantage of you being a nice person. Often, they take advantage of greed and fear, but they’ll often go after people that are just trying to be good people.
Dave: Back then this was far enough back that I guess it wasn’t widely known that any communication from someone in Nigeria could be a red flag.
Chris: Yeah. Even if those scams were going around like, “Hey, I’ve got $50 million for you.” Well, that’s an obvious scam. The person who wants to place an order, “Hey, that doesn’t seem like an obvious scam.” Looking back at it now, I see red flags all over the place about it but at the time, I was excited. My business is growing, this is a good thing. It never even crossed my mind that was a scam.
Dave: Now, you also had a run in with some folks who were hitting you on the advertising side of things.
Chris: Yep. This was one that, in some sense, surprised me that I got taken for. This was back in late 2012. I got approached by someone claiming to represent a reasonably well-known reputable ad network platform, “Hey, we want to run ads on your site. Here’s the amount that we’re going to pay.” It wasn’t so much that it was suspicious. It was, “Oh, that’s a pretty good value. That’s a little bit more that I’m making from other people; a little bit less than others.” It wasn’t this gigantic, “Oh my gosh, they’re going to pay me triple or quadruple what other people were paying for ad space.” It was right in the mix with what other reputable companies were doing.
Looked at the website, “Yep, this is who these guys are.” Emailed back and forth, had a contract, had the insertion order, did all the regular back and forth that you would do on making a business arrangement. He gave me a login to reporting statistics. After about a week, it just started seeing the stats seem a little long key, the reporting feels a little weird, but not alarmingly so. This was kind of earlier days in ad tech, so a lot of people didn’t have great platforms, but it wasn’t so much alarming that it was a huge red flag.
Then the platform started getting unstable in terms of I try to log into it, can’t connect. It’s down. I emailed the guy, “Oh, we’re having technical problems in the front-end. Don’t worry, the back-end is still tracking.” And then he went dark. The website went down, the domain name wasn’t resolving anymore. I’m like, “Oh, no. I don’t know.” He immediately shut them down on my side, started doing digging on my end and found out that this guy has got the .net version of the company name instead of the .com.
Dave: Oh.
Chris: He had set-up using a stolen credit card, had set-up email web hosting all on stolen credit cards, and he totally copied their site page per page, exactly but just on the .net instead of .com.
Dave: In this case, what was he stealing? Was he stealing the space on your site that you would’ve otherwise sold to someone else?
Chris: Yeah. He was basically taking the ad space on my site and he was getting the ad revenue for it.
Dave: So, he was brokering it?
Chris: He was brokering it but wasn’t paying me.
Dave: I see.
Chris: He disappeared well before invoicing would ever even get close. Kind of the thing that upset me about it is when I called the real company, I finally figured out, “Hey, there’s someone impersonating you guys. You guys need to do something about it.” They’re like, “Well, we’re fairly aware of who this person is. He’s in a different country and we just don’t have the resources to go after him.” It was like, “Oh, yeah. We know this is happening but, oh well.”
Dave: Right.
Chris: I mean, totally at that time I was like, “You need to get your lawyers on this. You need to do everything you can to shut this down. He’s hurting your reputation.” But the reality of it was they were being pragmatic about it. It was very unlikely that they would ever find this guy, very likely that he’d ever be convicted, and very hard to justify when they haven’t necessarily seen the financial loss.
Dave: Right.
Chris: On my side, I was initially like, “Well, fine. I’m going to go to war. I’m going to hire a lawyer.” Luckily, I thought best of it to just, “Well, I have about a couple thousand dollars, maybe $10,000 of ad revenue but gosh, a lawyer is going to cost me a lot more than that. If I never find it then I’ve already been out the ad revenue, now I’m going to be out legal fees and I’m just going to be throwing good money after bad. I just need to chalk this up as a massive business lesson of, you’ve got to have processes in place to make sure that you’ve dotted the Is, crossed the Ts, confirm that people are who they say they are before you ever do business with them.