I was almost swindled in a small business scam. And while I did not really believe the business opportunity was real, I still had to put pen to paper (or fingers to keyboard?) and share the experience. There were obvious signs along the way, and hopefully, this cautionary tale shows how small businesses get scammed these days.
When I first thought about how to write this, I was unsure of the format to use. Should I just write a LinkedIn post? Should I record a video? Maybe I should just let ChatGPT write my story.
But instead, I chose to go the classic storytelling route, sharing the experience in chronological order… “from the top” as they say. I’ll share some of the telltale signs that appeared along the way, too.
Day 1: The initial outreach
I was working on a few projects for clients and building out projections for the second quarter of the year. After losing a promising new client, it appeared that revenue would take a harsh dip in the coming 60 days.
But then, out of nowhere, I received a text:
Hello, my name is Neri, I’d like to know if you still offer website design services?
For the purposes of this article and my SEO, text messages will appear as italic sentences throughout the post. The text came from an email address at icloud.com, not out of the ordinary for messages like this. In fact, my former realtor and one-time client even used an icloud.com email. (R.I.P. Brian)
However, the email address itself was odd. I’m happy to share it here since it was a scammer: firstname.lastname@example.org. Now that was a red flag.
Red flag #1: Email addresses that are not personalized and have no name attached to it.
But I was looking for some new business and this likely scammer clearly did their research – at least a little bit. I don’t promote website design on my own site and have never outwardly offered it.
Plus, I am not one for building websites anymore. They are time-consuming and clients rarely pay for the resources necessary to build one. But I had just started using 10web, a new AI website builder that could theoretically save me dozens of hours on the process of a website build. So I curtly responded:
Depending on the client, yes.
(My text responses will be right-aligned italic sentences, like you would see on a phone.) Neri took a little bit of time before he or she (we’ll just use they/them) responded with a pretty lengthy and specific request:
Alright I own Galeria Lamanai Restaurant it’s a Spanish restaurant, I’d like to create a website so that my restaurant business can grow. Please let me know if you can handle the design for me so that I can forward you the job details via email. Thanks
Based on the text and how they typed it out, it was clear that the Neri character was not from the United States, probably an older individual, and was not well-versed in digital marketing whatsoever. Again, I was used to this type of interaction. A lot of my business up to this point had been with executives or entrepreneurs who were not marketers and needed some training on the key concepts.
I was interested in learning more about this likely scammer so I gave Neri my email address. Within about two hours I had an email in my inbox with more details. The email included the timeline (two months), the domain name they wanted (Galeriakitchen.us), and a budget range (between $5k and $15k). Neri also mentioned that a project consultant was handling the actual content, so I just needed to create the design – which they stated should be exactly like another restaurant site that already existed.
Again – nothing out of the ordinary here, at least at first glance. Neri knew what they wanted from the website and was pretty straightforward with the needs. Plus, with the website supposedly needing to be an exact copy of another site, if this was real I could use 10web to auto-generate a website using Elementor on a WordPress platform in minutes. Boom!
I responded with my typical policies:
- A price estimate along with a full scope of work
- The requested timeline (60 days) and the deliverables with their corresponding dates
- Payment terms requiring half of the payment upfront before any work was to be done
- Request for a discovery call ahead of the project launch
But then, Neri hit me with the first curveball.
I’m currently out of state to Spain due to my ear issue I’ll be under going some days surgery soon. But I’m prepared to pay a down payment so that you may begin working on the design. This is the reason I am emailing you. I want to get the website up and operating before I return to the United States. I hope this won’t be a problem.
The curveball was not too wild. I figured Neri was from outside the United States, and I looked up the name of the restaurant and Neri’s full name – Neri Balderas. The person was not active on any social media accounts but had posted some art photos on some sort of Spanish website. So, the name appeared to be real. But no social media? C’mon, sir scammer.
Red flag #2: It’s difficult to find the customer online.
It took some time to find anyone named Neri Balderas, but I eventually did. It was just strange that they were not on Facebook, Instagram, or LinkedIn. Or any social network, for that matter.
UPDATE: Since publishing this article, Neri has miraculously emerged on social media!
Day 3: First payment request
I generated the first invoice and emailed it to Neri. Even though they were not in the United States, there were plenty of payment options available, such as Venmo and Zelle. But Neri’s response to my initial request was odd.
My credit card is restricted to making payments with PayPal, Zelle, Chase QuickPay, (Venmo) and Square merchant (Processor) due to my previous experience with them. I want you to set up National Processing Merchant Payment, it’s a good processor for small businesses. Contact their sales representative on here 800-803-4592 to set you up to be able to send invoice payment link to your client to make payment via credit card and ach payment, There are no setup or cancellation fees; you can end your contract at any time I will take care of the charges fees and tax fees let me know your thought.
Red flag #3: Everything in the above paragraph.
There was no way I was going to do that.
However, I did have an old legacy account at Bill.com, which I had previously used for some online payments back in the day. So I dusted off the account and set up my new business banking account. I told Neri that I would send the invoice via Bill within a few days and then they could pay through their system. Plus, Bill had some good security measures in place based on what I read online and through their reviews.
At this point, I was curious as to how I was the target of this elaborate scheme. I texted Neri and asked how they found out about Digital Detroit. The answer was very… boomer.
I heard about you through Google search engine
Nobody under the age of 80 says that. So I asked for a quick follow-up:
Are you located in Michigan?
My local SEO is really good but not nationwide.
I live in Hayward, CA but I will be having 2 branch business location
Michigan and California
Where will the Michigan restaurant be?
Grand Rapids city
Above: my face when reading “Grand Rapids city”
Red flag #4: You don’t ever find out how they obtained your information.
First, local SEO does not extend from Metro Detroit to the west side of the state. Secondly, nobody in the history of the modern world has ever called it “Grand Rapids city” with a lower-cased “city” at the end. And finally, who calls a second restaurant location a “branch?” It’s not a bank…
Now, I am getting suspicious. Let’s see if the payment comes through Bill.com. (you already know the answer)
Day 4: The “little favor”
A day after sending Neri the initial invoice via Bill, they sent me another email asking for some help. Rather than include the whole thing here as I have with the texts, I’ll paraphrase for clarity: the project consultant who was handling the content creation did not have an easy way to be paid for the work and Neri needed someone in the United States to provide him the payment.
So why didn’t Neri go through the same steps as they did with me? According to the email, due to the surgery, it cost a lot of stress and inconvenience. Neri then said they would add a $200 tip for me for the “errand” which I found to be an odd word in the email.
I replied to Neri’s email simply saying I was unsure what they are asking for. The response then went into detail with a very specific amount of money I was supposed to invoice for. And strangely enough, the project consultant needed the exact same amount of money as I did (which did not make sense).
From there, I said I would try to help but then asked for the project consultant’s contact information… but Neri did not respond. I texted later in the day asking for the consultant’s information again. The individual’s name was Chris Skaggs, and I was provided a phone number – and nothing else. Maybe this Chris guy knew what was going on…
Day 5: The project consultant
If Neri was not going to give me an email address, I was just going to call him. I’m not above calling people out of the blue to figure out if I’m going to actually get a five-figure payday. But, as I expected, nobody answered the phone. So I took to the internet to find this guy.
Several searches and social media checks later, I had two results: a creative marketing person in Texas and a video game designer in Oregon. The only problem? Neri gave me a phone number with a San Francisco area code. There was no way this person was legitimate.
I tried calling the phone number again a few times but never got an answer. I even went as far as using BeenVerified (you may have seen it used on Catfish back in the day) to figure out who owned the number. After all, a phone number can be easier to track than other forms of identification.
Red flag #5: The other people in the scam cannot be found, either.
Days 7-14: Failed payment after failed payment
Let’s move forward a few days. As I expected, the payment did not successfully go through Bill.com. First, Neri tried paying via ACH. Bill.com rejected it because there were not enough funds in Neri’s account. Or at least that is what Neri told me…
On day 10, I got a call from a rep at Bill.com to tell me that the ACH payment was suspicious because it was from outside of the country. I told her that would make sense due to the fact that the customer was in Spain. So, I set up credit card payments on my Bill account and then re-issued the invoice. That should make things easier, right?
Neri completed the credit card transaction and it seemed like progress was made. Maybe this was… real?
But now Bill.com was delayed in releasing the funds to me. After I tried to contact their support team, they simply said everything was “under review” so I guess it was not real, after all.
Every day for the next week, Neri texted me first thing in the morning asking about the status of the payment. It was not a modest amount, after all, and Neri persisted under the guise of “moving on the website and branding.” After two more days, Neri finally pushed me for another favor:
Can you just send Chris $2000 now so he can start on the branding?
I’m sorry but I am not moving any money until it is in my account.
So Neri pushed me each day, asking for an update on the account and the status of the funds from Bill.com. Then I randomly received another call from my Bill.com rep.
Neri had tried to pay me with a credit card that belonged to someone else – an insurance agent in California. In addition, the payment set off other alarms at Bill.com, leading them to believe Neri was, in fact, scamming me.
Red flag #6: A reputable company believes you are being scammed.
I immediately texted Neri and told them the scam was up. Neri texted back immediately claiming it was a ridiculous claim and that they would dispute the charge. I sent a few texts back asking why the card was in a different person’s name. Then, Neri sent their last text to me:
I need my money back. I will get back to you later.
Day 17: The aftermath of a small business scam
The next few days were the weekend, and I did not log in to my Bill.com account. However, I did get a few support emails from them stating I had an important message in my account. I figured they would tell me that I was also suspicious and they would shut down my account. So I logged in on Monday to see what the messages said, expecting the worst.
Except I could not log in. They had already shut down my account.
I don’t blame them, although it was bizarre that they sent me multiple messages and then promptly shut me down within 24 hours – so I never had a chance to even read them.
As a final, last-ditch investigative effort, I checked Neri’s name on BeenVerified and compared it to the phone number they had provided me for their consultant. I also checked the name of the insurance agent with the credit card that Neri had used. The results from my investigation were interesting:
- The insurance agent was in California, according to Bill.com, but they could not locate (or tell me) exactly where.
- The phone number was in San Francisco.
- Neri said they were based in Hayward, which is close to San Francisco.
- BeenVerified did not find any record of a Neri Balderas in San Francisco or the larger bay area. The one person found was Luis Neri, who went by Neri Balderas – in Riverside.
For a quick minute, I thought this could have been a legitimate request the entire time. But then I mapped out Hayward to Riverside (below) and it’s a 7-hour drive. Riverside is near Long Beach – nowhere close to the other locations that had been mentioned throughout the ruse.
The only other piece of information I had was the original restaurant website that Neri wanted me to emulate. I looked back at their site, and they were in West Hollywood – 62 miles away from the real Neri, and hundreds of miles away from the Neri who runs intricate small business scams.
What did I learn from this small business scam?
Looking on the bright side, I did learn some things through this small business scam. I learned about a new AI website-building in 10web that did a fantastic job of replicating the original website Neri wanted. If you need an AI website builder to replicate one for you, I highly recommend it.
I also learned that Bill and most other invoicing websites do a great job of protecting their customers and themselves from scams like this one. If I had given Neri my bank account information (which I would never do, but sometimes people are naïve enough) I could have lost everything. I’m sad that I lost my Bill account even though I knew what was going on. But they deserve credit for having those protections in place.
It was also interesting to see how BeenVerified works as a research tool. We all have received spam emails over the years, but what about those people that live on the edge of scamming and reality? Sometimes you need to do more than a Google search for people like Neri – or whatever their name is – who are sophisticated scammers. A site like BeenVerified, which I only knew from watching Catfish 10 years ago, is a great place to start.
And finally, I learned about the anatomy of a small business scam. Digital Detroit is a very small business and we do not make millions of dollars per year. Most of our business is local in Michigan, and we have no plans of scaling up to a billion-dollar enterprise. But people like Neri prey on companies like us. A project like that website is a nice addition to our business, and it would have been nice if it had really happened.
The scam was intricate. Neri sounded like an older business owner that just wanted to open a few restaurants with locations across the country. The texts looked real, and the messages seemed very legitimate. At one point, Neri even asked if I could help with their daughter’s fashion business website. But that’s how they get you.
I also wonder how far the scam would have gone. What would have happened if I had sent thousands of dollars to the fictional project consultant? Would I have been asked again to send money? Or would I be the digital equivalent of a mule sending money from one criminal to another?
Takeaways from the experience
If there is one takeaway to share with others, it is that you need to maintain policies and procedures to protect yourself from cybercriminals. Use reputable websites to handle the exchange of funds. And make sure you know who you are doing business with ahead of time.
For projects with new customers that you do not know much about, always require a deposit at the start. If I had not required 50% upfront, I might have created an entire website before going through the process which led to me realizing what happened. It’s good to require an introductory call via Zoom or in person, although those can be scams, too.
Finally, question everything! Normally, I would not even respond to the text that Neri originally sent me, but I was feeling curious. Then, it led me down a very odd path where I almost believed what was happening. But as long as you question everything and keep your procedures in place, you should be able to avoid these situations from taking advantage of you.