How to not get scammed: A general guide

May 6, 2018
How to not get scammed: A general guide
  • [​IMG]

    After seeing a number of complaints about getting scammed on both this site and elsewhere, I decided to make a post here that includes a few tips and procedures to avoid getting scammed.

    I myself have been scammed around 4 times in different ways, and have had people ceasing to respond after the completion of a build around 7 times. This during about 2 years of commissioned building.

    This post will include a number of the methods for scamming I have seen used (so that you can avoid them), as well as a number of procedures I recommend to minimize the chance of getting scammed, and to minimize the damage if you do get scammed.

    It also includes a number of ways to keep your clients or commissioned builders/devs etc happy with you using the procedures.

    Now, to start off, a list of ways you can get scammed.


    For builders/developers
    1. Worlddownloader: A possible client asks to see the build on the server itself so they can accurately judge what the build looks like, mentioning screenshots are not always accurate. While you are showing them the build, they will activate worlddownloader for a few minutes, which will begin downloading the chunks around them to the client, this can go on for as far as the computer has memory.

      After that, they stop the downloading process, wait for it to save, then exit.
      they will be asking you questions or making remarks during this time to stall.
      the speed depends on their internet connection so even one minute might be dangerous.

      Once they leave, or you ban them on suspicion/to be sure, they can just pick the world out of their singleplayer world files, and do what they wish with it.

      COUNTERS:
      1. Anti-worlddownloader: This server plugin is meant to stop worlds from being downloaded. I do not know how it works, but I do know it blocks only 1 version of worlddownloader, another version can bypass it. not 100% guaranteed effective.
      2. Skype Screenshare: Enter a skypecall with the client, go to "call" and click "share screens" when on minecraft. Fly through the build yourself explaining various things about the build and answering questions. They do not need to talk, only listen, so few should have an objection to it. safety: 100%. Not all clients will be willing to do it, but most should. I recommend this method at all times.
      3. Single world: If you MUST let people on your server, I recommend using both anti-worlddownloader and this method. Make sure there are no builds of value in the world they spawn in. Use worldedit schematics to isolate the build in a separately created world that contains nothing but that one build.
    2. Payment after:
      This is where a buyer asks for the build (or other product) to be sent over before payment, claiming they need it urgently but can't pay yet or other versions of this.
      NEVER agree to this. The chances are VERY high that they will never complete the payment, leaving you stuck with a product that someone has in their possession.

      COUNTERS:
      • 50/50 payment. The buyer pays 50% of the price before the content is sent. You send the content. The buyer pays 50%. This guarantees they are at least willing to pay money at all, if not the full amount. If they run off with the content now, you can sell it nonexclusively and maybe still get part of the other 50% back.
      • Sellfy or similar sites, where people pay for the build then automatically get a link.
        • Note: It recently came to my attention that it's possible to charge back on sellfy products, and that the buyer automatically wins. For this reason it may not be an ideal method of selling for everything.
    3. "Build/develop on my server":
      This is where the commissioner asks you to do your work on the server itself. Nothing shady, normally, but it makes it all too easy for them to ban you once you are done, and never need to worry about you coming back on to grief/disable the server.
      I've had this happen 3 times myself, leaving me banned the first time, and the server offline the other 2.

      COUNTERS:
      • Up-front payment: You ask for the person commissioning you to pay a percentage of the agreed price up front. This ensures that they were meaning to pay to begin with. It is possible for a commissioner to refuse this and still be legit, as this approach leaves THEM vulnerable to being scammed.
      • Leaving your marks: While building or developing, integrate something that is not immediately obvious but will cause the commissioner no end of trouble should you suddenly not be there anymore. This is easiest for a developer, as people commissioning a plugin are not as likely to be able to find something you hide in the code of a plugin. For builders it may be something like rigging the build with TnT or using some redstone contraption to destroy it if you don't come back.
        I don't generally recommend this approach since it will leave you still scammed and is a childish form of vengeance.
        Instead, hiding signs or pieces of text in the build or code with your name on it, saying you made this (and weren't paid the agreed price) will allow you to claim credit whenever.
      • Public contract: You come to an agreement with the commissioner, not in skype or private message, but in a public thread. Or you make them agree to certain terms and their agreement being published. Or sign a legally binding contract. This in combination with the first method is my personal recommendation, as it binds both sides to the agreement, meaning your commissioner is as sure of you as you are of them.

      For Server owners




    4. "I'm from Planetminecraft, here to review your server. Gimme OP":
      One of the oldest and most used tricks in the book, Nobody with any experience or common sense falls for this method anymore, at least not if it is worded this simply(If you do, you deserve to be scammed).
      However, some people are a lot more subtle about it, and will often offer a service that requires OP on your server. Examples are people that will randomly come online (if you're open to the public) and begin to complain about plugins you obviously don't have and tell you, in no uncertain (but often vulgar) terms, what should be done better.

      Half the time these are trolls that will leave if you don't kick them first, but sometimes they will ask/tell you to give them access to edit and install plugins, in order to improve the server. I doubt many of you would fall for this regardless, but some of them can be very subtle.
      In general, don't give people OP on your server unless you know them personally and trust them, or have a legally binding agreement with them and know how to find them should they destroy or take over your server (at least until you kick them off from the back end)

      COUNTERS:
      • Don't give anyone OP if they come on your server asking. Require them to apply through a form either on a website forum or via google document forms (or similar). Ask them things like age, skype and possibly an email address, so it is easier for you to trace them at need
        Also ask for an interview via skype, teamspeak or mumble, so that you can speak with them directly. This is often a barrier to people that are planning to troll you or otherwise misuse the operator permissions they are asking for. It also gives you an idea what type of person you're trusting with your server.
      • [In addition to the above, you could also give them a slow track to the top. First give them 'helper' or jrmod permissions, involving things like /mute and /kick that are annoying if misused, but not devastating. Make sure players can report misuse of permissions elsewhere than just online on the server, or someone can just keep /kicking people before they can file a report.
      • If they're a builder, give them creative mode only at first, and have them build something in a 31x31 plot or so. If the build is of decent level (ask a known skilled builder for opinion on a place like PMC or minecraftforums or this website), they are at least a legit builder.
      • Have them work on a separate server. For both devs and builders, this is an option. Have a smaller server(identical pluginwise), connected by bungee or similar systems, where they can do their building or developing. Make sure to retain control over its back end as much as possible, as they can easily take it over with that but leave you paying for it.
        Once their build or plugin is complete, simply transfer it to your actual server.
        Once they've been working like this for a while, you can maybe trust them on your actual server.
    5. Up front payment for a commission:
      As I already mentioned in point 3, sometimes people you commission will ask for part of their payment up front. This is perfectly normal and is often to prevent you from chickening out halfway and leaving them with hours of work unpaid. However, it is as easy for them to simply run off with the money and never start work in the first place. So it helps to take care with situations like this.

      COUNTERS
      • Have them build/write it on your server. If you back it up regularly, you at least have a half-done build on your server if they run off with the money. see point 4 for further info.
      • Don't agree to payment before they start building/developing, but agree to payment after a certain amount of progress has been made and shown. This means they have at least started on the build. If it has part of it actually done, you may insist on a transaction including that part, using the 50/50 payment of point 2. Only worth it if the sum is at all significant to you, as it is quite a bother for both you and the builder/dev.
    6. Stolen content:
      This is if a builder/dev offers you content that is not theirs. Many people residing on this website will have experience with this. In my time here I've seen at least 5 people try to sell builds that where not theirs/they did not have permission to resell for. I will not name them as that would be blacklisting, but I can imagine that anyone with a few months here will have seen at least 1 attempt.
      If you commission someone, be wary if they finish their work unnaturally quickly. For very skilled builders it may be possible to finish quicker than you think reasonable, but this is rare. Its a different story for teams of course, but then it wouldn't seem unnatural.

      COUNTERS
      • Ask for progress pictures (generally accepted as form of proof in the builds section of the market). This will let you verify that they were present during the development of the build, which usually means they built it. Not as easy for plugins, of course.
      • Google (image) search. Since half a decade or so it is possible to reverse-search content. You input an image into image search (or a piece of text into the searchbar), and it will show you similar content or possible pages of origin. This has helped me identify dozens of builds that looked familiar.
        Note that you finding the content elsewhere does NOT mean they stole it. It may be that they posted that content there under a different name.
        I made a mistake like that myself not so long ago, when PMC user C0smicC0w came to sell a build of his under what is probably his real name or another alias. I could not recognize him so I reported him, but a mod vouched for him and he explained it was his content.
        Generally, post the link to where you found the content in their thread/the conversation and ask them to verify they are the one that posted there.
      • Pretend to resell/ask for community feedback.
        If the content is offered to you privately, ask the community for feedback on it using the pictures provided (or other proof) as reference. If someone immediately shouts "I know this cause this or this", your alarm bells should be ringing. ask for immediate proof/verification from the person doing the shouting.
        That doesn't usually happen immediately though, so give it a few days. If nobody has expressed doubt, chances are low it is not their work/possession.

    GENERAL EDIT:
    • Impersonators
      • This has recently become an issue: Impersonators. People add you on skype and pretend to be someone from this website. It has already resulted in lots of confusion and scam reports on users that have never scammed, but have been impersonated.
        COUNTERS:
      • As someone being impersonated, there's not much you can do beyond asking people to message you on MCM first before adding you to skype. This will allow you to give them your real skype.
        If you are intending to contact someone from MCM, it is best to verify via McM message as well.

        EDIT: @pramsing made a much more detailed post on avoiding situations like this, here it is: http://www.mc-market.org/threads/59926/#post-738778

    NEW PARAGRAPH!
    I came across this in the following thread: http://www.mc-market.org/threads/59177/
    Basically, it means people fake the proof of them owning whatever they are selling. The OP shows how easy it is to do so using photoshop in the above thread.
    The general COUNTER is to not trust any picture-based proof from a source that you're not acquainted with or that seems even slightly sketchy.

    Here's some ways to get proof that is more reliable:
    Builds: If the proof is at all possible to replicate by copy-pasting builds or using photoshop, ask to see the build live using skype screenshare. There are no risks for a legit builder that way. Note that this may still mean the world was downloaded, though if you ask them to show you other builds on their world/server and those are of similar quality and style (and some are genuinely half-finished), you can be more sure that they built it themselves

    An additional method, for if the build proof looks copypasted, is this(provided by ChrisF):


    Servers:
    Ask them to change something that requires OP on most servers. Maybe ask them to make a video of connecting to the IP of the server they're trying to sell, then importing a test world you sent them. This proves they have OP and FTP access. It does NOT prove that they have ownership of the server. I do not have the experience to comment further on this.

    Graphics:
    Ask to see their DeviantArt or Artstation page, and for them to send you a message using that if you have an account too (otherwise let them make a journal entry that's specific to you). The overlarge majority of graphics artists have a DA account. If they do not, I personally recommend you to be wary of them in the first place (any Graphics artists that don't have a DA account, please fill me in on your reasons).
    DA is quite vigilant when it comes to stolen art, more so than youtube as far as I know (I don't know the specifics, don't quote me on that). So it is unlikely that their account has stolen content on it, at least if the original creator also has that content on their account.

    (more info incoming)

    If your area of the market is not included, that's because I haven't the foggiest on how to get reliable proof on it (I'm not done yet so you might see it later)


    New Paragraph!
    This is a sneaky one, and is valid for all contractors/paid services.

    Sometimes, when someone offers to buy a product or service from you, they may end up sending you an invoice for the amount. If you have experience with paypal, you already know this, but DO NOT GO THROUGH WITH THAT INVOICE! Invoices are meant to be sent to the paying party, not the selling party. It's a simple scam, but since many people on this website are inexperienced with paypal in general, it's still valid.


    That should be all for now. If you have any suggestions or encounters of your own to share, please do so in the thread below. If you have any situations or counters to add, please tell me and I will add them (with credit to you).


    DISCLAIMER:

    I do NOT claim that someone in one of the mentioned situations is automatically a scammer or thief. It is merely that in that situation, you are vulnerable to being scammed. They could very well be a legit client/commissioned builder/dev etc.
    I also do not claim that all of these methods will have the desired effects, I merely offer them to you as an additional safeguard.​
  • Loading...
  • Loading...