How I Fell for An AI-Generated Phishing Scheme And What You Can Learn From My Mistake

The email came out of nowhere. Creative agencies don’t usually spam me, but this one did. How did I fall for this phishing scheme? And how can you prevent yourself from being fooled by the same tactics? If caught in an AI-generated phishing scheme, here are a few tips to avoid getting trapped and spilling critical personal information.

On Monday, I received an email announcement from a company that, for this post, we will call AGENCYWHO. According to their description, AGENCYWHO is a full-service digital art, animation, and visual effects studio that provides high-quality professional services and offers innovative solutions with a unique creative approach.

According to the email, this California-based agency currently has numerous open positions for creative professionals like me. At first glance, this was a company on the move, rapidly growing, and committed to delivering “visually stunning projects that promote awareness and inspire people.”

Employees may choose either full or part-time employment from remote locations. The email provided an acceptable hourly rate. Benefits include dental and vision coverage, paid time off, bonus pay, employee discounts, flexible work schedule, and vacations.

Milton, the company’s HR manager, conducted the virtual and text-based job interviews using the Telegram app. My interview went as follows:

Me: I am interested in learning more about creative opportunities at AGENCYWHO.

Milton: Hello, Milton here from AGENCYWHO. How are you?

Me: I’m doing great. How are you doing today?

Milton: Great, and nice to meet you.

We are looking for talented 3D/2D/CG Artists, Animators, Illustrators, Product Designers, Producers, Editors, Graphic Designers (print, web, motion), Writers, and Photographers to join our team remotely.

Are you ready to begin the interview here? This is a text-based interview.

?Me: Yes, I am. I am ready anytime you are.

Milton: Let’s begin.

• What is your full name?
• What type of artist are you?
• How long you’ve been working in the field?
• Where are you currently located?
• Why should we hire you?

Me:

• Doug Eymer
• Graphic Designer/Illustrator
• 25+ years
• You should hire me because I am a multi-faceted, creative genius and an incredible head for business.
• I am located 20 miles south of Boston in a seaside town called Scituate.
• Also, I have a great sense of humor, and my clients love me.

?Milton:

• Okay, give me an example of when you thought outside the box. How did it help your employer?
• And provide a time when you dealt calmly and effectively with a high-stress situation.
• What third-party and proprietary tools do you use daily?
• How do you deal with creative blocks?

?Me: (I provided three examples)

1. In 2004-2005, BlueCross BlueShield of MA hired me to rethink and design the “Website of the Future.” My final design was a browser-free desktop app and a physical device similar to an iPhone or Palm pilot. (This was in advance of the iPhone’s release in 2007).
2. A couple of years later, Martine Rothblatt asked me to develop a presentation based on her book, “Two Stars for Peace,” which she was to deliver at a ceremony in her honor at Tel Aviv University. The publication and my presentation described how if Israel and Palestine became our 51st and 52nd states, there would be peace in the Middle East.
3. This past year, I developed a series of worksheets, a printed book, and a coloring book for the Responsible Flushing Alliance. These materials feature the villainous “Clogmonster” and teach children not to flush items down the toilet that may cause the growing problem of damaging clogs that disrupt private and public sewer systems.

Since the beginning of my professional career, I have dealt with stressful situations regularly. This acquired trait proves especially true in my experiences as a business owner and agency principal within a large Boston-based marketing communications firm.

I have incredible patience, and I am an excellent listener.

My tools include Adobe Creative Suite, Microsoft Suite, Camtasia, QuickBooks, Basecamp, Dropbox, Google suite, Twitter, Facebook, Instagram, Squarespace, etc.

In terms of creative blocks, they have never really been an issue. Occasionally my ideas stall for a short amount of time. Still, the wheels begin to spin by switching gears and participating in other activities (i.e., exercise, mowing the lawn, working on another project, etc.).

The most exciting moment in my profession is when the BIG idea strikes! This occasion is the RUSH that keeps me going.

?(The text string abruptly stopped but continued in the late morning of the following day.)

?Milton: Let’s continue.

What steps do you take if the final colors of a printed illustration are different from the ones you designed on your computer, and what are some ways you can add perspective to an image?

Me: If I attempt to match colors on a finished printed piece, I know I cannot rely on my computer screen. For reference, I need to use my new Pantone Guide or custom ink drawdowns.

A designer can enhance perspective by manipulating the lighting and adjusting the focus. Photoshop also allows the view to be altered.

Milton: Okay your duties may include:

• Brainstorming with the marketing and design team to come up with image ideas.
• Preparing and designing rough draft illustrations according to client specifications.
• Defining any budget or time limitations.
• Creating complete illustrations by combining painting, hand-drawn, and digitally created images.
• Refining image design using illustration software.
• Enhancing the design concept using a wide range of colors and graphics.
• Applying complex isometric techniques to add perspective to design shapes.
• Formatting final illustrations using CAD software.
• Ensuring that printed illustrations meet specified color and quality standards.

?Can you handle these duties if hired and trained/orientated?

?Me: Definitely.

I am well-versed and have handled many roles, from new business development and final production (and everything in between).

?Milton: Great. There will be video meetings with the other team members once a month. Along with the team, you will be working on projects and sharing work-related ideas.

• ?A contract letter will be emailed to you, which you are to read, sign, and send back a copy.
• There will be online training next week, and a creative director will be assigned to you to put you through, and I will also let you know prior to that time also an Art-Test will be conducted.
• You are to work 20-40 hours a week. Our hours are flexible as you can get to choose your hours.
• Video meetings will be happening on Zoom. Regarding the training, I will speak to the Art Director about the times and dates and let you know as soon as possible.
• The company will pay you $X/hr with paid time off, vision, health and dental benefits, and advancement opportunities with us.
• You will receive your pay via direct deposit or check bi-weekly; taxes are taken out of your pay as employee tax.
• Working Days are Monday-Fridays, you can do some weekends if desired, and you will work remotely. We also use Dropbox to send and receive files.

Understood?

Me: Yes.

Milton: You provided all the required answers, making you fit for the job.

As for work resumption will be sometime during the first week of November, but I’m certain the Training/Orientation begins next week.

Also, you’ll need to have these items to begin work:

• CorelDRAW Graphics Suite
• Wacom Cintiq Pro 21’
• Adobe CC Suite (with our subscription license)
• Maya and Autodesk 3Ds Max
• Houdini software programs
• ZBrush software 2022
• Safescan TA-8020 Employee Time Clock System
• MacBook Pro (16-inch, 2021)
• And other company-customized equipment.
• IPad tab.
• 24-inch Huion Kamvas display drawing
• Jira
• C4D
• 8K monitor

The company will provide you with a start-up check to enable you to buy the above materials and a new MacBook for work. The software will be installed on the computer and come with your employment paperwork and work ID card.

You will purchase the materials from our accredited software vendor.

The vendor will cover the shipping cost, install the software updates and patches, and perform manual data backups and secure data. She will ship everything to you via FedEx delivery. I’ll provide the vendor info in due time.

This is our hiring process, and I’ll be here to guide you throughout the process.

Okay?

This was all too good to be true. As the bells and whistles pulsated through my head and the bright red flags consumed my vision, I brought the interview to a screeching halt. I then deleted the conversation and the Telegram app.

The old saying goes, “If it looks like a duck, walks like a duck, and quacks like a duck, then it just may be a duck.” A duck had phished me!

I was so enthusiastic about this opportunity that my whole sense of reasoning had been captured and taken hostage until I suddenly smelled a rat!

After carefully reviewing the message string’s content, delivery, and the nearly twenty-hour pause, I realized this was a cruel AI-generated phishing scheme. The whole structure of the conversation was not human. I had been responding to an automated script.

In the next step, I would most likely receive an employment contract asking for vital and personal information, including my social security number.

As for purchasing hundreds of dollars worth of hardware and software, why would they send me a check to cover the cost rather than paying their vendor directly?

I recalled hearing of a fraudulent scam where the recipient deposits the check into their bank account. The company check bounces, and the equipment never arrives. To expedite the process, the intended recipient has purchased the goods from the company’s vendor with their credit card, leaving them with a pricey bill.

So, keep in mind if you receive an email or text response from somebody after applying for a job. There is a chance that the email is not from a human but from an automated system. Search for the LinkedIn profiles of the employees who responded to your inquiry. Check out the company’s website and make sure it looks legitimate. Visit the company’s social media accounts. If posts appear in languages other than English or consistently lousy grammar and spelling errors, there is a higher chance of a bot-driven conversation.

Stay alert, and don’t talk to strangers! It’s a tough world out there, and you can’t be too careful!