Solved

Software customers who are actually scam artists

Posted on 2009-05-14
9
337 Views
Last Modified: 2013-11-15
Every time someone downloads a demo software from my website I get emailed the form they fill out.  Why is it that over the months I get emails from companies in Africa, India and elsewhere saying they have downloaded the demo from my website (which they have) but only after 1 or 2 minutes do I get a 1-liner email in broken English saying something like:
  "We like you software very much. Please to buy".
I can't imagine how after only 2 minutes they managed to actually download the demo (15MB), install it, test it and decide they like it. So naturally I delete these emails.

Now I have a potential customer who found me on one of those online freelancer websites for freelance programmers, who downloaded the demo and says "I am serious about buying this product" and "I like your software though and decided to go ahead with it if we can talk to you" - but they didn't really have any questions and they only want 1 license and they want a discount.
Why do I smell a rat? Or am I just being paranoid??

I have checked this company out thoroughly, and they seem legit, but something doesn't feel 100% right.

My question is:
What do you know about these kinds of scammers (if they exist)? IIf these people are scammers, what do they hope to do with my software once they get their single copy? My software is enveloped and protected and uses a hardware key (dongle). I know these things can be cracked (sometimes easily, sometimes with a lot of effort). Should I be worried? Should I decline the sale (I won't make all that much money on 1 license, but I do need the business).
Your general thoughts on this are appreciated.
0
Comment
Question by:rfwoolf
9 Comments
 
LVL 6

Accepted Solution

by:
nettek0300 earned 100 total points
ID: 24391623
I think this is something you have to use your own judgement on.  What type of software is it and how much does it cost?  Is there a chance they are trying to purchase the software so that they can resell it while sending you bogus money?  Are you willing to chance losing the money off of that piece of software if the customer's payment is not valid?

If it was me, I would start with domestic sales, and then maybe broaden to the US and possibly Mexico before selling in other foreign countries.  Just my opinion.
0
 
LVL 2

Assisted Solution

by:xnatex21
xnatex21 earned 100 total points
ID: 24391659
Hi,
nettek0300 is dancing around his point. The question is, what do you stand to lose? If you've put a lot of time/effort into something, I say stick with your instinct and shy away from the scammers or potential scammers. If this software is something you put very little into, then why not try and make some fast cash?

Also, as a side note, never give a discount unless you plan on making up for it from that customer later. If this is a one time sale for that customer, then don't discount it. If you think you can lure them back for more, then by all means bait the hook but just make it clear that it's a ONE TIME discount.

Good luck,
Nate
0
 
LVL 4

Assisted Solution

by:galadore
galadore earned 100 total points
ID: 24391689
Don't know if it's an option based on the programs you write, but I used to write applications for web server installations and always provided the code encryped for free demo and open source (except for one base component) when it was sold.  In the one encrypted page I included a call to home that sent the IP address of the site where it was being run from and notified me of any new IPs.  You can't include any return response without slowing their application down, but I could easily collect info on who was using it.  With a quick WHOIS I could compare that with the registered licenses and could quickly find thieves.  It could be bypassed (as with anything), but it helped me eliminate a few scam artists.  Just a thought...
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 135 total points
ID: 24391811
take a page out of Microsofts book, Registration, Activation and validation are all valid software authentication methods..

Hardware keys are good, but unless you can create hundreds of hooks, they just get hacked out..

Find out who they are, define just how the software can be used, license its use, not its ownership, so you retain all rights and as the English say, "give them enough rope to hang themselves" as a law suite could really bolster your business and reputation. But if your a simple operator, and you put in a bomb, and they sue you, what have you too loose..

If you cant afford the litigation, and your a freelancer , I'd prefer to see the code, let them own it and pay for it all...

If your becoming software house, focus on the above methods to settle the paranoia..

P.S.  yes, your paranoia is valid as litigation is poor (or non-existent) protection in other countries..

What about as a ASP (application service provider) and license the software over the internet?
Then you get to control each use..


0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 13

Author Comment

by:rfwoolf
ID: 24391968
Thank you guys, this is all some good remarks.

nettek0300:
"Is there a chance they are trying to purchase the software so that they can resell it while sending you bogus money?  Are you willing to chance losing the money off of that piece of software if the customer's payment is not valid?"
-Well I do require a deposit (to cover the cost of a dongle, postage, and a bit more for my time) so they won't get anything without paying me that first. But yes, then they could just refuse to pay the rest of the bill. I would then have to take them to court or small claims court and if I'm not in the same country this could prove difficult. They could also try and modify and sell the software - which is what I'm always worried about - so I use a dongle and I envelope my software so that it won't run without the dongle. All the dongle companies brag about how uncrackable they are, yet all the hackers claims to be able to crack most of them - so it's hard to be sure.

xnatex21:
"Also, as a side note, never give a discount unless you plan on making up for it from that customer later."
-Thanks for that advice. Because they seem like they're going to be a small client anyway, and they aren't a huge company and I could really use the business, I think I'm going to cave and give them a discount. I will make it clear that all future license purchases will be at the full price.

galadore:
"In the one encrypted page I included a call to home that sent the IP address of the site where it was being run from and notified me of any new IPs."
-That's definitely an interesting thought - I think I've considered it before but pushed it far down the list because other things were more important, plus there are (I assume) some challenges in getting it to send emails or connecting to servers without annoying or alerting the user. Still, if it is covert enough, even if they crack all the security mechanisms of the application, this is still useful to have.
While we're on the same subject, I remember reading a while back that the trend these days is to not alert your user if they don't have a legal copy of the software - because then they know what triggers it  - for example if I get the app to check for the presence of a dongle after a certain button is clicked - rather check the dongle after 1 minute and then the user won't know what they did wrong.

debuggerau:
" define just how the software can be used, license its use, not its ownership, so you retain all rights"
-Yes fortunately I put a lot of effort into drafting a 6-page license agreement, and had it proofread by a lawyer-type friend of mine - but still could use a thorough legal inspection. Yes I sell licenses, not the software, and they have to sign it.
But I am a very small operation. I do suppose one thing I have on my side is that my software is very niche-market and not very well known (lol). Because of this, if they did try and crack and sell it, it would not be the same as trying to sell something hot and popular.

"What about as a ASP (application service provider) and license the software over the internet?"
-I would love to do this, but as far as I know converting a win32 application to a web application is a painful and tedious process. I hear there are tools now that export the locations of objects on your forms into XML, to then import them into HTML and to mimick the same sort of layout - which saves a lot of time (because for me the layout would be the most tedious aspect I guess).
This is something I will have to research further.

Thanks all. I appreciate all the input. I'm still half expecting someone to tell me that there's a Nigerian software scam ring, who buy software and try to resell it or some shit like that - because I'm convinced there's a whole industry of talented software hackers, I take my hat off to them - I can't sift through that mambo-jumbo (yet).
0
 
LVL 6

Assisted Solution

by:JosephGlosz
JosephGlosz earned 35 total points
ID: 24398407
Clearly, the answer you are seeking is....

42!


:)
0
 
LVL 37

Assisted Solution

by:Geert Gruwez
Geert Gruwez earned 30 total points
ID: 24400334
you're not advertising your products either... are these so top secret ?
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 135 total points
ID: 24408264
If it is a small niche and not worth the hackers efforts, you may have a reprieve.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 25103371
Rfwoolf:

In response to your question, yes that chance is there and it always exists.  It is just like the long lost relative in India that lets you an inheritance, but in order to claim the money, you have to wire them some portion of what they send you.  In the end what they send you is bogus, but because it is coming from third world contries, it could be weeks or possibly months before you find out you do not have your share of the money and the money you sent to them is long gone.

In the end, you need to use your best judgement.  One way to weed these people out may be to have them contact you if they are interested in a demo product.  You could then provide a username / password that would be needed to download the demo, as opposed to having the demo for anyone in the world to download.

Sorry it took so long to reply.  I have been busy and have not had a lot of time to devote to the site.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Let’s list some of the technologies that enable smooth teleworking. 
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now