I didn't know whether to feel honored or horrified. In April 2015, I saw my name on an article about a "Google Mobilegeddon" on Tech.co and wondered if I had been writing in my sleep, or if a random bot had picked up my name to generate meaningless articles. But it was too deliberate to be a mistake or a bot.
This person created an author's profile that had my name (slightly misspelled), a link to my Twitter page, a picture of me (taken from my Twitter account) and a biography. The saddest part was that this person had written a better bio about me than I had.
That's when I knew for certain: Someone had been passing himself or herself off as me and posting articles in my name.
The first time, I felt violated. It was like the episode of Friends in which Phoebe's not-so-nice twin sister Ursula starts acting in adult videos in Phoebe's name. Now I understand Phoebe's horror at finding her likeness and name on the cover of "Buffay the Vampire Layer."
Journalistic identity theft seems pretty harmless in theory, but what this swindler is doing could cost me my job. I'm not supposed to write for a competing website on topics I already cover. If this person was receiving payment in my name and filing some form of papers to the IRS, I could end up paying taxes on money I never made.
I was annoyed that Tech.co hadn't properly vetted the impostor before publishing his or her work, but I reached out to the site and succeeded in having the accreditation removed. I moved on.
Second encounter and a Skype interview
A few months later, in July, I received a somewhat strange tweet asking if I was freelancing. I asked the sender to drop me an email, and that's when it got fun. It turned out that my impostor had applied for a freelance writing gig at the news-aggregating site managed by my tipster. At least this time, the person hiring was astute and tried to verify my identity.
My source had read about Gizmodo writer Kate Knibbs, who'd had a similar experience. In Knibbs' account, her con artist responded to her emails and identified himself as a man named Khurram Aziz. Knibbs acknowledged in her story that Aziz could be yet another alias, as she never spoke with or met her correspondent or identified his or her gender.
The would-be employer conducted a Skype interview with the con artist, who may or may not have been the same as Knibbs', and shared with me some of the highlights.
"It was good for a laugh, but nothing really materialized," my source wrote. "He mentioned your educational background and master's degree, but had to 'hold on' when I asked him where you attended. (LinkedIn already told me Columbia; it just amused me that he had to look it up.)"
I had important questions: Did the fake Cherlynn wear a wig? Did he fake a female voice?
Unfortunately, my tipster told me, the interview was conducted only over Skype's instant-messaging service, and no video or audio was shared. After my source "made some vague threats about sending this to [the company's] legal department and turning over all [the impostor's ] logs and IP data … to the authorities," the fake Cherlynn stopped responding.
Because it was clear that my identity had been used more than once for fraudulent job applications, I decided to ask my impostor why he or she did it. I sent a message to the email address he or she used when communicating with Tech.co, asking for an explanation. Not surprisingly, I haven't heard back.
What I did, and what you can do
So what can you do if this happens to you? Back in April, when I discovered the Tech.co stories bearing my byline, my first instinct was to alert my editors to the situation, just so they knew I wasn't moonlighting for a competing website. Then, I took screenshots of everything to get a record of what happened.
I contacted the editors of Tech.co and informed them of the situation. They promptly removed my name from the article bylines, replacing it with the publication's name. They also took down my picture and bio.
Tech.co provided me with the culprit's email address. Fake Cherlynn was not paid, since Tech.co doesn't pay its guest contributors, who are not assigned work but rather submit stories at will.
Professor June Besek, executive director of the Kernochan Center for Law, Media and the Arts at Columbia Law School, told me that going to the publishers and alerting the perpetrator was probably the right move.
"I think you did well," she said.
Besek believes that seeking legal action should be a last resort in such a situation, for two reasons. First, it's expensive, and second, finding the culprit to serve him or her the complaint could be difficult. If you can't learn the identity of the person who is committing the identity theft, you won't have much of a case.
"If you're just trying to stop this, going to the person who is publishing this and explaining the situation is far more effective," Besek said.
I reached out to a few lawyers for their opinions. None of what follows is legal advice, and if you find yourself in a similar situation, you should speak with a lawyer who is familiar with intellectual-property or identity-theft law.
If you feel strongly about taking legal action and have the money, patience and time to do so, you may find the law on your side.
Although "the law has not been crystal clear in this area," Besek said, you have the right to have your name associated with your works under something known as "moral rights." You also have the right to not have your name associated with works that aren't yours, she said.
What's more, you have a right to control how your personality is portrayed in public, under what is known as rights to publicity (also called personality rights). Recognized in about 30 states, the right of publicity says that every individual has the right to "control any commercial use of his or her name, image, likeness or some other identifying aspect of identity."
However, your greatest challenge may be in proving that your identity was exploited or misappropriated for commercial purposes. According to the Digital Media Law Project, someone may still be held liable for some noncommercial uses of another person's name or likeness if the culprit exploited the plaintiff's identity for his or her own gain. You'll just have to be able to prove that the person gained some sort of benefit.
Some forms of identity theft involve government-issued identification, such as passports or Social Security numbers, and therefore are penalized regardless of economic harm. However, putting someone else's name on a byline doesn't rise to that level.
"Whether for civil or criminal purposes, you'd have to show some kind of harm to have a claim," said Stuart Karle, general counsel at North Base Media, a Washington, D.C.-based investment firm focused on journalistic enterprise and digital-driven opportunities in emerging markets.
Because my impersonator was not paid by Tech.co, it's difficult for me to prove he or she received any kind of gain. Tech.co informed me that fake Cherlynn had been trying to slip links into his or her stories that sent people to HuntingGearLab.com and CheckMaid.com, so that could have been how the culprit planned to monetize the scam. But because Tech.co had removed those links before publishing the posts, the impostor presumably did not make any money.
And because I'm not a big-shot famous writer, it's difficult for me to show reputational harm. If I were, I might have been able to file a civil claim for damages.
"If your doppelgänger produces an article that's really terrible and, as a result, the publisher or others who read it all conclude that they will never hire the real Cherlynn Low, that's a problem for you," Karle said.
But even then, I'd still have to establish the jurisdiction in which to pursue the case — would it be New York, where I live, or where the impostor lives, provided he or she can be found and identified? (Again, not all 50 states recognize rights to publicity, although New York does.)
I'm not the only one
When I read about Kate Knibbs' experience on Gizmodo, I realized that this wasn't happening only to me.
Knibbs, a Gizmodo writer, found out that the competing site Elite Daily was publishing stories in her name. When she asked Elite Daily why it was doing that, the website requested to see Knibbs' government-issued ID to verify her identity. Satisfied that Knibbs was genuine, the publication changed the bylines of the relevant articles and removed Knibbs' picture. Knibbs also obtained the email address of her impostor, confronted the person, and received an email from a person claiming to be called Khurram Aziz.
In his (we presume it's a he) initial response to Knibbs, Aziz explained that he picked names from Google News to get writer accounts on sites, "so as to post spam links into articles for customers willing to pay a lot of money for the service." (That fits with Tech.co's account of links in the stories fake Cherlynn submitted.)
Knibbs pressed further.
"Whether I look good or bad on the Internet is utterly irrelevant to me," Aziz replied. "Don't be stupid — this [Khurram Aziz] is another stolen identity."
After some digging, I found out that at least two other writers (oddly enough, both also female) had been through the same thing: Carol Tice, who writes for Make A Living Writing, and freelancer Heather Boerner. (Neither could comment in time for this story.)
Boerner now has prominent notices on her website and LinkedIn profile urging anyone who's been contacted by a fake freelancer to file a police report and send her the details.
According to Knibbs' account, her offender (who used the same email-naming pattern as in my examples) had "burned through hundreds of accounts." There may be hundreds of writers out there being impersonated.
Proceed with caution
Without a verified suspect, there is not much I can do about this form of identity theft, except perhaps to develop a style of writing so unique that it would immediately be recognized as my own and no one else's.
If I had been a victim of traditional identity theft, in which my banking information or Social Security number had been stolen, there would have been a clearer path of action, even without a specific culprit. I could have filed a police report, shut down social-media accounts and be more careful online. However, as a journalist in today's digital world, it's part of my job to have a somewhat public persona.
My only recourse is to hope that publishers will take more care to vet the people they hire. Elite Daily, which published stories written by Knibbs' impostor, has since promised that it is "beefing up its system of checks and balances" when approving contributor posts. I'll also have to Google various iterations of my name every so often, or have Google email me notifications when my name comes up, to make sure the impostor isn't at it again.
On her website, Heather Boerner says, "Thank you for any support in apprehending this criminal who is hurting legitimate journalists' names and bilking hard-working people. Together, we can catch him."
Unfortunately, Boerner is probably wrong. Not only does it appear unlikely that we can apprehend the offender or offenders, but it may be almost impossible to bring a case against the culprits.
- How to Survive a Data Breach
- Mobile Security Guide: Everything You Need to Know
- Best All-In-One Security Software
Cherlynn Low is a staff writer at Tom's Guide. When she's not writing about wearables, cameras and smartphones, she's devouring old episodes of Torchwood or The X-Files. Or taking selfies. Follow Cherlynn @cherlynnlow. Follow Tom's Guide at @tomsguide and on Facebook.