Categories
Uncategorized

Outbyte and Neep (Scambaiter)

Update 30/07/2020

Update 20/07/2020

Starting April this year we have been dealing with an increasingly antagonistic individual who calls himself Neep. He initially contacted us about the fake popups displayed by our affiliates. Despite us promptly cutting all affiliates off Neep released a number of disparaging and misleading posts and youtube videos, demanded that we pay him 500 euros as his “bug bounty”, provided phone numbers in the forums that were encouraging harassment of employees of a call centre that provided support to our customers, and lately went out of his way to spread negative reviews about our software and even harass a reviewer of our software. While we appreciate the work of scambaiters in general, we feel that Neep’s actions towards our company were misguided to put it mildly. Since we have exhausted all avenues of resolving this peacefully, we have given the instructions to file a police report in Germany as well as chronicle our experience here. We believe that transparency in this matter is important.

How It All Started

In March 2020 our website traffic blew up. This seemed like exciting news at first. Naively, we thought that this was due to people switching to telecommuting and needing our software to maintain their home computers.

As it turned out, the spike was due to at least a couple of sub-affiliates creating misleading landing pages designed to make people think that their computers were infected. Neep was one of the people who informed us of these fake ads.

A rogue affiliate page masquerading as a Windows update page.

Or rather he first produced a YouTube video posted on March, 29 where he accused Outbyte of using these popups. The email came through to us on April, 7.

As these were sub-affiliates (i.e. they are affiliates of our affiliates) there was no way for us to find out who that was. So we had to shut down all affiliates who were not 100% transparent with their traffic sources, banners and landing pages. Here’s our reply to Neep:

Notice that rogue affiliates are quick to switch software as they were suddenly promoting such brands as Norton or McAfee. In fact Neep himself wrote about this:

https://twitter.com/NeePscambaiting/status/1255139782427938819
https://twitter.com/NeePscambaiting/status/1254750368740839425

This is what the popups leading to Norton looked like:

A rogue affiliate advertising Norton software.

While our own popups were not in use (they were used a few years prior in split tests) and we did not agree with Neep that they were misleading, we decided to remove them as well.

These popups were removed as soon as reported as this was part of our old code base.

NeeP Wanting 500 EUR

Neep emailed us on the same day. This time he was asking for 500 EUR as a bug bounty:

We politely declined that offer. Now, we would have absolutely no problem paying had Neep approached us and simply negotiated rather than producing negative reviews and then confronting us asking for the payment.

This time we continued with the cleanup of our affiliates. However, on April, 18 he sent us yet another email part of which read:

Following this threat he didn’t waste much time and on April, 21 he posted another negative video review:

https://www.youtube.com/watch?v=oV3UScMigGo

By this time he also searched for and posted phone numbers of the call centre we employed to serve our customers. The numbers were posted on the website encouraging its community to call and harass our call centre employees.

In his emails Neep mentioned that he had more information to share so we decided to take him up on his offer if he had more information, however it turned out that he simply published everything in his negative reviews:

Another concern we had was that once you pay someone who’s posted negative reviews and then demanded payment, we would be on the hook to keep paying to stave off further bad publicity.

Neep Calling PC Repair Out

In the video and his subsequent posts he claimed that PC Repair (note the name of the product) is “the worst antivirus ever”.

What would even make him think that?

Apparently he found that PC Repair detected a number of files (such as fonts, and his copy of NordVPN) and did not detect a number of viruses he had on his VM.

We explained to Neep shortly after that:

  • PC Repair doesn’t claim to be an antivirus
  • NordVPN detection was a false positive and we fixed that
  • Fonts detected were also a false positive and we fixed that
  • PC Repair performs a quick scan so it may have missed the actual viruses

For example, here’s what we replied to NeeP on May, 15:

Neep did not think that our explanation was enough and continued pushing his view. He replies on the same day and switches to threats:

When his email was ignored, he followed it up with another threat on May, 25:

And again on June, 2:

In case anyone’s wondering, no, saying that we’ll take someone up on their offer does not constitute a legally binding agreement (this was verified with a lawyer). Just like saying “I’m going to buy this fridge” to a salesperson doesn’t mean you now have to buy it and she has the right to threaten you with “legal options”.

Outbyte Engaging Lawyers

At this point it was obvious that he wasn’t planning to let this go and we decided to contact a few lawyers in Germany (where Neep is located). Surprisingly every single law firm we spoke to recommended that we file a police report.

Now this would be the cheapest and easiest option but we wanted to give Neep the benefit of the doubt. Most scambaiters are doing the right thing by keeping companies (and particularly call centres in India) accountable. So contrary to the advice, we decided that instead we would pay Neep, but have him sign an agreement to ensure that the current situation would not repeat itself.

Such an agreement would cost us about 2000 EUR and it would only be valid when both parties are known. So before investing in drafting this agreement we asked Neep to provide his details (such as name, address and phone number). A couple of emails later he stated that his name was Ben Mayer, provided his address in Germany, but declined to disclose his phone number in Germany and instead offered a US number.

Upon checking that number, we discovered that it was linked to a number of recently reported scam attempts:

https://800notes.com/Phone.aspx/1-616-294-9417
https://www.whycall.me/616.html

We suspected that the details he provided were fake so we discussed the matter with our lawyers who ran a check on the address. As expected, they found that there is no record of Ben Mayer at that address:

The Last Straw

PC Repair has recently been positively reviewed on a YouTube channel. Neep has left a comment under every single positive comment in that video claiming that our product is a fake antivirus suggesting that people watch his videos instead (his comments have since been removed). He also went on to call out the reviewer on twitter.

Yesterday we also discovered that Neep also posted his video on reddit in r/antivirus and r/malware

He continues to leave negative comments on YouTube like this one:

He made sure that his negative reviews appear on multiple websites:

https://twitter.com/neepscambaiting?lang=en
https://krposts.com/block/qTQnJ_Wk0PAzWCOHMfefDQ
https://invidio.us/channel/Glumanda94
https://invidio.us/channel/UCqTQnJ_Wk0PAzWCOHMfefDQ/community
https://www.reddit.com/r/Malware/

We can only guess at the motivation of this individual. Outbyte has been prompt in mitigating the original issue by blocking all non-transparent affiliates. Security scan issues were fixed as soon as they were reported. Outbyte even agreed to pay the ‘bug bounty’ had Neep provided his details. Frankly we couldn’t understand the reason NeeP is so set on disparaging the company as well harassing anyone involved. As a result, it was decided yesterday that we would instruct the law firm to file a police report in Germany.

Who Is Neep?

The short answer is we don’t know. 

Here’s what we know. He is from Germany and he’s probably 26. He’s been known on the Internet under aliases Neep, NeepX, Neep94, Glumanda94, and (fake) names Adrian Fischer and Ben Mayer.

Who We Are

We have seen Neep attempting to mislead people about our company, see his post below.

We wanted to clarify this here. Outbyte is a brand under Auslogics Labs Pty Ltd which has a registered office in Australia. This can be easily verified via ASIC website.

We have a few administrative and management staff here in Sydney. We have a global team of software and web developers, QA, copywriters, and others who telecommute from the Philippines, Ukraine, Russia, Spain, US, China and other locations.

The company is small with just about 60 people but it makes it possible for us to get together for a bit of fun and co-working.

We sincerely hope that this post clears any questions regarding Neep’s role in continuous attacks on Outbyte. If you would like to contact us regarding Neep or contribute to this article please do not hesitate to email us at legal [at] outbyte.com.

P.S. Considering everything that’s happened, we wanted to get this post out as soon as possible. We apologise if there are any mistakes here and will be updating this post in the coming days.

Update 20/07/2020

A report has been filed with the Australian Federal Police today. We are still working with the lawyers in Germany to file a report there.

Update 30/07/2020

To better understand PC Repair please see our latest article.