The Kickstarter campaign for ShopBot Tool’s new “smart digital power tool,” the Handibot, was going well. It had more than doubled its $125k goal.
But late last month, with just a few weeks to go in the campaign, ShopBot owner Ted Hall discovered that the new tool was attracting even more interest than he knew about.
Unbeknownst to him, a nearly identical Handibot campaign was running on Indiegogo, with graphics and text copied from the Handibot Kickstarter page.
And the funds would be going to another account.
A few weeks earlier, Pirate3D made a similar discovery. Their successful Kickstarter campaign for an affordable 3D printer, Buccaneer, showed up under a slightly different name on Indiegogo.
All four Indiegogo sites were pulled down as soon as the real campaigners notified the service.
But the scam is unsettling — for campaigners and potential funders — at a time when crowdfunding continues to grow rapidly.
The scams are doubly unfortunate because they not only allow scammers to raise money under false pretenses, but they also confuse customers, causing some, no doubt, to question the legitimacy of projects that appear to be double dipping on two crowdfunding services.
In fact, ShopBot’s Hall only learned of the fraudulent Handibot Indiegogo campaign after members of an online hobbyist group began questioning why ShopBot was running two campaigns at once — a tactic that is not considered good crowdfunding practice.
Indiegogo is particularly vulnerable to the scam, it turns out, because of its “flexible funding” model, which allows users of its service to collect funds as soon as they are donated, via PayPal. Kickstarter doesn’t release the money raised until after a successful campaign is completed.
The “flexible funding” option is a key differentiator for Indiegogo versus Kickstarter, which may be why the company continues to offer the option despite the recent breaches.
In all four cases, the scams targeted successful Kickstarter campaigns. Two of the targets — Handibot and the Pirate3D Bucaneer 3D printer — had unusually large campaign goals and pledge tiers.
It’s not clear how much the fraudsters got away with before being shut down, but the fake Pirate3D campaign reached less than $1000 before it was yanked; one of the copycat comics site only raised $10.
When asked about the false postings, Shannon Swallow, Head of Communications Marketing at Indiegogo, responded to MAKE with vague, corporate generalities: “Indiegogo takes trust and security very seriously and prides itself as being a leader in the field of trust and security.”
Swallow said that Indiegogo has three overlapping security procedures: “a proprietary algorithm that allows us to flag potentially fraudulent campaigns, not unlike the systems that credit card companies use to detect unauthorized purchases;” a special team dedicated to detecting any signs of suspicious activity on the platform; and Indiegogo’s “conscious community” that is able to flag any campaigns that they may suspect of fraudulent activity, prompting the Indiegogo team to review them.
Indiegogo would not say what it does to prevent campaigners from raising money under a false identity.
“For the safety of our campaign owners and founders we do not discuss the internal protocols we use,” Swallow said. “The crowd is an important partner and provides an added integrity of our platform.”
In all four cases mentioned above, the fraudsters were not caught until the community alerted the service.
Indiegogo did not reveal whether it intends to prosecute the fraudulent fundraisers, or if it has reported them to the police.
“Any time there is a trust or safety breach our fraud and legal teams collaborate to take the appropriate measures,” Swallow said. “We cannot discuss the specifics of any individual situation in order to protect the integrity of any potential investigation.”
Surprisingly, most of Indiegogo’s responses appeared to indicate that the company is not really taking the issue seriously, or is hoping that it will just go away on its own.
For example, asked if Indiegogo is considering changing its policies in light of the recent fraudulent postings, Swallow claimed to be happy with the way that Indiegogo and PayPal are currently handling payments.
“We are pleased with our success working with our partners at PayPal to eliminate fraud,” she said.
However, Indiegogo insiders have said the company’s tepid, corporate-sounding responses are necessary to protect sensitive financial operations that handle millions of dollars in donations every month.
Roger Chang, of Pirate3D, said that Kickstarter backers alerted the team to the copycat crowdfunding campaign on Indiegogo.
“We weren’t too pleased with it, of course,” he told MAKE.
Indiegogo’s identity problem is not unique. Other crowdfunding sites are also potentially vulnerable to this kind of fraudulent campaign. Already, one company, CrowdCheck, has been launched to address this perceived weakness in the crowdfunding ecosystem. Founded by former securities lawyers, CrowdCheck will investigate that companies seeking crowdfunding are “legitimate, transparent, and compliant with the law.”
So what does this mean for customers of crowdfunding sites who are considering a donation?
The standard advice remains the same. Kickstarter advises potential customers to follow trusted sources, look for first-person videos, examine a project’s bio section, and check if the creators are “Facebook Connected.” Are there links provided for further verification?
“At the end of the day,” Kickstarter advises, “use your internet street smarts.”
The Better Business Bureau offers similar advice: Look beyond the project profile page to learn about the entrepreneur; check Facebook and other social media sites; look for links that provide further verification.
And how do crowdfunding creators protect themselves?
Roger Chang, of Pirate3D, said that crowdfunding sites should be doing “more stringent checks before a project goes online.” But Chang added that, “The best defense, of course, is to have a good following. We might have let the fraud slip past us if it weren’t for our backers pointing it out.”
Ken Lowery, co-creator of the “Like A Virus” Kickstarter campaign that was copied on Indiegogo, suggested on the Comics Allliance website that campaigners create Google Alerts of their names, and the project name, and monitor them.
That was how he discovered the duplicate campaign site: he noticed an unusual number of mentions of his name in connection with the Indiegogo campaign.
“If you seem to be on track to be successful, just set up some alerts with your name and your project name, just to see,” he said. “It’s good to know who’s talking about it anyway, but there are apparently people who will spend a fair amount of time duplicating you in hopes of getting four or five thousand dollars.”