How I Beat an Online Course Scammer

this is a story about how i beat a thief at his own game and made $2,100 USD in the process. if you’re reading this Howard, f*** you twice.

table of contents

  1. context and background
  2. finding out i got scammed
  3. luck is when preparation meets opportunity
  4. playing stupid
  5. data gathering
  6. filing a PayPal claim
  7. losing my PayPal claim
  8. becoming a ninja
  9. filing a PayPal claim, redux
  10. winning
  11. leveraging the wisdom of the crowd
  12. spiteful in my spare time
  13. getting scammed again
  14. winning twice
  15. who wants some?
  16. forgiveness

context and background

i’m a marketer with an online course. it sells for $2,000 which means “no stupid people allowed.”

i’ve been criticized for charging this much but it’s worth it and besides, i don’t tolerate incompetent students.

anyway, i launched the course 8 months ago and had zero problems.

enter February 2019.

finding out i got scammed

on February 2 a new student enrolled, name “John Shredder.” sounds like one of those Movie Names but whatever, $2,100 buys me a new pair of Vans.

a few hours later he sent me this email, a refund request:

kind of an odd compliment slash passive aggressive complaint, but no biggie. i do not mess with peoples’ money.

before executing a 1-click refund i happened to check my other emails. the importance of this piece in my puzzle cannot be overstated.

in my inbox was an email from my WordPress instance. it’s a common “are you OK with this backlink?” pingback request:


usually i spend < 10 seconds reviewing these. mostly they’re spam and occasionally some other blog links to me.

but a keyword stuck out: GROUP BUY.

i clicked through to Comulent Social and found a gold mine of stolen online courses being resold for a fraction of their stated price, including mine.

since the faux landing page for my course had copy/paste text from the real landing page, it backlinked my blog and triggered the alert.

could John Shredder be connected to this stolen course marketplace?

luck is when preparation meets opportunity

a couple months prior to this situation i read Never Split the Difference by Chris Voss. before that i read Negotiation Genius and Getting to Yes.

let’s call these books the Unofficial Negotiation Trilogy, or UNT for short.

a few UNT lessons:

  • information is power; don’t give away more than necessary
  • get the other side (your adversary) to say “no” as quickly as possible, then negotiate from there
  • your ZOPA (zone of possible agreement) is different from your adversary’s; find the overlap
  • create asymmetry such that your BATNA (best alternative to a negotiated agreement) is less painful than theirs

these in mind, my leverage was clear:

  1. i knew my course was stolen, thief did not know i knew
  2. i’m smarter than most people (yeah i said it)

so i sent “John Shredder” a note and simultaneously kicked off an investigation of Comulent Social.

playing stupid

not 100% certain (yet) that John was connected to the stolen course website, i actually clicked through PayPal’s refund process. lucky for me, PayPal said the funds were on hold for a day.

i kept John updated:

shortly after sending this, my investigation had a breakthrough: i conclusively linked my student John Shredder to Comulent Social.

before i share how that happened, here’s what i tried first:

  • joining the private Discord chat channel and cross referencing usernames, signatures, recent moderator posts, etc
  • using WHOIS records for clues behind domain ownership
  • sending private FB Group messages from a borrowed female account (they confirmed course “was available”)
  • scanned for security vulnerabilities in the Amember instance managing the website’s membership portal (grey area, sigh)
  • consulted with other high ticket course creators to learn if they had heard of John Shredder or Comulent Social

but you know how i finally figured it out? i joined the scam membership website.

for just $19 you could join Comulent for 30 days, and then be billed a mere $9 per month afterward for unlimited access to courses.

it was during checkout, using my wife’s old email + maiden name, that i found the Achilles tendon:

PayPal is such a POS product that the “pay to” address is embedded directly into the callback URL.

that email address was the same one John Shredder used to enroll in my course.

another day passed, and poor John was getting anxious about his refund!


at this point my natural tendencies were urging me to take the “gotcha!” route. to type a well-deserved ALL CAPS spiel to John and have a celebratory latte.

but i did none of this, because i read the UNT (unofficial negotiation trilogy).

data gathering

just because i knew Jerry Howard, p/k/a John Shredder, stole my course and was reselling it on Comulent Social, didn’t mean i had anything to brag about.

course creators and ecommerce stores are ripped off all the time. it usually goes something like this:

  1. thief purchases item
  2. seller delivers item
  3. thief submits chargeback
  4. seller refutes claim, providing proof of delivery
  5. payment processor is Soy, decides in thief’s favor

i wanted to avoid this fate, so i played my cool with John Shredder and began a series of lighthearted Q&A.

me: “thanks John for the PayPal receipt, can you provide legal proof? i’ll submit it to the course website so they can ensure the refund goes through

thief: “ehm like what kind of legal proof?

me: “paypal says i have to wait another day, maybe because it’s Sunday. if you send me a driver license pic i’ll just refund now.

thief: “Sounds good. Here you go.

pause: let’s pour one out for Jerry Howard, a [previously] anonymous internet thief who literally sent me his drivers license.

me: “wow, i haven’t seen a UK license before. how is your name John Shredder though, if your license is Jerry Howard?”

thief: “ah yeah i used an old teachable account because of not wanting to give private information to businesses :)

after this exchange i let him have it. i told Jerry i knew he ran the OnePercentClub + Comulent Social websites.

filing a PayPal claim

unsurprisingly, within a couple hours Jerry filed a chargeback request on PayPal.

before doing so he tried arguing with me further over email, but the correspondence is so Low IQ it’s not worth a screenshot.

fruitless quips like:

  • i’ll contact Teachable! i’m friends with the Teachable CEO
  • you have no proof! after i sent him the PayPal screenshot showcasing his pay-to email

so i prepared my game plan. i sent PayPal the following rebuttal:

losing my PayPal claim

for a few days i reflected on Tolle’s Power of Now. i tried to stay present and not be consumed by Mr Shredder. did i say the right things? there’s a character limit too, you know.

i played out the worst case scenario: i lose. i remembered that time in college when my Jeep was stolen and mom said “it’s only money.” (this meant a lot; my mom is frugal and did not come from money.)

and then i thought about my blood pressure. usually a cool ~108/60, it was now approaching a mild boil. the violating feeling of being taken from tends to have that effect.

then i got the news. PayPal was deciding in the thief’s favor.

Ryan – 0
Jerry – 1

having already simulated this scenario in my head, i was ready to let it go. i’m blessed to have multiple income streams, health, and the skills to make more money from honest marketers.

plus, i had no regrets concerning my evidence submission. nothing i wish i could have changed if given a second chance.

fast forward a few days.

already at terms with the loss i sat in Busan, Korea at a buffet by the ocean. i thought: what if i try one more time?

you see, entrepreneurs aren’t just people who keep trying. they are the ones who keep trying until it works.

becoming a ninja

this section is titled ironically; an obituary to the “Ninja OnePercentClub” membership component of Comulent Social.

while i was OK with the outcome thus far — a $2,100 course sale, reversed, and the prospect of my content being resold to losers — what didn’t sit right was something i mentioned earlier:

i’m smart.

call it arrogance but i didn’t enjoy admitting i lost to someone dumber than me. i mean, the guy sent me his drivers license.

so i appealed the PayPal claim, an option available to me for just a few days following the initial claim’s decision.

filing a PayPal claim, redux

here are the skills i brought to the table for Round II that did not make the cut in my first attempt:

  • coding
  • email screenshots

first, i scraped the entire Comulent Social website and produced a database of 1,849 stolen courses. i put these in a Google Sheet.

next, i recreated screenshots inside Teachable with Jerry’s real name, because John Shredder (unintelligently) signed up again:

my theory is the PayPal team failed to use their brains and connect “John Shredder” with “Jerry Howard,” so i rewrote my message too.

at the bottom i challenged PayPal to their own game, requesting they tell me exactly how one can provide proof of delivery for digital products.

fingers crossed, i hit Submit.

winning

according to my wife i’m a “sore winner.”

i think what she means is competing against me is a bad idea. at least that’s what i shout across the table every time i crush her in Bananagrams.

after scoring $2,100 i kicked off a litany of projects:

  1. filed a DMCA takedown notice on Namecheap, the domain registrar for Comulent Social
  2. spoke with Amember management about shutting down his account
  3. launched a public shaming campaign (covered next)

Ryan – 1
Jerry – 0

leveraging the wisdom of the crowd

my shiny Google Sheet of stolen courses was useless without contact info for each of the creators.

i thought about spending some of my hard-earned blood money on an outsourcer to build an email list, but this sounds like work, and girls just wanna have fun.

so i did what i always do: i tweeted.

https://twitter.com/ryanckulp/status/1094943509738545152

this got some eyeballs to the sheet. about 5,000 to be precise.

if you’re wondering how to set up Google Analytics on a spreadsheet, cue another Tweet from last summer. man this tweet aged well.

https://twitter.com/ryanckulp/status/1020491207192006656

but i didn’t stop there.

i submitted the Comulent Social course directory to Hacker News, reddit, and various Facebook groups for online course creators.

(yes, i made a fake Facebook profile to do this)

within a couple days dozens of course creators sent me their own stories, tips, and thanks for preparing the resource.

ego aside, by writing their own Harshly Worded Emails, many creators successfully got their own content taken down from the illegal marketplace.

spiteful in my spare time

since Jerry is a UK citizen, someone suggested i file a lawsuit in small claims court to ruin his personal and credit bureau reputation.

the government’s online portal requires address verification, so i used Google Maps to check out Jerry’s home. i then reached out to the closest high school to see if they’d share student records.

Jerry Howard 3 Lodge Gardens Hessle UK

in case you think i did something shady, here’s the exact message i sent the school:

“Dear {{ name redacted }}, I am considering a Mr. Jerry Howard for one of our programs and I want to confirm he was a former student who graduated in 2002. His current residence is 3 Lodge Gardens, Hessle. Let me know if I should provide any further information.”
— Ryan Kulp, Lead Instructor, GrowthX Academy

i did not impersonate anyone, and the statement is 100% truthful. but it is surprising how easy it was to request a stranger’s information.

disappointed by this response, i decided i needed more help to ensure my data (from the drivers license) was correct. i needed to be sure Jerry would be served the appropriate legal papers to appear in court.

i hired a “lawyer.”

getting scammed again

long story short i engaged Abdul Akram, a “Barrister” at Akram & Associates Legal Attorneys. he was recommended on some lawyer marketplace.

Abdul was happy to help, exchanging several messages back and forth and then quoting me just $40 USD to file the claim.

he reviewed my materials, asked good questions, i paid him, then…. nothing.

i was conned while attempting to sue another con artist. classic.

Ryan – 1
Jerry – 0
Abdul – 1

winning twice

while i still had $2,060 left over from my first win, it didn’t sit right to be scammed again.

so i filed my own chargeback request via payment gateway Payoneer, and after 10 days of back and forth evidence collection i won. again.

Ryan – 2
Jerry – 0
Abdul – 0

who wants some?

a few lessons for aspiring online con artists:

  1. only steal from people dumber than you
  2. don’t compete against someone with unlimited resources

with the $40 small claims money back in my pocket, i started digging around for opportunities to prevent Jerry from ever being hired:

a microsite with his drivers license, contact information, and this blog post would be a fun weekend project, and a good use of my SEO skills.

for now i’ve simply titled these image files and alt text values to pilot a page 1 rank attempt. we’ll see.

forgiveness

we all make mistakes. con artist Jerry Howard made a big one.

if he apologies and asks for forgiveness, i’ll give it to him.

the $2,100 is mine though. i earned it.