It feels like the recipient company did an awful lot of work in response to what was <i>at best</i> a fishing expedition. A serious complaint about licensing that demanded a real response would have been sent by post. It's not clear to me that scattershot LinkedIn messages deserve any response at all. The fact that the initial message lies about trying to contact him another way is another check in the "ignore this completely" column.<p>The same way that I wouldn't bother to fact-check a spam phone caller, why give any credence to this kind of thing?
This reminds me of the Blue Jeans Cable / Monster Cable shakedown nonsense.<p><a href="https://www.bluejeanscable.com/legal/mcp/index.htm" rel="nofollow">https://www.bluejeanscable.com/legal/mcp/index.htm</a><p>I wish I could find the original writeup from Blue Jeans, it was frickin' magnificent.
I wonder if it’s possible to demand vendors send billing agreements before running an audit like this:<p>We’re reasonably sure your report is incorrect, and it doesn’t contain compelling evidence to back up its claims.<p>Our standard auditing fee for requests like this is $10,000, pre-paid to an escrow account and refundable if we find the use of an unlicensed font.<p>Or something. Not a lawyer.
Paying for fonts is something I will never understand, I have a perfect vision but I'm nearly blind to fonts it makes nearly no difference to me (except for windings)
Wingdings isn't really a "font" in the same way that Times New Roman is a "font". Wingdings and and Webdings were basically proto-emojis, a vestige of the old "dingbats" publishers would put at the top of chapter pages to make them look nice.<p><a href="https://youtu.be/JdKV1L1DJHc" rel="nofollow">https://youtu.be/JdKV1L1DJHc</a>
“But before responding, the digital team would do their own investigation into the fonts we use and the licences we own so we could verify everything was in compliance. […] messaged a dozen or so more people from different parts of the business, hoping to hook just one person who would reply to the scary message they were sending.”<p>Piece of advice for the future: if you receive a message like this, and don’t want the sender to reach out to other people in your organization — acknowledge the message.
…I would think the appropriate behavior would be for the security team to send an announcement stating they've seen an uptick of phishing emails, with an example screenshot, and to please not respond to phishers.
The business has no contract with Monotype, has conducted no business with Monotype, and has also (as they double checked) committed no infringement against Monotype. In short, the Monotype sales rep has no entitlement to any of the business' time.
I thought the standard procedure is to forward the message to the appropriate department. Never give any acknowledgement.
By spamming multiple people at multiple departments, Monotype is probably relying on one department screwing up and responding with something that’d strengthen their (non-existent, apparently) case.<p>Since their behavior is indistinguishable from scammers, it probably makes sense to also ask procurement/design to additionally ban the vendor.
> acknowledge the message<p>I think it is more nuanced than that -- they are sending a message via LinkedIn, is it really the company or a scam?<p>You should take time to respond appropriately and not be rushed in all cases. By acknowledging the message they'll want to continue the discussion. It's probably worth considering a standard response to approaches like this, along the lines of "Please contact us on generic-something@domain, I cannot discuss this on my personal social media account."
If they're following scam rules, they're not going to stop until they get someone hooked and engaged.
Do these tactics ever work out for companies in the long term?<p>Over my 20 years in tech, I've seen a couple cases where someone installed something they shouldn't have and we got threatening emails from the companies who somehow caught wind.<p>It's always resulted on our side with a total corporate ban on using <i>anything</i> from that company, even things that are otherwise OK / open source.<p>For instance at a previous company I worked, Oracle came calling for "VirtualBox Tools" trying to charge us some asinine amount because like one user had it installed and they wanted us to pay seats for the entire company. This resulted in a swift and decisive total corporate ban on VirtualBox.<p>I've seen this at a couple companies and can't imagine we're alone in this. You're trading long-term business for short-term gains.
This is like the old IBM shakedown playbook "we have thousands of patents, if we dig enough we'll find one you infringe upon, so better pay for peace of mind". I do assume that like in the case of IBM, some companies do pay...
In the United States if someone makes a false statement about you, comminicates that statement to a third party, and that statement can or has caused financial harm, you can reocover damages in court. If there are similar laws in your country. it's probably worth sending a demand letter to cover the time wasted on investigation.
I think monotype would argue they only sent the message to the company they were shaking down.<p>Of course, LinkedIn’s ToS might beg to differ. I wonder if the bar is worded like a big and statement like you said, or if the disclosure to the third party has to be part of the chain of harm or something (and what precedent says).
I'm not typically sensitive to AI-sounding text but those image captions leave me understanding others' issues with it.