Is your business vulnerable to Fraud?

This past year, there is seems to be a huge surge of hacking, fraud and malicious intent. Take a look by this list from CNET called the CNET Hacker Chart. Some were done as pranks, and others in response to some political change, civil disobedience, and others, more malicious in intent, focusing on user lists, passwords, credit card numbers, etc. These places that were infiltrated should have been the most secure government agencies, and large private sector companies.

Thieves are becoming more creative. The reasons why this could be happening are numerous (unemployment, economy, desperation). What is scary is that these fraudulent people are getting good, really good. I recently received an email requesting about $30,000 worth of Ipads and phones. Did I think it was a scam? My gut said yes, but this company that the Request for Quote came from was a client of mine years ago. (What a coincidence!) I know that they are a legitimate company; I knew the address was real. Because of my gut feeling, I started to do some research. I called the company and had them verify employment of the person who sent me the email. It was verified and he was on the Senior Management Team for the company. This thief also provided me with all the information needed for a credit application, including references. Everything seemed to check out successfully until I started noticing the details.

• Email address. Let me use an example to keep things anonymous. The company’s name is ABC, Inc. The email address with the RFQ was mike@abcinc.com. On the abc.com website, all email addresses were like sales@abc.com not sales@abcinc.com Yes, the company could have multiple domains, but I checked the domain registrar (www.whois.com) and it was not registered to the company. That also means, the thief purchased a domain name similiar to the actual domain name, hoping that this minor detail would be overlooked.

• The ‘Fraudster’ would not, or could not provide a percentage deposit on the items. He claimed they were a big company that had good credit so there was no reason why I required that. I explained that this is the first time, and I needed to ensure this large order. He did provide a PO, but that also threw a flag because big companies usually have their Finance department generate a PO. He wouldn’t be able to get one generated at 11pm.

• Too Pushy. He wanted things shipped out immediately.  Wanted tracking numbers, calling me 4x a day, emailed hourly.

• Gut instinct.. If you feel like something is too good to be true, or if you feel like something is definitely wrong with the picture, it most likely is.

So having said all this, you’re probably wondering what I did. I did two things. First, I called the company, and spoke to HR again. They denied providing me any information before, and generally didn’t want to talk to me. I informed them that is person is committed fraud against a Sr. Executive Officer, and also providing your company’s sensitive banking information and references in order to get credit from other companies. They promptly said, “Thank you for your information, and we’ll contact you if our security team has further interest.” They never contacted me.  Second, I contacted the Internet Crime Complaint Center. This website was formed with the FBI, National White Collar Crime Center, and the Bureau of Justice Assistance. I filed my complaint and concern, and left it in their hands. There isn’t much more that can be done unfortunately.

The person stopped contacting me, so maybe the law enforcement did something to catch the guy, but the skeptic in me thinks that he’s moved onto the next target, providing sensitive company information to others in order to lure them to send him product. The only thing we can do is be on our guard, and do research on those we do business with. To err on the side of caution is never a bad thing.