An old scam has rolled back as a wave of purchase order scams with a new speciality and target.
This year, we saw the bogus boss email going around where someone posing as the boss, instructs employees to transfer money into the fraudster’s account. Now add purchase order scams to the festivities and the mischievousness circle is complete.
How do they do this?
Corporate information is posted publicly on a company’s domain and is freely available to any Tom, Dick and Harry, enabling the fraudsters to generate purchase order requests for various supplies. Industries that have the potential to be targeted include food and beverage, hospitals and the pharmaceutical industry because the products that are ordered can be easily resold through a number of channels. The orders often focus on equipment, clothes, office products, etc. These items can be sold to anyone, almost anywhere, sometimes to support illegal trade.
Once the criminals have information like email addresses and phone numbers, they will proceed to stalk their targeted victims like a jealous ex. They use email as the preferred method of communication. The emails might look professional with company logo and signature at the bottom but it may come from a free email server such as Gmail. When examined more closely the email address may appear to be valid from a particular “company” however when the cursor is moved over the sender’s name or email address, it reveals the real email address hidden behind the false one. The email signature tend to set the receiver’s mind at rest and prevents them from double checking the sender email address.
When all other methods of communication fail, they turn to the telephone. Invented by Alexander Graham Bell and popular with stalkers, women and telemarketers, annoying people world-wide. Calls will appear as private numbers and most of the time there is a charming lady at the other end, (I bet at gunpoint), to get a quote for products from suppliers. An existing purchase order is either copied or designed from scratch to have the supplies shipped once the quote is delivered. They either pay by credit card, also obtained in an immoral manner no doubt, or using the 30-day window to pay for the product, leaving plenty of time for the charlatans to get away with their crime.
Purchase order scams, like any kind of theft, are a huge pain in the nether regions of companies, in fact you need an epidural for that kind of pain. As mentioned, most orders are done via email or phone, and the thieves use a stolen credit card to pay. The company that was violated, fraudulently, will be protected by their financial institution but the supplier that was duped and shipped the supplies is the poor sucker that has to take a financial loss.
Therefore, it’s up to the supplier to check orders and verify them. Tips to minimize an unfortunate experience such as this can include:
- If a bid was not submitted by the supplier, a purchase order wont be received by the supplier.
- When a purchase order is received by a supplier the entity placing the order needs to be identified and there should be a signature on the order.
- The validity of a purchase order needs to be verified. Never assume that any purchase order is valid. If there is a point-of-contact listed on the order, phone them to make sure it is valid. Be alert to the possibility that the phone number on the order might be fake too.
- Location, location, location. Attention should be paid to the delivery address. If the 5-star Plaza Hotel in New York suddenly requests that 10 cases of Dom Perignon be delivered in a back alley of Harlem, the hair on the supplier’s neck should stand on end and he should definitely question WHY they should deliver $13200 worth of Champagne to one of the most dangerous neighborhoods in New York City and not at the usual deliveries section of the hotel.
- If, after checking, you suspect the purchase order to be fake, report the incident to the to appropriate law enforcement authorities.