Internet scamming has become an industry in itself. The “industry” was worth an estimated $12.7 billion in 2014. I have received some pretty bizarre scam messages and most are pretty easy to spot.
My rich uncle died in a car crash in Nigeria and left me a fortune in Captain Crunch decoder rings;
The daughter of husky and cannibal-toothed dictator Idi Amin has $120 million in a Swiss Bank, and now she wants to share it with me because I am a nice guy; and
I have won a team of flying reindeer and a magical sleigh full of toys, and all I have to do is send a Western Union money order with a very nominal shipping fee to have them shipped to my office for Christmas.
Fortunately, thanks to my limited common sense and a dash of web research, I have kept my cash.
Now, finally, after all these years, contractors are dealing with their very own scams. I suppose it had to happen sometime. Are contractors getting the recognition the industry deserves? This should honor and terrify us.
Here’s the scoop: Some of our websites identify with contractors. We publish a lot of information, and our email addresses are all over the web. To the untrained eye and Google keyword searches, we at River Heights Consulting probably appear to be a contractor. A week or so ago, we received this request:
XXXXXX (a credible sounding name) Corp is interested in purchasing some product in your stores and Kindly get back to us with the company website and along with the product price list And Let us know if Bank Credit (Letter Of Credit) is okay by you for the payment.so that we can authorized our bank to get back to you with the official letter of credit.
Thanking you in anticipation for future business ahead.
(Followed by real company address and signature)
The signature contained everything required of a real company except a phone number. With a little research, we discovered the company was real. And, a quick discussion with its accounting department revealed that scam targets and victims had bombarded the organization with phone calls. Actually, a very nice lady there asked me to forward a copy of the original scam email.
We later discovered that the major difference between the real company email and the “fake” email address was the addition of the word “supply” at the end of the address (i.e., sales @w.e.coyotedistribution.com vs w.e.coyotedistributionsupply.com). We have to give the scammer credit for one point: The email was not a Yahoo, Gmail, or Hotmail account.
CONTRACTOR−FOCUSED SCAMS ARE PROLIFERATING
Over the next week, I received multiple versions of this type of request from similar organizations. There’s money in these types of things. And since contractors are mostly in the business of providing services to folks they know, or are at least local customers, many are not wary of this type of scam. In recent months, I have tracked this type of scam in the wholesaler side of the HVACR business and uncovered literally tens of thousands of dollars lost to criminals of this ilk.
The phenomenon of selecting contractors (and other related businesses) is new and growing fast. In less than a week of probing, River Heights Consulting has heard from a half-dozen businesses who wasted either time or money pursuing the opportunity of unloading some surplus product. And, in one instance, the scam artist even convinced a contractor to order in a few parts that were “in scarce supply” in another part of the country.
Tracking these folks is hard. Typically, they use the address of vacant buildings or empty lots and arrange to meet the driver en route, thus making it harder to identify them. Almost all are using credible company names in messages, leading recipients to trust they already know who is on the other end.
Don’t just think it can’t happen to you or your company. These scammers are often smarter than we give them credit for. I believe we, as a group, must be vigilant.
Here are some thoughts on protecting yourself. We can’t state it strongly enough; these people are crooks. What’s more, a few of them are criminals of the worst kind — intelligent, well-financed, and organized. No doubt, a few of them will find their way to this article. With this in mind, understand a few of them will find ways to neutralize your best efforts to thwart their thievery. However, here are a few things to consider:
Poorly written emails are your first line of defense. You can assume a good many of these people are working from cramped internet cafés in third-world countries. Many cannot speak English well and are following scripts to get their requests into your inbox. If you get these emails, don’t respond, don’t taunt them, just delete and move forward.
The email inquiry comes from a generic email account. Trust me, major universities, large corporations, and even small to mid-size companies don’t use Hotmail or Gmail accounts. These will look impressive. They place logos in appropriate positions, and the jargon will be very convincing. Further, don’t let official documents fool you. The truth is, many of the scammers have learned to mix real and fake documents.
If the company is from outside of your normal service area, ask yourself why did this person decide to reach out to your company? While you have great service, a sterling reputation, and all the rest, why did they choose you?
If the company has never done business with you before, why are they suddenly asking you to provide a list of your surplus inventory or even asking to buy without some kind of bidding process?
Never call the number provided on the email. The last “scam request” we reviewed came from a large Pittsburgh-based corporation. The name of the request was good, the address was real, but the phone number rang to a Google number which forwarded us to a “gentleman” whose command of the English language did not come anywhere close to someone carrying a director of procurement title.
Never accept a certified check or letter of credit. Many people believe bank-issued certified checks and letters of credit are as good as cash. In reality, they are one of the most commonly counterfeited financial instruments in the world.
Check the properties of the email. This requires clicking on the full email properties, which is easy to do if you are using Outlook. The same email address will be found throughout the email. In a recent scam request, the properties showed the email routed through the servers of Arizona State University (asu.edu). I suspect they were hacked.
BEFORE WE GO
Understand, the weakest link in your organization is the newest person. Don’t assume everyone knows the ground rules. Review the topic with anyone capable of shipping out product. Never allow anyone to step outside of the normal credit approval policy.
Finally, if you have been hit by one of these scammers, please send me a note along with some details. We need to look out for one another.
Publication date: 2/20/2017