Friday, 2 September 2016

"Purchase Order Fraud"

Lots of paperwork & highlighting later
I've got it, I have finally got to the bottom of the scam where we were attempted to be robbed and has caused us significant hardship. This took a lot of phone calls following the path of these goods and looking for clues. I found other companies that have been duped and for most was very confused about the reasons for the type of goods being targeted for theft. In this event we know it included Blood Pressure Monitors, Multi-gas Detectors, Bladder Scanners and most worryingly chemical Liquid Hotplate Stirrers. All sorts of conclusions were running round in my mind and I woke this morning feeling this has to be escalated.

Looking again through all the complex communication I spotted something. A mistake from the scammers. They fake the time shown on the email to look like the UK. But when they reply to my message, their computer adds a real time and date stamp they cant see. It shows when my email landed in there inbox. It shows them being -8 hours from us. So, indeed they are overseas. A quick look puts them in the region of California USA. But how would they get the goods? Also, what sort of Hospital/University in California would be buying stolen medical equipment?

I jumped onto the best international detective service, Google. Then, in the words of the great Lieutenant Frank Drebin "Bingo". I found multiple articles. They seem to originate in California about a scam the FBI call "Purchase Order Fraud". It looks like it was heavily reported around two years ago and the details are not nearly the same, they are exactly the same. So, it appears the scammers are resident in California where they initially targeted local companies in that region. This grew to the whole of the USA and now they are expanding the operation overseas. news.sofpedia.com reported in October 2014 "A new, highly complex Nigerian scam is currently aimed at retailers in the US, in what FBI calls "purchase order fraud". Various articles indicate that the goods were quickly moved on to Nigeria and this explains why the scammers had attempted to enlist a 'cross docking service' in Stourbridge where they said DHL would arrive with shipping docs. They also describe how the scammers recruited people to assist with moving equipment in what they believed was genuine. It describes the processes used with key detail. It claims this huge scam was investigated by Special Agent Joanne Altenburg.
In another article written by Michael Cooney for Network World it is again claimed that the FBI warned of a Nigerian based criminal group using fake email addresses to defraud retailers. As of Oct 2014 they reported 85 companies and universities across America were used to perpetrate the scheme with $5 million lost.

On July 10 2014 Jenny Lower reported for 24x7mag.com where a supplier Ultra Solutions of Ontario, California was interviewed. They describe a 'widespread new scam targeting the medical supply industry, posing significant risk to small and mid-sized companies'. In the article it says 'According to Sterling Peloso, CEO of Ultra Solutions, the Federal Bureau of Investigation told him the hoax has already succeeded with at least 185 businesses, resulting in losses in the millions to tens of millions of dollars'. It again describes the detailed process which matches the process now happening in the UK. However it says the equipment is immediately reshipped to Africa, typically Nigeria.

Through my own research I have now seen that in the USA the scheme has used the University of Nevada, Las Vegas. It is known by the Florida State University and University of Michigan. In the UK we were conned using names from the University of Greenwich but we now know that the names from University of Bath was used to try and steal bladder scanners. Suppliers have also been targeted using the University of Reading and Aston University. What amazes me is it seems that the UK attempts have been reported to ActionFraud yet they seemed completely baffled by my initial report & subsequent reports. Its time for them to urgently pull these reports together, alert industry and perhaps City of London Police need to communicate with the FBI who seem to have made some ground on preventing this in the USA. What would be good for all the small and medium enterprises who face survival risk as a result of this, is if you even bring someone to justice.

The Scam Process Described
In all cases I've read both here and in the USA the process is mirrored in detail. In order to protect fellow businesses from unnecessary loss of time, goods and capital please beware of these and...erm...report to ActionFraud (My 20 calls to police included 3 to action fraud never resulted in any call to "action" but its worth following advice I guess)

1. Your organisation receives an invitation to quote for goods. In this case medical equipment. It requests terms Net 30 days. Crucial to the scam of course. The person appears to be a real person from the university. in this case the Director of Procurement with a 'nearly' matching email address, but crucially, not the ac.uk part. Crucially there are grammar errors (hindsight) in the signature of the email.

2. Following your quotation you receive an 'official' purchase order. The document uses a faked document. (hindsight) it doesn't look an order created from an accounts software application, it is a word generated document with fake logo's etc converted to Pdf. It states terms net 30 days. It has a shipping address different to the University or any of its campuses.

3. A fake second person gets in touch, she claimed to be from the finance department and again uses a real person from the university finance department with a faked email address. She chases delivery (not unusual) but also keenly chases the tracking number. Crucial detail. The goods would be shipped to a storage company, in this case Mitcham, Surrey. There is a fake company name used 'Greenwich Surrey Division Centre'. The result of this is that the real delivery is refused at the storage site becasue they don't recognise the company name. They go back on vehicle and returned to local depot.

What we sent: A Jiffy Bag with a pic of a prison van inside
What they tried to steal
4. Goods are then collected at a courier depot by one of the scammers 'runners/fake employees', however, our delivery could not be tracked (we hadn't sent it as we got suspicious). Within a few days we started communication to keep the scammers reeled in as we believed the police would intercept for us (they didn't). We sent a 'parcel' to try and trap them. We sent a jiffy bag to give the scammers a tracking number they were desperate for, to see if the police could follow that tracking number also and see if they could catch someone. We couldn't get any progress from the police though.
They give us a second forwarding address. Its a haulage/warehouse company in Stourbridge, west midlands. A perfect legitimate company. By now the English grammar mistakes in the emails are increasing as ts open conversation. They give us a new fake person to deliver to. Kenneth Smith.

5. The scammers attempt to arrange DHL collection from the haulage company and using further fake companies/emails they try to enlist the unwitting haulage company to hold onto their goods ready for DHL transfer. The fake person is also the person trying to set up the cross docking agreement. In this case. Kenneth Smith kensmith@procurementparts.net (fake). He leads the haulage/warehouse company into thinking they could set up new long term business with them. At this point they would be shipped abroad.

6. All this takes place well within the 30 days credit afforded to the university for the supplier. They invoice the university which eventually comes back as unknown with no purchase order raised. The goods are long gone and the haulage company has provided services in good faith and is never paid.

Case Closed, if you need a blood pressure monitor ( I did this week), I've got a few for sale

Tony McCool
@antmccool
www.coachandpeshop.com

 *Update:- Just as we post this blog, we get an email. We had send that Jiffy Bag to try and keep the criminals hooked, thinking that would be good for the police. Well, the person pretending to be Irene Pacheco (ex Finance Employee of University of Greenwich) who is of course innocent has been online chatting to the courier we used. Little does he/she know, the courier has sent us the conversation on email. They still want the goods redirected to the company in Stourbridge which is bizarre, but some way pleasing to know they are chasing a Jiffy Bag, not £11k of Medical Equipment, but also, frustrating. This is a huge crime, ongoing. I have only described what I know, there must be much more to this and I believe this is preventable and investigable.

ActionFraud by definition:- 
"The fact or process of doing something, typically to achieve an aim"