11 Ways To Detect Fraud Scams Against Your Business4:00 PM EST Fri. Feb. 01, 2013
Solution providers both large and small are getting victimized by fraud scams. The results can be devastating, especially for a small VAR. What can solution providers do to protect themselves against a potential six-figure loss? Gary Bares, president of Verifraud, a company that specializes in identifying channel fraud, offers some tips on how to spot a potentially fraudulent order.
For more on channel fraud, check out our special report, available exclusively on the CRN Tech News app for the iPad.
When a credit application, order or an inquiry about product pricing and availability comes in, make sure the sender's email address matches up with the real website for the applicant's or customer's company, advises Bares.
Everything about a credit application via email might appear legitimate, but sometimes the email comes from a Gmail, Yahoo or other third-party email provider that is not directly associated with a large company.
The email might also come from a spoofed account that, again, is close to a real company name but not quite the same. For example, it might include an extra dash or add "inc" at the end of the domain name.
In some cases, credit applicants or interested customers outright lie about their history, Bares said. In one case, a business claimed to be a company that had grown to become a $7 million VAR over a long period of time, but a simple check into the history of the company's website at archive.org found that the site was selling fashion accessories a year ago.
"They had a line of business change, a contact change," Bares said.
Such discrepancies could be a sign of a "bustout" scheme in which a floundering or abandoned company is acquired for the sole purpose of acquiring credit lines and disappearing without paying the bills.
Most fraudulent orders are placed for a small subset of products without serial numbers that makes them hard to trace, especially toner and memory. But projectors, displays and laptops are also highly sought-after items, Bares said. "You can trace those but it's not worth it to go all the way to Nigeria," he said.
With the advent of VoIP, fraudsters often set up phone numbers with the same area code as a legitimate company. But a quick call can confirm some suspicions, Bares said.
He's called numbers and found ones that were rerouted to voice mail for a wireless caller.
When an email for an order or credit application comes in, look up the listed website's domain registrations. If something is fishy, it might show up there first, Bares said.
"Almost every single time, you'll see the website was just registered in the month or so prior. They're impersonating big companies that have been around awhile, so a website shouldn't be new," he said.
If a company's main Web page includes a "Coming Soon," message, that's another indication something could be wrong, Bares said.
Check where a website was registered. Fraudulent companies tend to use more offshore or privately hosted sites, Bares said. "A lot of legitimate companies will use privacy [registrars] too, but the fake ones seem to be more foreign [in origin]. If a company is not multinational, you wouldn't expect a foreign domain registration," he said.
Many times, communication from a fraudulent company will appear in broken English or vary in sophistication, Bares said. "Eight out of 10 times, they use language that is itself a little odd for a larger U.S. company, like, 'We wish credit form,'" Bares said.
Because fraudsters rely on quick transactions in order to secure goods and then disappear before creditors start snooping around, they will request one- or two-day shipping and be very forceful about insisting on that delivery request, Bares said.
"They used next-day shipping in the past, so companies are starting to look for that. Now they're going with two-day shipping but they generally have more aggressive behavior [to get the products]," he said.
It's quite easy to see the location of a delivery address thanks to Street View in Google Maps and other map applications and sites. Check out the delivery address and if it looks like a residential location -- and not the headquarters of a large commercial company -- be wary, Bares said.
He also recommends doing a search with just the street and town. "If it's a big company, you should get tons of hits [for the company on that street]. If nothing shows up, you have an issue," Bares said.
Many times, fraudsters have acquired several companies with which to trick creditors. Those companies may seem to have little in common with each other, but the criminals often use them in small, self-reciprocating buying agreements in order to build a purchasing history and cleaner credit reports. VARs should investigate credit references further to ensure that the companies don't have a common address, phone number or key executive.
This is an area where many VARs and distributors get caught, Bares said. Many professional fraudsters have figured out how to use false or misleading documents to make a company look clean with a long purchasing history. VARs performing a simple credit check through Dun & Bradstreet or another agency won't necessarily find anything suspicious, Bares said. You need to dig deeper to protect yourself by following the other tips, he said.