Is That Product Order A Scam? Here's How To Crack Down On Channel Fraud

The IBT, which comprises agents from the Royal Canadian Mounted Police (RCMP) and the Office of the Superintendent of Bankruptcy, said the suspects orchestrated several fraudulent bankruptcies and victimized hundreds of Canadian and U.S. companies, including numerous solution providers, by placing credit orders for products that they never intended to pay for.

The individuals, whom Canadian officials have not named, face charges of conspiracy, criminal organization offense, false pretense, fraud and identity theft. Additional charges and arrests are possible as the investigation into the group's activities continues, according to an RCMP spokesman. The RCMP declined further comment, as did the U.S. Department of Homeland Security, which assisted the Mounties in the investigation. While law enforcement officials did not name the alleged fraudulent company the suspects operated, several sources said it was AVI Electronique.

Unfortunately, the arrests and seizure of equipment in Montreal have been an exception, rather than the rule, in the fight against fraud and criminal activity perpetrated in the IT channel for many years, said several executives who track such activity.

Five years ago, CRN detailed the prevalence of "bustouts" in the channel, scams by which criminals acquire clean, but often dormant, companies with the hope of obtaining credit terms with distributors and solution providers to receive IT equipment. After piling up the bills, the criminals disappear, taking the products with them to sell for pennies on the dollar on the black market or overseas. In many cases, the proceeds are used to acquire more companies to continue the cycle of fraud and deception.

It's a cycle that perpetuates, as in the case allegedly involving AVI Electronique, because those that get victimized sometimes don't even realize they were victimized or don't want to publicly admit it, according to several channel executives. The losses get written off as bad debt, a customer whose business went under, and are swept under the rug. But when you peel back the covers, it's often the same individuals, the same patterns, the same addresses spread across multiple companies all committing the same scam: maxing out credit lines and disappearing before the bill collectors come looking for them.

Some distributors and solution providers are fighting back, though. They're learning about red flags to watch out for and developing systems to ferret out fraud and prevent millions of dollars in losses. However, "bustout" schemes are only part of the fraud game in the channel now, according to Gary Bares, president of Verifraud, a firm that specializes in helping VARs and distributors protect themselves against fraud. As IT companies become better at recognizing possible fraud, the bad guys are adapting.

Today, fraudsters often pose as real companies, organizations, businesses and educational institutions -- in one high-profile example, even a military organization -- by gaining enough information about the company to set up spoof websites, addresses and other information to trick suppliers.

More than ever, solution providers and distributors must be on guard against scams that could irreparably damage their business.

CLOSE CALLS

AVI Electronique wasn't the only company that allegedly piled up a slew of unpaid bills for solution providers and distributors last summer, according to distribution sources. A credit report obtained by CRN for another suspected fraudulent company shows more than $260,000 in credit extended by eight distributors and VARs. That company and its executives have also disappeared, leaving the creditors high and dry with little recourse, said several channel executives. CRN is not identifying the company because neither the company nor the individuals associated with it have been charged with a crime.

One distributor, Tech Data, got lucky. It extended credit to the company but was able to get paid before the executives disappeared, said Scott Heim, fraud manager at Tech Data.

"Normally we would have caught this in the front end, but it did slip through the cracks," Heim said. "They were claiming a big market presence in the U.S., but there were no market presence indicators that the products they were buying were staying in the U.S."

The company in question blasted out numerous credit applications in the fall of 2011 and continued to do so for nearly a year as credit lines were extended because the business showed up "clean" in credit reports. Few of the organizations extending credit investigated enough to know that at least one of the individuals associated with the company had been suspected of fraud on several previous occasions and that the company vanished with hundreds of thousands of dollars in IT equipment, said Verifraud's Bares. He said it's not unusual for alleged fraudsters to disappear, which makes it difficult to prosecute because it's hard to prove they knowingly committed fraud and were not just bad businessmen. CRN was unable to contact the company, which did not respond to an email or list a phone number on its website.

The company maxed out a $32,000 credit line with SED International, a Lawrenceville, Ga.-based distributor, and was looking to place larger orders, said Chris Colley, director of litigation at SED. But SED told the company it had to pay back the open line of $32,000 before its credit line could be reviewed for an increase. The company paid up but SED closed the credit line, Colley said.

"This is the kind of thing that we take very seriously. We looked at this company very closely. They looked good on paper. Everything looked fine," said Colley, who estimated that SED gets what it suspects are numerous fraudulent attempts each month. SED works with Verifraud and other trade groups and networks with other channel companies to detect fraud.

"Sometimes they start small and appear very convincing. This recent attempt was exceptionally good. When [Verifraud] reported to us there was a problem, we realized there was a possible issue and fortunately we were able to recover our money," Colley said. "We work very hard each day to avoid fraud and we are fortunate enough to catch most attempts."

It took a lot of effort and education to learn the signs of a possible fraud, Colley said.

"We were in a learning curve. We've always been very careful about watching for this type of thing. We have worked with Verifraud for many years and we certainly give them credit for helping us to prevent several losses over the years. With their help, we are constantly learning new preventative measures," Colley said.

Now, SED has a special "Fraud Alert" page on its website that offers tips to solution providers to protect themselves from fake orders.

FIGHTING BACK

Fraud scams cost solution providers millions of dollars a year and can put unsuspecting businesses at risk if the loss is too large, said Darren Skarecky, vice president of finance at Insight Enterprises. The Phoenix-based solution provider used to lose more than $1 million annually in fraud before it got more serious about the problem and took steps to eliminate it, he said.

"It's always been a big challenge. Before, these were written off as bad debt because they were uncollectable. We were digging in deep [to collect after the fact] before trying to identify [fraud] on the front end," he said.

Skarecky estimated that Insight now loses far less than $100,000 annually due to fraud and that's only because some orders slip through the cracks because Insight hasn't properly followed its own fraud protection processes and guidelines.

"Those ones, we should have identified. Our fraud loss is minimal to nothing now," Skarecky said.

To reduce its fraud losses, Insight Enterprises started validating ship-to addresses and phone numbers for all new customers. It can be a tedious, manual process but the reward of less loss by fraud outweighs the costs, Skarecky said.

In truth, it's hard to calculate how much a VAR actually "saves" by detecting fraud. As Skarecky points out, if you deliver one order for $10,000 that gets paid by a bad check, the true loss could quickly escalate to six figures on a larger follow-up order before the default on payment for the first order gets noticed.

"You have to stay ahead of these things or it will cost you hundreds of thousands, if not millions of dollars. You spend money up front, but you save a lot on the back end," Skarecky said. "You have to build in as many [prevention] practices as you can."

Most companies build expected bad debt into their budgets but many don't try to calculate how much of the bad debt is actually fraud, let alone seek to reduce that fraud, Skarecky said.

"Companies can lose 50 basis points [of profit] because of bad debt and it becomes acceptable. But I challenge those companies to look at those losses and start doing an analysis of what could have been preventable through anti-fraud techniques," he said.

A large company such as Insight can afford to have dedicated resources to investigating possible fraud order, Skarecky said, but even smaller VARs should train their salespeople on what to look for, which Insight still does, as well as let salespeople know if a new scam is going around.

"If you're not staying in front of it, you're going to be hit hard. It's amazing what they can come up with. We always feel we are chasing it a bit, but you have to stay as close as possible," Skarecky said. "If you feel you have a good system, if you get comfortable with it, you can get hit."

INCREASINGLY DEVIOUS

Skarecky is right to remain vigilant. According to Bares, fraudsters are upping the ante to avoid detection. Today, they're not just resurrecting dormant companies; they're often spoofing real companies.

The fraudsters even copy source code from a real company's website and then register a spoofed website that appears close enough to the real thing to throw some credit managers off, Bares said.

For example, organizations will use a website ending in .us when trying to impersonate a .gov or .mil customer in attempts to tricking suppliers into believing they are a government organization. To impersonate education customers, the fraudsters will add "edu" before the period in a website to make it resemble an .edu website (for example, stateuniversityedu.com).

Some people have gotten away with so much for so long, Tech Data's Heim said, that they're even brazen enough now to impersonate Department of Defense procurement agencies. In one instance, fraudsters used www.dtra.us to impersonate the Defense Threat Reduction Agency, which uses www.dtra.mil.

The alleged perpetrator tried to have $200,000 worth of iPads shipped to Maryland, but Tech Data caught the scam before they were delivered and relayed the information to federal authorities, Heim said.

To protect against such schemes, solution providers and distributors should pay careful attention to a customer's Web address that might take them to a different but similar-looking address, Verifraud's Bares said. "Keep an eye on the browser to make sure it doesn't go somewhere else," he said.

Fraudsters may even include links to the company's real site to further try to throw VARs off the trail, Bares said.

In this type of corporate identity theft scam, criminals pretend to be Fortune 300 to 500 companies, not mammoth companies like Hewlett-Packard or IBM but not mom-and-pop shops either, Bares said.

"One of the dangers is that a lot of times they're big enough companies that you might already have an account for that company. If a salesperson enters the order for that account and nobody checks the ship-to address, that's a huge vulnerability," Bares said.

HIGHLY COORDINATED

The overwhelming majority of fraud originates overseas, often in West Africa and sometimes using individuals in the U.S. and London to help (sometimes unwittingly) get the products out of the country.

Typically, the fraudsters don't rent an office space. The companies recruit individuals via email blasts, employment websites and even dating sites to accept deliveries of products and then reship them to different international addresses. More often than not, the reshippers don't even know they're handling fraudulently obtained equipment, Bares said.

"They start talking to someone and then say, 'Oh, by the way, can you send these packages for me?'" Bares said. "One woman that police talked to was distraught. She thought she would be marrying this person [who asked her to reship products]. The picture they sent her was literally a picture of Tom Cruise. She had even bought a wedding dress. They'll deceive them and look to gain their trust."

VARs should regularly check customers' ship-to addresses, especially those that have street views available through online mapping sites as part of their verification process, to ensure they are commercial locations, Bares said.

About 20 percent of the time that criminals pose as a real company, they have obtained the actual bank and trade credit sheet information from that company, Bares said. That poses additional problems to detect fraud, he said.

"They have someone in the U.S. intercept legitimate credit applications coming through," Bares said. "The rest of the time they fill out the credit application without filling out the reference field or they put a couple of other [fraudulent] companies that they have ties to out there."

Efforts to thwart fraud are not helped by several states where it's possible to pay to revive an old corporation that is no longer in operation, Bares said. That allows fraudsters to restart old companies and let them appear as if they've been active longer than they really have been on credit applications. It takes more drilling down to access legal documents and investigate whether it's the same executives listed or new ones, Bares said.

In one example, alleged fraudsters reinstated a company that hadn't filed any legal documents for two years. When they brought the company back to life, they initially kept the old CEO's name registered with the company (unbeknownst to the ex-CEO) and then blasted out credit applications. Four months later, after receiving credit lines, they removed the CEO's name and added a new CEO a week later.

CRACKING DOWN ON FRAUD

There are a number of ways solution providers can reduce if not eliminate the fraud threat, Bares said.

First, be more vigilant in validating all the information on a credit application. Make sure the e-mail address is a corporate e-mail address and not a Gmail, Yahoo or other address. Also, check their website and physical address. If the website includes information that is off slightly or the headquarters address is a residential address, investigate further, Bares said.

His experience shows that companies intent on fraud blast out credit applications to large numbers of VARs and distributors at the same time with the hope of victimizing as many as possible before they notice or start talking to each other. Consequently, it's invaluable to develop strong relationships with peers and industry organizations to share information. It's the velocity with which the fraudsters work that makes it difficult to warn others, Bares said.

Tech Data's Heim said his company makes it a common practice to ensure the shipping address is a commercial location and that the company's phone numbers are not cellular accounts.

"We train our reps on different red flags. It might be a strange trade reference, something outside the industry or something that is self-reciprocating. Or [it can be] a physical address that's a UPS store or a Mail Boxes Etc., or the website doesn't work or hasn't been in business for five years. We look for things that don't make sense," Heim said.

Tech Data's experience is that suspected fraud can also be detected by the type of products being ordered, with memory, hard drives, notebooks, tablets, switches and projectors being the most sought-after items. In addition, a request for overnight shipping is a big red flag, Heim said.

Tech Data receives hundreds of applications for new credit terms each month; a small percentage of those get a closer look because a red flag is raised, he said. A portion of that number gets denied upon further investigation. About four or five times a month Tech Data detects a confirmed fraud attempt against the distributor.

"We'll do analytics too. Of the applications that get denied, are we making the right decision? We'll do a secondary review after the initial denial," he said. "Typically on the ones where we definitely feel there is fraud, we usually don't hear back from them. If we do hear back from them, we'll take another look but we almost never reverse the course on those decisions."

Hackers have been known to surreptitiously embed malware in resellers' systems in order to capture user IDs and passwords for distributors' ordering systems, Heim said. With that data, they can place fraudulent orders directly with distributors. Tech Data typically catches such orders with its anti-fraud processes because the products are slated to ship to residential addresses, which raises a red flag, Heim said.

"Typically, the VAR has no idea they have been hacked. We let them know quickly and run through how the fraud scheme worked with a keystroke logger," he said. "We tell them to run antivirus on their systems, change all their passwords with all their suppliers and online banking accounts."

Still, it shows how vulnerable solution providers are and how sophisticated criminals can get, he added. Because much of the fraud originates outside the U.S., there's little that U.S. law enforcement can do, Heim said.

"It's truly a global arena for fraud," he said. "One of our major initiatives is to educate our customers. They're concentrating on the business end of things. A majority don't think it can happen to them. We've recovered over $3 million [in attempted fraud] for our customers [last year]. That's a huge recovery number for our customers. We feel it is part of our value-add. I get the emails from the CEOs of these companies. They want us to train their employees. We help them in any way we can to help them from getting hit in the future. It's not going away."

A small reseller that loses a six-figure sum to fraud could put itself in a dire financial situation. "That's a huge hit to the bottom line. A lot of them don't understand the magnitude of the problem until they're faced with it. But the numbers are real," Heim said.

PUBLISHED FEB. 4, 2013