Solution providers make their living securing the networks and data for customers, but they should also be taking steps to ensure their own business identities aren't compromised. One VARBusiness 500 solution provider says that someone hijacked his identity, set up a fake Web site using his name and logo and is now trying to order products in his name.
The deception is emblematic of a growing practice in which credit fraud scammers are accounting for untold millions in financial losses in the channel.
Doug Green, executive vice president of CCT Technologies, doing business as ComputerLand of Silicon Valley, said he first heard of the alleged scam when a San Diego-based solution provider, Ricoh Business Solutions, called him to inquire about a RFP for 860 Hewlett-Packard inkjet cartridges and 300 Intel processors supposedly sent from ComputerLand of Silicon Valley. But Green said he only buys from authorized distributors and had never placed the order.
Upon further investigation, Green discovered that someone had built a Web site (clandsv.com) that closely resembled his company's own real Web site (cland.com). It lists the correct street address, but the phone number and e-mail address are not associated with the real ComputerLand of Silicon Valley, he said. "It looks sophisticated for a three-day turnaround from the time we found out about it," Green said.
A call to the phone number listed on the fake Web site was automatically forwarded to a voice mailbox for "Doug Green."
The fake Web site was registered on Sept. 4 and lists a Doug Green in Kentwood, Mich., as the administrator. A man who answered the Michigan phone number listed said he had never heard of Doug Green or ComputerLand of Silicon Valley. He said the phone number was his personal cell number and that the only Web site he had ever registered was for a youth soccer program in Grand Rapids, Mich.
The real ComputerLand Silicon Valley is ranked No. 440 on this year's VARBusiness 500 list with $31 million in revenue. The company has been around since 1991 and this is the first time it's been a victim of identity theft, Green said.
Green provided CMP Channel with copies of several documents related to the fake RFP, including a purchase order with ComputerLand of Silicon Valley letterhead, a Ricoh work order agreement with Green's fraudulent signature and the phone numbers listed from clandsv.com, and a hand-written credit application that the alleged scammers filled out for Ricoh using ComputerLand's personal information.
The credit application, signed Sept. 18, includes two of ComputerLand of Silicon Valley's legitimate bank account numbers and three trade references--a commercial lender and two distributors--with which the solution provider does business.
"I think they may have posed as a vendor at some point and got a hold of our credit references," Green said. "The signature [on the credit application] is totally bogus. It doesn't look anything like mine."
Executives at Ricoh Business Solutions in San Diego could not be reached for comment.
CMP Channel also received a copy of an e-mail RFP sent to a Florida company that was purported to be from Green and ComputerLand. This e-mail was sent from a NetZero e-mail address, which tipped off the recipient that it could be a bogus order.
"That was the first thing that got my attention. I look for stuff from Yahoo, Hotmail," said Michael Seale, president of Global Pre-Press Systems, Port St. Lucie, Fla. "We got burned several years ago from a company ordering product. We weren't smart enough in those days to check things better, but believe me, it's very important now. It's disheartening. It really is."
To combat identity theft, Sen. Patrick Leahy (D-Vt.) and Sen. Arlen Specter (R-Pa.), introduced the Identity Theft Enforcement and Restitution Act of 2007, which proposes adding protections for consumers who fall victim to identity theft to an existing bill focused on data privacy and security passed by the Senate Judiciary Committee in May.
Provisions of the bill include giving victims of identity theft the right to seek restitution for time and money spent trying to restore their credit and expanding the jurisdiction of existing federal computer fraud statutes to include small businesses and corporations. The bill was passed by the Senate on Nov. 15, but at press time had not been voted on in the House of Representatives.
Another victim of business identity threat said the bill is a good first step to helping to stem the growing problem of fraud, but that more initiatives remain important to eliminate the problem.
"One of the primary things that could be done to combat this is better information. Congress debating a bill in a live session will lead to more information about it. Education is one of the best defenses against fraud occurring in the future,' said Dan Long, vice president of associate resources and corporate counsel at Summit Electric Supply, an Albuquerque, N.M.-based company that had its identity stolen this year.
Someone pretending to be an individual from Summit was sending requests for proposals to computer resellers for hard-disk drives and USB drives. In similar scams, the fraudsters count on resellers to provide credit lines and ship the product without getting paid. The fraudsters then disappear and resell the products, usually overseas.
Long said the restitution proposal will help consumers more than corporations, who stand to lose a lot more as victims of identity theft. "Whatever time I spend on trying to restore my credit, while a pain in my neck, is a drop in the bucket compared to the goodwill and reputation damage that could result from this," Long said. "It's better than nothing, but it's just a drop compared to the damage from a corporate entity. "