Protect yourself from Scammers – Part 3 – Identity Theft
Up next in the fraud prevention series (yes, it’s been a bit of a time lapse) is Part 3 – Identity theft – business and personal. This one stems from actual events at my company and with some of my employees directly. This one in particular is far more difficult to prevent and stopping it once it’s begun will prove harder yet.
In our situation, a group of scammers has attempted to impersonate my company and one of my people in particular. By using his name and the name of our company under a similar internet domain, some hosted toll free numbers and free email (gmail) they began their scam.
In this particular case the following events transpired.
- They registered a similar domain (acmecorp.BIZ) instead of .COM
- An email address was created to impersonate our company, but not on that domain, rather on a gmail account (AcmeEmployee@Gmail.com)
- A toll free number was setup and forwarded to a cell phone or land line of the scammers. The number was answered as my employees name and my company name.
- Purchase orders were created using our company name, employee name and the false email/phone details.
- Credit applications were submitted to vendors using our company name, bank name, bank account numbers, trade references and everything else about our company except for the contact information which was the toll free number and gmail account.
- The purchase orders were sent to manufacturers and distributors for all kinds of things from electronics to furniture – all to be shipped to some freight forwarder in Florida.
This one was and continues to prove difficult to slow down and/or stop. Unfortunately it falls on the purchase order recipient to use good judgment and fraud control measures of their own. There is no way for us to alert all manufacturers and distributors of fraudulent purchase orders prior to them calling us and following up on the credit application(s).
How do you protect yourself against this type of scam?
It is much harder than others where you can simply change your bank account number or get a new credit card. Proactively the only things we could have done would be to register every domain remotely close to ours and include .biz, .info, .org, .us, .mobi, etc.
Re-actively we alerted the banks to the situation, alerted D&B to make note on our credit file, alerted other credit bureaus to note our file, engaged the local police, FBI and Secret Service to investigate and contacted larger distributors to let them know of the events.
As a distributor and reseller myself, these sorts of oddities (gmail account and non-.com domains) are big red flags and automatically trigger some deeper digging, but for others not familiar with this sort of activity or hungry to close the deal without looking at the details this can spell a huge financial loss.