In the United States there are 7.8 million women that own businesses. This is a 20.1% increase from 2002-2007. Women-owned firms make up 28.7% of non-farm businesses across the country with an average of $1.2 trillion in total receipts. With this many women-owned businesses across the country, if 1% of women-owned businesses are hit with a purchase order scam, it will have a huge impact on company revenue and in some instances could affect whether a small business will keep its doors open.
What is a purchase order scheme?
What began as a scheme to defraud office supply stores has evolved into more ambitious crimes that have cost retailers around the country millions of dollars. The Federal Bureau of Investigators (FBI) is calling it a purchase order fraud, and the perpetrators are extremely skilled at tricking retailers into believing they are from legitimate businesses and academic institutions and want to order merchandise. The retailers believe they are filling requests for established customers, but the goods end up being shipped elsewhere. This scam is being conducted through online and telephone social engineering techniques. The targets are unsuspecting at-home Internet users, who are then tricked into re-shipping the merchandise to Nigeria. FBI investigations have found more than 85 companies and universities nationwide whose identities were used to perpetrate the scheme. Approximately 400 actual or attempted incidents have targeted some 250 vendors, and nearly $5 million was lost in 2014.
The scam works like this:
• The criminals set up fake websites with domain names almost identical to those of real businesses or universities. They do the same for e-mail accounts and also use telephone spoofing techniques to make calls appear to be from the right area codes.
• Second, the criminals pose as school or business officials, contact a retailer’s customer service center and use social engineering tactics to gather information about the organization’s purchasing account.
• The criminals then contact the target business and request a quote for products. They use forged documents, complete with letterhead and sometimes even the name of the organization’s actual product manager. The criminals then request that the shipments be made on a 30-day credit. Most institutions have good credit; therefore the vendors agree to the terms.
• The criminals provide a U.S. shipping address that might be a warehouse, self-storage facility, or the residence of a victim of an online romance or work-from-home scam. Those at-home victims are directed to re-ship the merchandise to Nigeria and are provided with shipping labels to make the job easy.
• The vendor eventually bills the real institution and discovers the fraud. By then, the items have been re-shipped overseas, and the retailer must absorb the financial loss. Once the merchandise has been shipped it is very hard to get it back!
How can this scan be prevented?
• Independently verify shipping addresses, no matter how legitimate a website or e-mail looks.
• Look out for e-mails that contain unusual phrases or spellings, indicating that messages were not written by a fluent English speaker.
• Bogus phone numbers provided by the fraudsters are rarely answered by a live person and this should be a red flag.
Be proactive and get the word out to women and any business owner about this type of scam. Awareness is the key to help prevent cyber scams for spreading.
Author: Dr. Deanne Cranford-Wesley