14 DAY TRIAL // A new, highly complex Nigerian scam is currently aimed at retailers in the US, in what the FBI calls “purchase order fraud;” it involves honed social engineering skills and the intervention of a third party, who is also a victim of a different scam.
According to the Bureau, this type of fraud has been used against a total of 250 vendors and the financial loss is estimated at $5 million / €3.937 million since 2012, in about 400 incidents; it is important to note that not all attempts have been successful.
The scheme is more sophisticated than the cons regularly associated with the Nigerian fraudsters as it involves shipping of large quantities of items overseas, which are almost impossible to recover.
Moreover, accomplices are used to carry out the deed, recruited through other forms of deceit, such as fake employment offers or romance scams on match-making websites.
Victims are in on the scam without even knowing
The crooks register domains and create websites that are very similar to those of real organizations in the US. Additional requirements are matching email accounts and spoofed phone calls, to make them look like they are placed from the area code of the entity they impersonate, which may be a company or an educational institution.
Posing as representatives of the legitimate organization, the fraudsters contact the customer service of a retailer to collect details about the purchasing account.
The next step is to place the order, with a requirement that it be made on a 30-day credit. Since the real organization is a reputable one, vendors have no trouble complying.
The shipping address provided is located in the US and according to the FBI, it is “a warehouse, self-storage facility, or the residence of a victim of an online romance or work-from-home scam,” who is asked to re-ship the merchandises either as a favor or believing it was part of their job.
In the final part of the scheme the vendor bills the real institution and learns about the fraud and records the losses since the goods have already been shipped.
“They order large quantities of items such as laptops and hard drives,” said Special Agent Joanne Altenburg, who has been tracking the crooks since 2012. She also added that in some cases expensive and specialized medical equipment has been ordered.
Signs of deceit are easy to spot
Checking and double checking the websites and the email addresses are among the best ways to avoid falling victim to this type of fraud, the FBI says. Apart from this, any sign that the communication does not come from a native speaker is a huge flag for something nefarious going on.
Another suspicious sign is when the order is for a university and the top-level domain (TLD) is not .edu. Higher education institutions benefit from this sponsored TLD since 2001.
Other indicators of fraud refer to the shipping address being different than the business location as well as the request for a large amount of items to be delivered with priority or overnight.