It should come as no surprise to anyone that internet fraud is growing, and rapidly. Based on feedback from a recent survey on online orders, our members are certainly not immune to this. One member in particular wanted to share a recent event with fellow members as an example of lessons learned.
We have an established customer who has been a good solid customer for quite some time.
We received in an email from an email address that was very similar to their email address format and had a name attached that was an actual employee – just not someone that placed orders, he was way high up on the ladder (and we should have caught that) – attached to the email was a very legitimate looking PO. Had the company logo, correct address, same format – just had a bogus phone number – and a shipping address.
While the order was a bit larger than normally purchased, the emailer explained it away by saying they had a new customer with a large job for which they needed our product. Our customer service manager said ‘process the order’ so Sales Support (our order writers) did. Sent $15,800.00 worth (at cost) of product from the Midwest to California and the invoice posted to our customer’s account.
Three weeks later we get a call from the customer wanting to know what this order was and why it was on their account. T h a t ’ s w h e n everyone started pointing fingers and we realized how many things went wrong…. the order was t a k e n b y someone that doesn’t normally handle that account so they didn’t know anything was amiss, all communication was via email and when it was scrutinized it had an extra ‘n’ in the name (just a slight change that wouldn’t register). I tracked the shipments – one for each piece of equipment – to a moving/ storage/freight place in California. Turns out they had this person – as the name listed on our shipping address – create an account with them to forward packages – we were the 3rd company to ship in to them – our packages were re-boxed and shipped to just outside London, yes England and then, as the police fraud officer was able to find out, forwarded to Nigeria and who knows where from there.
It’s a tough lesson to be taught. Not every ‘customer’ is on the up and up and in this day and age you must keep a good dose of skepticism in your process. We have now instructed our Sales Support to scrutinize every email order and call the customer – if it’s already set up in our system use that info not what’s on the PO – to verify. Had that been done on our transaction, huge red flags would wave. Even if a call had been placed to the number on the PO the juggernaut would have stopped. Why, because the phone number on the PO was a text only phone, not a business phone.
When this episode came to light, I was sent the email streams and the PDF PO. If I hadn’t already known the situation I would not have thought twice about processing the PO – it was that good. My words of wisdom to all businesses is – be courteous to your customers, do everything in your power to under promise & over deliver, but be cautious and a bit skeptical until verified for any orders that seem a little out of character. Fraud is easy to spot when it does not incorporate already established customers but when the scammers start utilizing the information and logos of established businesses it is way harder. No one is immune.
This article was originally published in the July/August 2016 issue of “The InterConnection.”