Received an email from a procurement manager? Details about the latest scam trend

You hear a familiar sound & instinctively check your email. Oh good it's a message from a prospective buyer & from a large company as well! Even better this looks like a huge purchase that could bring in much needed revenue. Chances are it's a scam. Scams exist in many forms. One of the latest trends in the IT world are procurement scams. In these scams malicious individuals pose as procurement managers at well established businesses. They even go as far as using phone numbers with an area code from where the business is located & purchasing a domain similar to the company's, but adding in "usa" (IE: fakedomainusa instead of just fakedomain.) Examples like these are why it's extremely important for your business' IT department to be aware of all possible domains for your company & purchase them all otherwise they can be use in malicious ways. The last thing you want is your brand to be associated with scammers or worse be prey to potential lawsuits due to gross negligence.

These messages start out simple enough in most cases. A person reaching out looking to make a purchase or get a quote. A keen eye knows how to spot the details. Is the person messaging you oddly formal even though they are USA based (using sir, madam, kind regards, etc.?) Is it full of typos? Is something significant misspelled such as the company name or website in their signature?

A lot of the time they have a title of procurement manager which is odd in itself in the IT realm as the IT department typically handles their own purchases & doesn't send it through a procurement manager since a procurement manager doesn't know IT. A procurement manager is also a manager, it doesn't mean they actually are handling purchases, but manage the team that does.

What are the goals of procurement scammers?

One of the main goals of procurement scammers is to get inventory for almost no cost. They will almost always pay in check or credit card, but check is their top choice. The reason behind using checks is that it could be several months before the check bounces or comes back as fraudulent & by that time they've already made off with the purchase. Sometimes their goal is to get legitimate invoices that they can then send to other victims where they are pretending to be a supplier. The goal there is to actually get money which is then most likely used to fund their efforts defrauding distributors or suppliers for inventory that they can sell for a bigger profit in a vicious scam circle. There are many stories of fledgling equipment resellers falling victim to these scams, losing out on tens of thousands of dollars of inventory that they sent out before the payment cleared.

How do you combat procurement scams?

When receiving messages from buyers:

1. Look for typos & odd language. Are they overly formal? Are they using colloquial speech that's not consistent with the region they are in?

2. Check the domain using a WHOIS lookup tool. Most likely the domain has been recently created. If the company has been in business for decades then a recently created domain usually makes no sense. Also, search for the official company's website. Companies typically use the same domain they are using on the official website for brand consistency. It's a signifier that shows you that is the current domain being used. If the email is coming from a different domain then that's a RED FLAG. Check for misspellings in the domains or extra letters (ie: domainsservice instead of just domainservice.) Malicious individuals will also use tricks like using a capital "i" for a lowercase "l" (ie: signaIboost...can you see the "I" that was used in place of "L?") which might get past those that don't pay attention to those sort of details. There are other potential red flags such as the registrant's contact info being completely hidden (if there's issues then a company would like to be contacted) or the registrant being in a foreign country.

3. They don't provide specific details about themselves such as the name of the business they work for

4. They ask for a generic list of what you sell. Business purchasers tend to know exactly what they're looking for. If a procurement manager, a person that doesn't know IT, is asking you to send a list of all HP, Dell, Lenovo, Samsung, Microsoft, Apple, etc. machines you sell then that's a huge RED FLAG since they would know the specs of the models they purchased previously, could easily send over an old invoice or have someone look at the physical machines they are using if they don't have that information readily available

5. You've received the same message from multiple accounts. This isn't Deja vu...you're being targeted by malicious individuals

6. Check the person's social media. Find out what they look like, where they are from. Message them on LinkedIn or a verified social media account to see if the request is indeed legitimate

7. Call the phone number in they gave you. Is it disconnected? Does it only go to voicemail? Do they not return your calls? Does the person on the other end speak in a weird manner as if they're using a voice modifier or trying to imitate someone? Is the requestor a white American raised in Florida yet the person that answers sounds Indian? These are all insane RED FLAGS. You should not communicate further as you're most likely dealing with someone shady

8. Force all unestablished customers to use verified cash transactions such as direct deposit, money order, cashier's check, or just plain old cash money. Once they've established a good payment history then you can accept things such as credit, checks, etc. You can even then offer net 30 terms if you trust the customer. This policy alone stops the vast majority of procurement scammers immediately

9. Do not ship products before the payment has cleared. If they want the product then they will have to wait, even if it means waiting 1-3 months for the check to be considered safe. If the client balks at this, feel free to tell them that they shouldn't be using checks in the digital age if they want to avoid this issue

10. NEVER do business purely over the phone. Unless the call is recorded, there is no paper trail or receipts when you're talking to someone over the phone. This will lead to major roadblocks down the road if things escalate & the authorities or court system is involved. Communicating via email or other messaging systems instantly creates evidence that you can use when needed. Don't be swindled out of potentially hundreds of thousands of dollars because you are stuck in your ways

11. NEVER open attachments from unknown individuals

12. Contact IT & have them look it over. When in doubt...get an expert's set of eyes to look at it. While most technicians aren't as highly trained as the engineers at Nizel Corporation, they should have a keen enough eye to spot some of the most obvious scam tells. If not, we suggest hiring us to train them, or replace them with one of our affordable support packages

WHOIS Lookup Tools:

https://mxtoolbox.com/whois.aspx

https://www.whois.com/whois/

https://whois.domaintools.com/

https://lookup.icann.org/en

https://who.is/

https://www.domain.com/whois/whois

#scam #scammers #fraud #tech #technology #business