Tuesday, February 8, 2011

Company’s Identity Stolen!

I write this blog more as a reminder and warning to all service providers out there. There are very smart scammers out there who steal the identity of companies, using real information of real companies to lure you in their scam.

Here is my story – it ends happily!

This last week, we were contacted via email to provide legal services to a company based in Hong Kong – namely dispute resolution with a couple of US customers. Of course, our first task was to do a bit of web-research on the company to see if this unsolicited request for help was legit. There, on the Hong Kong Trade Development Council website (a legitimate government sponsored site that promotes businesses based in Hong Kong) was the company page and information. The address and name of the manager matched the name of the person who emailed me, and matched the contact information in the email, including the address, fax and telephone number. Dun & Bradstreet had confirmed the listing. So far, so good. I emailed the fellow back, and requested the names and addresses of the customers so that I could check conflicts. The fellow duly emailed me back. Ok, good – legitimate customers; next step. I sent him the requirements for a retainer in advance of services, hourly rates etc. He emailed back all was fine and told me that a customer was going to make a payment for monies partially owed and he would have them send the check directly to me. He told me that his company’s board directed that my fee be deducted from the payment.

Bing, bing, bing!
Ok – the alarm bells went off on receipt of the first unsolicited email. They increased when I received the first response from a yahoo account – a free email account. Next alarm bell was the request not to have a telephone call, as his “English was bad.” My colleague, Jason Clark, also noticed that the email addresses changed in one email from yahoo.com.hk to yahoo.com.cn. Not good. The clincher was the third party “customer payment” from which we could “deduct our fees” before sending the balance back.

I emailed the fellow back and told him we required a wire transfer directly from the company account. Also, my colleague, Jason Clark, who has many contacts in Asia, telephoned the company with the help of a fluent Cantonese speaker. Unsurprisingly, we learned that the company’s real contact had never heard of us and had never contacted us. The alleged client was actually a thief who stole the company’s and the company manager’s identity to perpetrate a scam.

I want to emphasize that the company itself, the contact information and the name of the person who allegedly contacted me were absolutely legitimate. The scammer used that company name and the manager’s identity as a front. I learned we were not the only one to be contacted by such criminals, and luckily, we weren’t taken. I spoke to a fellow in Texas who actually went through with a similar transaction, received the check, cashed it, waited 3 days for the check to clear, and then learned it was fake after he had sent the ‘client’ (aka ‘scammer’) the balance. He was out personally nearly $200,000. I asked him whether he had contacted the authorities, and he said he had – but since 9/11 there are so many scammers, the authorities can only focus on the $4-5 million value cases. The Texan’s advice: demand a wire transfer directly into your bank account up-front.

I refer you to this great site and article: Dissecting a Scam at Scam of the Day. For me, the free email account was a tip-off (and certainly the change in email address domain name), as well as the request not to telephone. The request for us to cash a third party check and deduct our fees is evidently widely known as a “Money Mule” scam. This one is pretty sophisticated – we sniffed a scam, but the company information was real.

Long story short, I lost a bit of time, learned a bit more about scammers, but we lost no money! My advice - trust your first instincts, and demand a wire transfer up-front. Sphere: Related Content