Monday, August 23, 2021

Industrial Scams

Why do people keep e-mailing me asking whether I sell weird industrial stuff?

In the mail this morning, the latest in a series of e-mails I have received over the years, but for some reason have increased in volume recently:

Hello , 
I would like to inquire about models/sizes on the Hardwood Dolly you sell, so email me availability and let me know the types of payment you accept. Please don’t hesitate to contact us if you have any questions.

Best Regards,
Joe Alvin

What's up with this?  I've gotten dozens of these e-mails over the years from numerous e-mail addresses, asking me for prices and terms on just about every industrial item under the sun.  It is similar to the law firm scam I get, where overseas law firms appear to be asking me to take on litigation over some contract issue.  The company names are often legitimate, but the e-mail addresses that the e-mails come from appear to be hijacked from ordinary folks.  I mean, maybe I am just suspicious, but I don't think the Sumitomo Iron Works is going to use "goofyguy8957@yahoo.com" as a return mailing address.

So it's fake.  And when I put the text or the e-mail address from the missive above into google, I get a lot of hits on discussion groups as well.  Apparently these people SPAM a lot of folks.  But what is the scam?  Early on, I answered these queries (dumb!) telling them I didn't sell left-handed widgets or that I was not the right person to litigate a contract dispute in North Carolina.  No response.

So what are they up to?  Harvesting e-mail addresses?  Seems like an odd way to go about it - considering they already have my e-mail address.  Maybe some sort of other scam?

This website explains the lawyer scam, and it is the oldest scam in the book - the fake cashier's check.  The overseas company claims they want you to represent them in a settlement of some legal issue, and then sends you a cashier's check for the settlement amount, which you are supposed to deposit to your escrow account, keeping 10% as your fee.  In a way, it is a variation of the Nigerian Lottery scam.  Of course, the check is fake and if you forward the remainder of the proceeds to the third party, as instructed, it is you, not the bank, who is out the cash, when the fraudulent check bounces, several days to a week later.

So, I suspect the same is happening here.  They e-mail millions of people at a time, and lo and behold, maybe a few of them sell hardwood dollies.  Maybe two or three respond with a price list and terms (as such things are handled by a low-level functionary in the company) and then the fraudsters "place an order" with a bogus cashier's check - or some sort of nonsense.  And be clear about this: They aren't interested in hardwood dollies, they just want money.

Or perhaps it is a fake invoice scam.  A lot of companies put a lot of information onto pricing sheets, including terms and wire transfer information, which often includes bank account and routing numbers.  It could be the scammers are just looking for the price sheets so they can create plausible-looking invoices with company names and whatnot.  Hard to say exactly what, only that you can be sure it is a scam.

What is fascinating about all of this is the low response rates they must get.  Each e-mail is about the same, with only the product name changed.  So they send out this e-mail thousands of times, each time with a different product named.  And each e-mail blast goes out to millions of people.   And you wonder why the Internet is so slow these days!

The effort involved for the scammer is nil - all they need is an e-mail account (likely hacked using social engineering) and a bot that creates the e-mails, along with a mailing list (cheaply purchased online).  Just type in the name of the product and hit enter - the bots do the rest.  It is like chumming for shark - the real work doesn't begin until you have someone bite on the bait.  Then you have to reel them in, slowly and carefully.

One would think that companies would be immune to such scams - after all, these are professional people.  And lawyers!  They should be the most skeptical!  But often the people working at lower levels, in accounting or sales are not as sophisticated as you might think.  Companies often hire people at the lowest price possible and often get what they pay for.

So when Fred in accounting gets what looks like a legitimate invoice, he pays it without thinking - and without checking to see whether it was really authorized.  Or Suzie sends off a wire transfer for $100,000 to Hong Kong, because the President of the company asked her to - or so she thought.  She never noticed the return e-mail address was a little off, and never bothered to think to check with others.

Yes, it may be harder to scam a company or a law firm, but unlike old Uncle Charlie, who fell for that Nigerian scammer and sent him $5000, a company has much deeper pockets.  So your hit rate is a lot less, but when you hit the jackpot - whoa!

I don't know what the point of all of this is, other than if you run a small (or even large) company selling hardwood dollies (or whatever), you might want to have a chat with your staff and warn them before they answer odd e-mails, pay unusual invoices to new vendors, or wire money overseas