Tuesday, October 13, 2015

SAM's Club

This posting isn't what you think it is about.

As a Federal Contractor, if I want to get paid, I have to register with the government.  Over the years, this system has changed (it used to be called CCR) but today, it is call SAM - System for Award Management.   And every October, I have to update my registration with the government which is a mildly tedious process, because like any government website, it is often difficult to navigate, understand, or interact with.   And the language used is somewhat obtuse.

Also at about this time of the year, my e-mail inbox is flooded with offers from companies that have names that sound like the Federal Government, offering to "renew" my SAM registration for a not-so-small fee.  I've even gotten phone calls from folks asking me if I want them to "help" me complete the registration process.   And in most cases, these folks don't make it clear they are not from the government, that the form can be filled out online by anyone, and moreover can be done for free.

So they are doing a small bit of fraud, by charging a fee for something that can be done for free.   But that is just a small aspect of the fraud.

In order to allow these folks to "update" your registration, you have to hand over your username and password.   In some instances, their "helpful" e-mails connect to links that ask you for your username and password.   And once they have this information, they can "update" your SAM account, including updating your banking information so that any future payments are sent to their Hong Kong bank account.

Corporate fraud is on the rise.  I wrote before about invoicing fraud.   If you work in a busy medium-sized company that is growing rapidly, you may be a victim of this.   You get an invoice from a company you've never heard of, for office supplies.  Being too busy to check it out and seeing one of the Senior Partner's names on the invoice, you assume that he ordered a new desk or something and you pay it.

But of course, it is phony.  They harvested your address and name from your website (or in the past, from DUNS) and even got the name of your boss.  Today this sort of scam is becoming more and more sophisticated, where scammers will read the detailed biographies and company listings on your website (or other promotional materials) or even hack into your server to gain access to company files and send "internal" e-mails to employees, posing as upper management personnel, asking underlings to wire money (often huge amounts) overseas.

We read a lot about scammers these days.  With low-cost international phone service, the Internet, and increasingly easy and untraceable ways of sending money, it is not hard to to scam people out of thousands or even hundreds of thousands of dollars - and get away with it.   With America's elderly population on the rise, going after older folks with dementia or Alzheimer's is a popular sport.   One poor fellow actually killed himself after sending thousands of dollars to Jamaican lottery scammers, convinced until the day he died that "any day now" the big check would be arriving.

There are, of course, ways to protect your family from such scammers.   If Dad is sending money to Jamaican lottery scammers, you can have him declared non compos mentis and have yourself or another family member appointed guardian.   In the article linked above (as well as in other stories) one wonders why family members didn't take this step.  After all, sending money to Jamaican lottery scammers would convince any judge that a guardian should be appointed.

For companies, it is a lot harder.   When you have hundreds or thousands of employees, you are as vulnerable as the least skeptical (and most gullible) employee.  I think this is one reason why many companies no longer publish company phone directories online, or extensive employee bios, organizational charts, and the like.   The less the outside knows about how your company is structured and who is in charge of what, is probably the better.

In the time it took me to write this posting, I updated my SAM registration.  Mostly it is just hitting "update" on screen after screen and confirming, yet again, that I am not under the control of a foreign entity or some larger organization or whatever.

I wonder, however, how many government contractors out there have been snookered by these SAM scammers.   And they won't figure it out until invoices are 30, 60, or 90 days overdue.   And once they start tracing the problem and realize that hundreds of thousands of dollars have been transferred to an offshore bank...... well, someone might be losing their job.

See also:  http://livingstingy.blogspot.com/2017/06/the-sams-registration-renewal-scam.html

* * * 

Here is an example of the sort of e-mail I get.....

As of 10/13/2015 BELL, ROBERT P's SAM Expiration Date is 10/30/2015
ROBERT Call 1-
FBA's SAM Registration Renewal with Profile Optimization
System for Award Management (SAM)

ROBERT, we'd like to speak with you regarding the SAM Renewal for BELL, ROBERT P set to expire on 10/30/2015. FBA's SAM Registration Renewal Program with Vendor Profile Optimization is not only designed to get BELL, ROBERT P's registration renewed, it also makes sure you stand out above your competition, get easily found by Procurement Officers, and ensures your registration makes a great impression in order to effectively compete for Contract and Grant opportunities.
We'll review your SAM from a Procurement Officer's point of view and ensure its effectiveness. Our end goal is to make sure you are easily found through various Databases when BELL, ROBERT P's services are needed for direct contracting, teaming, or subcontracting opportunities. To speak with a Specialist please call 1-.
  • Did you know that a high percentage of companies in SAM have errors? Simple things like not the right NAICS or no PSC codes.
  • Also, most SAM /DSBS profiles don't have a Capabilities Narrative, Keywords, References, or other Critical Information. We can help... 
ROBERT Call 1-
Refer to CAGE Code 1****
Hours of operation Monday Friday 8:30am-5:30pm EST