A new version of the "419 scam" has emerged which targets vulnerable and cash strapped SMEs.
In a constantly changing and evolving business world, fraudsters are under pressure to find new ways to make their schemes work; as new controls to tackle fraud are implemented by companies, fraudsters adjust and find alternative ways to circumvent the system.
Since the letters of the 80s sent by "corrupt" government officials offering to share large sums of money, the so called "Nigerian Scams" or "419 Scams" have evolved. The Internet has increased people’s awareness of the risks of accepting unsolicited offers. However, these scams are still thriving.
In the last two years, a new version of the "419 scam" has emerged which exploits the current economic climate by targeting vulnerable and cash strapped small and medium enterprises (SMEs).
How the scam works
The scam is quite ingenious and surprisingly simple, as described in the following example:
A. Plenty of Money Inc. (PMI) is a renowned multinational company
B. Solar Future Now ltd (SFN) is a medium sized entity specialising in renewable energy
• A fraudster registers a new domain name using the name of PMI with sites specialising in protecting the identity and IP address of the registrar
• The content of the website is taken from PMI’s real website, however contact details are changed;
• The fraudster registers his/her profile on networking websites connecting investors to businesses. (The fraudster’s email address would normally contain the name of the CEO or CFO of PMI)
• The fraudster then contacts SFN via email, asking for SFN’s business plan. A few days later, another email is sent to SFN outlining an investment proposal in exchange for a low annual interest and part of SFN’s equity (e.g. 5-15%). UK phone numbers are provided to the victim and when dialled, they are re-routed to another country (e.g. Nigeria), then bounced back to the UK to a "pay-as-you-go" mobile phone, making the calls difficult to trace;
• SFN visits PMI’s website in order to assess their legitimacy. After a review of PMI's management structure, SFN believes the emails are genuine;
• SFN is then required to send documents (e.g. passport and utility bills of SFN’s legal representatives) to comply with Anti Money Laundering requirements. An SFN legal representative is also asked to sign the financing contract.
• SFN is then asked to liaise with a law firm and pay a fee as a "guarantee". (Amounts can vary between £5,000 - £20,000 depending on the amount of financing)
• The fee is paid but funds never materialise;
• When phone calls to the fraudster remain unanswered, SFN contacts PMI to no avail;
• Due to the relatively low value of the "guarantee" payment, the police are not likely to investigate the claim.
PMI is potentially left to deal with complaints from the victims, grievances posted on social media websites, negative media coverage and, as a result, significant reputational damage and substantial legal costs to stop the domain being used in further scams.
This can only be done by applying to World Intellectual Property Organisation -the body that can transfer ownership of a domain through its Arbitration and Mediation Centre. Unfortunately, applications need to be re-submitted every time a new domain is unlawfully created and used, which can become expensive.
How to avoid being scammed
Companies of all sizes should conduct thorough due diligence if approached by prospective investors. Merely visiting a website or verifying the ownership of a website is not sufficient. Face to face meetings at the investor’s premises, extensive internet searches, and careful consideration of the contract terms and a policy of refusing to pay advanced fees are some of the key controls that will significantly minimise the risk of fraud.
If a company’s identity is misused by fraudsters, it should place a warning on its homepage alerting future potential victims and advising people to contact the company’s legal department to validate any suspicious requests.
Large companies, whose identities have been misused, have invested huge amounts of time and money to bring these fraudsters to justice. In such cases, the company has represented victims in court, and succeeded in obtaining disclosure orders from banks to reveal the identity of the fraudsters. If the bank has requested ‘Know Your Client’ documents when the account was opened the fraudster can often be identified and appropriate action taken.