KGC, Inc. is a Garden Grove, Ca.-based industrial and commercial construction company. The organization recently confirmed to the Salted Hash that it had been the victim of purchase order fraud. Specifically, scammers took KGC’s publicly posted corporate information and then generated PO requests for items.
Communication for the fraudulent PO requests is primarily done through email, and once scammers have a quote from a vendor then will either develop a PO or forge existing ones. Then, stolen credit cards are typically used, or payment never occurs. As the Salted Hash explained, many organizations use net-30 day terms, which means that the scammers have a large window to get away with their crime.
One of the fake KGC POs recently generated was for Data Weighing Systems, Inc., which is a vendor that specializes in weighing and force measuring equipment. Company president David Hussar told the news source that these scams are common and a huge problem for organizations like his.
In this specific instance with KGC and Data Weighing Systems, 10 items were requested that totaled $25,310, and the PO was signed under KGC's project manager's name. While seemingly legitimate, however, Data Weighing Systems noticed that the listed address did not match KGC’s address. A quick follow-up was able to detect the error and attempted fraud.
Universities Are Victims Too
In January of this year, Salted Hash reported that U.S. colleges and universities experienced similar attempts at PO scams. According to the news source, since May 2013, Ohio State University, Penn State University, UC Davis, Texas A&M, UNLV, and Wellesley College issued warnings to their suppliers after scammers attempted to forge PO requests.
Boston College released a statement in January addressing the issue. While it was never mentioned if Boston College was affected, the university explained the scenario and what suppliers can do to ensure they keep themselves protected. The university said that there was a nationwide fraud scam affecting suppliers, and that the Federal Bureau of Investigation was involved.
“According to multiple schools, the emails request quotes for specific merchandise. Later, a purchase order is emailed to the business that bears resemblance to an authentic University purchase order,” the statement read. “The purchase order instructs delivery to an address not affiliated with the University. After shipping the merchandise, the business never receives payment and is unable to retrieve the mailed products.”
Boston College then listed authentic addresses that companies should ensure are connected to any purchase orders that claim to be from the university.
Can The Scams Be Prevented?
It seems that there is no way to guarantee that a scam will never occur. According to the Salted Hash, drop-shipments are an easy way for criminals to take advantage of companies, and they will often use people who answered a work-at-home offer in the paper or online.
“Once established, the scammers will ship these fraudulently obtained items to their homes - offering to pay them an acceptance fee, or reimburse them for charges incurred (plus a small commission) as they forward the packages on to another location,” the news source explained. “Either way, the ‘employees’ are left holding the bag and are often placed in the center of criminal investigations when things go sour.”
Large vendors will usually be able to move on quickly, as the monetary hit will not be as devastating. However, other firms have to remain “hyperaware,” according to the Salted Hash.
As Mr. Hussar explained, in such instance of PO fraud, banks will protect the consumer (or company) that had their card used fraudulently. However, the vendor that shipped the product is likely to take a financial hit and have to recover from any lost product.