Fraudsters are getting more sophisticated in their attempts to swindle product out of suppliers
A Nigerian prince has been chased underground by his corrupt brothers. He and his fortune have no way out, and you are his last, desperate hope to stash the cash. So reads the message in stilted English, begging for a few hundred quid to speed along this generous gift.
We’ve all opened up one of those emails. There’s the one with the long lost relative dying in Cuba, too. The CEO of the Ghanaian National Lottery. Or the arms money stashed in a secret bank account.
Thankfully so bombastic are these scams, we usually laugh and hit delete.
But what if a tempting offer came from an email address you recognised? What if it carried legitimate documentation and an official stamp? And what if it promised a lucrative new deal with one of the UK’s biggest supermarkets?
That’s what’s facing suppliers at the hands of a worrying network of criminal fraudsters. Conned to the tune of hundreds of thousands of pounds in some cases, these fake orders are a growing problem, say businesses, that can leave small companies ruined and retailers unwittingly dragged into the fray.
“Everything was spot on,” says Tomasz Nowowiejski, CEO of the Mutalo Group, of an email sent to his energy drinks company earlier this year.
“We’ve had many attempts at a scam where someone has sent an email claiming to order a big amount of merchandise - but usually they’re very poorly done and if someone’s been working in the field for a couple of years they’ll recognise it.”
This order, however - ostensibly from Iceland supermarket, for two full containers of soft drinks (at a value of €50,000) - arrived in “good, clean English” with CEO Malcolm Walker copied in, a legitimate looking email address, a link to a cloned website that “seemed to check out” and an “official sales confirmation with a stamp and signature”.
“Everything was spot on. In the past we’ve had many attempts at a scam but usually they’re very poorly done.”
The only thing that saved Murato from a loss “that would’ve hurt us” was a quick courtesy call. By using the number for Iceland HQ listed on their website Mutalo learned its apparent contact Mike Watkins simply didn’t exist. “We were very surprised to hear no such person worked there,” says Nowowiejski, who has never worked with Iceland before.
Another soft drinks company, Oxylife, came even closer to falling for this scam. It had already signed a contract and shipped the €40,000 worth of bottled water to a UK warehouse they believed belonged to Iceland, at a cost of €2,000, when they spotted something suspicious online.
“We found the address on Google Maps and realised that a company like Iceland couldn’t have a warehouse in this place,” says founder Vadim Malgin. “Iceland would have a big warehouse with good transport communication” whereas “this warehouse was in some strange place”.
Sadly, others are not so savvy. In the past 12 months alone, fraudsters posing as Iceland have stolen €278,000 worth of tinned tuna from a Portuguese company, and €23,000 of wine from a supplier in Germany. There have been 121 attempts since 2015 using their name, they say, with losses totalling around £670,000. So concerned was Iceland about these scams it issued a warning to prospective and existing suppliers online in May.
How can business help beat the bad guys?
1. Suppliers and retailers should talk to each other
“It’s really important retailers work with their regular suppliers to enable them to clearly understand what the ordering processes are and what a genuine order looks like,” says Sian Edmunds, partner at Burges Salmon. “Explain that if they receive orders that don’t comply with this procedure they should assume there’s a problem.”
2. Be suspicious
“If a supplier hasn’t yet established a routine of receiving legitimate orders from a retailer there’s a real piece about going through a due diligence process when new orders are received,” adds Edmunds. They should “do a bit of digging around before fulfilling orders that are new”.
3. Raise awareness along the supply chain
“One of the reasons this scam has been targeted at European businesses is that they’re less able to do the checks British businesses can do if it were to receive an order from, say, Tesco,” says DI Chris Felton, from Action Fraud. “If you’re a small producer of olive oil in Spain it’s a lot harder to establish who they are as you’re in another jurisdiction, there are language issues, and a lack of familiarity with the organisation.” Supermarkets and other major retailers can help spread the word by using their extensive international supply chains, he adds. Then “at least if you have the knowledge this happens you’re going to be a little more wary and ask those extra questions”.
4. Ring police as early as possible
“The most effective way to deal with this is if the business realises what’s happening and before the goods are delivered are able to get in touch with law enforcement to say can you assist,” says DI Felton. That way authorities may be able to set up sting operations and catch the criminals red-handed.
5. Report each and every incident to Action Fraud
It might not look like much is happening but behind the scenes police say they’re joining the dots. “We look at connections” between each incident, says DI Felton. “Has the same location been used? The same mobile? These are organised crime groups doing this consistently.” And consistent reporting is the only way to catch them.
To report an incident call 0300 123 2040.
It has “endless lever arch files full” of similar incidents over the years, says Iceland legal director Duncan Vaughan. “The kind of losses involved are really significant and potentially catastrophic. Although it doesn’t involve us directly, it’s obviously very bad for PR purposes and people are being ripped off, so we want to see something done about it.”
It isn’t limited to Iceland though, he insists. “I’ve been in touch with opposite numbers at three or four of the other top 10 UK supermarkets to say is this going on and is this a problem you’re having. Each of them said it was.”
At Brakes too “there was a significant number” of similar incidents toward the end of 2016 and in early 2017 targeted at EU suppliers, says the wholesaler. “They have tended to be smaller suppliers, and this must be emotionally and financially very difficult for them,” says legal counsel Sarah Whibley. “Sadly, in the event of an actual fraud, we tend to find out too late, which is normally when the supplier requests payment.”
Rival frozen food retailer Heron Foods also has a lengthy warning highlighted in red on its website after it became aware ‘an individual or individuals in no way associated with Heron Foods Ltd have been attempting to place fraudulent orders with suppliers’.
And another major UK retailer says fraudsters have even gone as far as to include cloned website links and telephone numbers with area codes that match its company HQ. “As soon as the order is accepted they’ll put on a lot of pressure for immediate delivery to ramp things up so people don’t stand back and check due diligence,” says a senior source at the chain.
“Companies turn around and say it’s your paperwork, you must have been involved,” he adds. “I get it, it’s desperation on their part, because it is a serious lump of money and people don’t like to be shown as having been silly”, but “we will never do business with someone without having met them. But it does leave a very bad taste in our mouths that we’re being potentially perceived as being involved somehow.”
Complaints piled up
In other words, though the biggest victims are undoubtedly the duped suppliers, the cost can be double-sided too with retailers suffering a blow to their reputation.
“In one case a Polish supplier even issued court proceedings against our retail client,” says Burges Salmon partner Sian Edmunds, who has found herself advising retailers “more frequently” in recent months on this type of distribution fraud. “The risk is there’s a suggestion that someone on the inside of a retailer has placed these orders or facilitated these orders, and that can be problematic.”
In each case, she’s told clients to contact Action Fraud, whose role is then to pass these reports for analysis at the National Fraud Intelligence Bureau, who then make a call on whether to send information for further investigation at local police forces.
“You’re often trying to chase after shadows because once the goods are delivered they’re very quickly broken up and moved”
But “I have no idea what they do with that information,” she adds. “Whether it gets lost in the ether I don’t know because we get no feedback at all about whether it’s forming part of a wider investigation or going on a pile of other complaints.”
This is a concern echoed elsewhere. “Officers have showed no interest whatsoever” when these incidents have been reported, insists a senior retail source.
“I do understand it. The police have had serious cuts and have other priorities but this is one of the biggest crime areas. Thieves no longer need to rob anybody, they just need to get tech savvy.”
Worryingly, this inaction only fuels the fraudsters’ confidence, believes Vaughan, “as if anything they are being emboldened by the fact it’s not being investigated.”
But that simply isn’t true, insists Action Fraud. Of 237 reports of this type of fraud in 2016, 138 were sent out to local police forces to investigate further, it says. “And the good news is some do end up as successful investigations,” says DI Chris Felton of the City of London police. Only last week fraudsters were convicted in Greater Manchester after ripping UK suppliers off by more than £1m in fresh food and alcohol. It followed a series of arrests made by the Met Police earlier this year.
They’re working hard on prevention, too. Efforts to collaborate with their European counterparts to help raise awareness among vulnerable suppliers as far afield as Spain, Germany, France, Greece and Poland are already underway, adds Felton, and say retailers leveraging their supply chain to spread the word is one of the many ways businesses can do their bit to fight this crime too.
“You’re often trying to chase after shadows because once the goods are delivered they’re very quickly broken up and moved”
The fact is, though, these investigations are challenging. “You’re often trying to chase after shadows because once the goods are delivered they’re very quickly broken up and moved to other storage venues,” he says. “Where the goods are delivered is only going to have a very tenuous connection to the criminals anyway because they’ve deliberately chosen somewhere that won’t leave an easy trail to them.
“Where we have results, like the recent Greater Manchester case, they’re down to really good detective work and beavering away at this. Unless you get lucky they’re not at all easy to piece together.”
Not to mention the fact that these investigations are “resource-intensive if done properly” requiring specialist surveillance teams, sting operations and investigators.
Building up a picture
Crucially though, no matter how disheartened they might be at a frustrating pace of progress, companies must keep reporting each and every incident.
“The gathering of human intelligence relies on being able to put networks together and make links, so if enough people report individual incidents eventually a pattern will emerge,” explains Professor Lisa Jack, of the University of Portsmouth’s Centre for Counter Fraud Studies. “Then you’ll get a preponderance of evidence and you might be more likely to get a prosecution.”
Meticulously reporting each crime or attempted crime is the only way to catch the gangs behind this. “These are not individual crimes and each report potentially has bits of information that built up together gives us enough for a successful operation,” says DI Felton. “These are organised groups doing it again and again.”
Let’s face it, though. As long as the scam pays off they’re unlikely to quit. Hi-tech cyber-hacks might be dominating the headlines but simple bogus emails shouldn’t be underestimated. Not only can they do untold damage, they’re far trickier to spot than those Nigerian royals.