In a letter to partners issued today, the distributor outlines a variety of techniques digital con artists are using to trick resellers into shipping them products they can then resell themselves.
The deadly coronavirus making its way around the globe isn’t the only danger imperiling channel pros and their customers at the moment. Scammers taking advantage of the pandemic to submit fraudulent orders are on the prowl as well.
“Please be aware and take action,” he writes. “Fraudulent sales orders are on the rise. As a channel, we have a responsibility to do everything we can to mitigate this behavior to protect ourselves, our companies, and our clients.”
Kohl outlines specific techniques that digital cyberthieves are using to get hold of products they can make off with for free and then resell themselves. His advice for countering those cons falls into two buckets, one each for existing customers and for new ones.
Threats involving new customers are somewhat easier to spot with a little vigilance. “If an order comes in from a new customer, is unsolicited, and seems too good to be true, then it probably is,” Kohl writes.
Other signs that an order from a net new client may be illegitimate are when the customer in question is “okay with any price you give them”; asks you to overnight a large order regardless of the cost; or orders something you don’t normally sell or support, such as memory or tablets.
Kohl advises resellers who see these or similarly suspicious behaviors to:
- Search the company’s name online and check their email address against the organization’s domain.
- Inspect the customer’s ship-to address in Google Earth. “Warehouses in desolate areas or non-descript office parks and freight forwarder addresses are all common ship-to addresses for scammers,” Kohl writes.
- Confirm that the ship-to address the customer provided is among those listed on the company’s website. “Be warned,” Kohl notes, “scammers have been known to transpose street numbers or zip code numbers on their ship-to location to look very similar to actual end user addresses.”
Existing customers are a risk factor as well. Attackers are using breached email systems to send convincing POs on company letterhead from valid addresses, according to Kohl, so orders from seemingly authentic sources should be scrutinized as well.
“Watch for abnormal purchases,” he advises. “Is your managed security client[,] with 50 employees, sending you a PO for 150 laptops?”
Other ways to stop fake orders from real customers are to:
- Look for email addresses that are very similar to a genuine one, but one letter or number off, or that use a domain with .net or .org extension instead of the .com you normally see.
- Watch for ship-to addresses the customer has never used before.
- Pick up the phone and call the customer, using a number you have on file for them rather than the one in their email, to confirm the order.
“Please pay closer attention to details, watch for suspicious activity, and let’s work together to keep our teams informed and empowered to take the extra step to verify legitimate deals,” Kohl urges. The money you save could be your own.