A leading distributor, Ingram Micro, has sounded the alarm about fraudsters capitalizing on the COVID-19 pandemic and how bad acting customers are ordering laptops et al under the air cover of remote workers. In the interview with Eric Kohl, Vice President, Advanced Solutions at Ingram Mirco, he walks us through the fraud workflow from bad actors, possibly resulting in the Managed Services Provider (MSP) being stuff with the bill for 50-laptops that were delivered and never paid for.

The finer points of Kohl’s letter to resellers is here:

For New Customers

If an order comes in from a new customer, is unsolicited, and seems too good to be true, then it probably is. Other potential fraud signals that we’ve seen from the frontlines include:

  • If the new customer is pressed for time and okay with any price you give them.
  • If the customer is ordering something that is not your core area of focus (memory, laptops, tablets).
  • If the new customer wants you to overnight a large order with no concern for cost.

If you suspect a fraudulent order from a new customer, what should you do?

  • As a best practice, perform an internet search on the company name and check their email address against the known company domain.
  • Google Earth any address given to you as a “ship-to” and see the locations and its surroundings. Warehouses in desolate areas or non-descript office parks and freight forwarder addresses are all common ship-to addresses for scammers.
  • Check all addresses for that company on the internet and confirm if the address they are having you ship to is one of them. Be warned – scammers have been known to transpose street numbers or zip code numbers on their ship-to location to look very similar to actual end user addresses.

For Existing Customers:

Your existing customers can be and are being breached as well. The bad guys are getting into their email systems and creating PO’s on company letterhead which can look perfectly legitimate – especially when it is sent directly from a valid email address from a known customer. And watch for abnormal purchases. Is your managed security client with 50 employees, sending you a PO for 150 laptops?

If you suspect a fraudulent order from an existing customer what should you do?

  • Check the email address sent to you for the request carefully. A common trick is when an email address has one character off from the actual company or entity domain name or will use a .net instead of .com or .org.
  • Check if the ship-to location is different than the location you usually ship to (ex: a different state, a completely different address or an unlikely address for that company or entity).
  • Perform an internet search on the company and check the domain website against the domain email address.
  • Pick up the phone – and call your client to verify.
  • Take a quick inventory. If the existing customer is buying unusual product than what they typically purchase AND are buying in fairly extraordinary quantities, STOP and call them via the phone number YOU have on file for them, not the one in the email sent to you with the request.