In today’s age of technology, when government and companies are getting better at guarding the electronic gates, sometimes the easiest way to score a big heist is to come right through the front door in a mailbag.
It seems someone stole $2 million from the WV State Auditor’s office using nothing more than letters sent through the U.S. mail. This scam has also been recently reported by Florida, North Carolina, Massachusetts and Maine.
“Two payments intended for one of the companies were diverted overseas,” (State Auditor) Gainer said “– and the money could end up in terrorists’ hands.”
I might take issue with the “terrorists” statement above. Sometimes thievery, as demonstrated by Somalia pirates, is nothing more than a brutish crime of greed. And sometimes the success of criminal endeavors can be blamed less on broken security measures and more on plain and outright stupidity.
Eloquent in its simplicity, here is how it works.
Let’s open the first chapter of today’s Scamming for Dummies. If you want to run this scam, first locate the names of companies who have long-standing contracts with the states. This is easy. Most states publish bid and contract holders on their websites. Next, reproduce the company’s letterhead. This, too, is easy. Just download a copy of the corporate annual report and there you will find a warm introductory letter from an executive of the company. That is also where you will find an official name and title to use in your scam. You will need one more little piece of information to look official. Just go to the state’s Secretary of State’s website and look up the company’s business license. The final piece of our construction materials is provided by the state wishing to grant us the wish of total transparency. Every company that does business with a state must register and provide identifying information, such as their Federal Identification Number.
OK. Now let’s get to work. Nobody puts a million dollar check in the mail. Nope. It is much safer to have large sums like that wired. That is the assumption our scam is based upon. With research, materials and assumptions in hand it is now time to develop the process. The Bonnie and Clyde process worked because it was simple. They convinced bank tellers to give them other people’s money. They walked in the front door, waved a gun, demanded money and the teller complied. Let’s keep it that simple.
Oh, yes. You must have a bag for the money. Open a bank account in, let’s say Africa. Open another one in the U.S. Here comes the robbery. Send a letter, on company letterhead, signed by an executive of the company, to the state treasure or auditor – or whoever in that state controls the outgoing monies. The letter should reference the description of the contract, the contract number and the company FIN. Here comes the interaction with the teller. Explain, in that letter, that you have changed banks and ask the state to forward all future payments to the bank routing and account number listed for the U.S. bank. The teller obliges. It’s that simple. The very last step is the getaway. Now we go from low-tech to a high-speed vehicle known as the wire. As soon as the money hits your U.S. bank transfer it offshore.
This really happened. Not once, but several times. And no one is sure yet how many states have been duped, nor how much money has been, or is being stolen.
May 1, 2009
W.Va. Auditor’s Office defrauded of ‘in excess of $1 million’
The Charleston Gazette
CHARLESTON, W.Va. — More than $1 million has been stolen from the West Virginia Auditor’s Office and diverted to an overseas bank as part of an “elaborate fraud,” state Auditor Glen Gainer said Friday.
The FBI and U.S. Attorney’s Office are investigating.
The money was intended for two companies that have contracts with the state’s Insurance Commission and Department of Health and Human Resources. Instead, three payments that totaled “in excess of $1 million” were diverted to an unauthorized bank account in recent weeks, Gainer said.
“It was an elaborate fraud committed by a perpetrator outside the state,” Gainer said. “Everything went to a U.S. bank initially, but it very quickly was transferred overseas. By the time we caught it, the money was gone.”
The person behind the scheme sent letters allegedly from the two companies, requesting that payments be sent to new bank accounts.
The requests were sent on the companies’ letterhead with tax identification numbers and sample checks, which investigators now believe were fake. The letters included forged signatures from corporate executives.
All changes apparently were completed by correspondence through the U.S. mail.
“It was a case of corporate identity theft,” Gainer said. “The only thing that was changed was the routing of the money. They basically asked for the remittance of the funds to be changed.”
That was Friday. Whoops. It seems it was a little more than a million. AND, it was not his fault, says the Auditor.
May 4, 2009
Companies, not state, responsible for scammed funds, Gainer says
Gazette follow-up story.
CHARLESTON, W.Va. — West Virginia should not have to repay two companies that lost nearly $2 million in a corporate identity-theft scheme, state Auditor Glen Gainer said Monday.
It is not unusual for vendors to ask for their account information to be changed, Gainer said. They must submit proper documentation, but national standards do not dictate that the state must call firms to verify those changes.
“For us to go back and make thousands and thousands [of phone calls], I don’t have the staff to do that,” he said.
You are called the “Auditor.” I think the title implies that checking details is in your job description. The Charleston Gazette Editorial Board Sums it up.
May 5, 2009
‘Corporate ID theft’
Now that the auditor’s calamity has spotlighted the fake bank account scam, all agencies, businesses and families should adopt a new rule: When asked to send payments to a different recipient, call first to double-check.
My profound scientific response: Duh! So readers, how secure are YOUR state monies?