money_safe200In today’s age of technology, when government and companies are getting better at guarding the electronic gates, sometimes the easiest way to score a big heist is to come right through the front door in a mailbag.

It seems someone stole $2 million from the WV State Auditor’s office using nothing more than letters sent through the U.S. mail. This scam has also been recently reported by Florida, North Carolina, Massachusetts and Maine.

“Two payments intended for one of the companies were diverted overseas,” (State Auditor) Gainer said “– and the money could end up in terrorists’ hands.”

I might take issue with the “terrorists” statement above. Sometimes thievery, as demonstrated by Somalia pirates, is nothing more than a brutish crime of greed. And sometimes the success of criminal endeavors can be blamed less on broken security measures and more on plain and outright stupidity.

Eloquent in its simplicity, here is how it works.

Let’s open the first chapter of today’s Scamming for Dummies. If you want to run this scam, first locate the names of companies who have long-standing contracts with the states. This is easy. Most states publish bid and contract holders on their websites. Next, reproduce the company’s letterhead. This, too, is easy. Just download a copy of the corporate annual report and there you will find a warm introductory letter from an executive of the company. That is also where you will find an official name and title to use in your scam. You will need one more little piece of information to look official. Just go to the state’s Secretary of State’s website and look up the company’s business license. The final piece of our construction materials is provided by the state wishing to grant us the wish of total transparency. Every company that does business with a state must register and provide identifying information, such as their Federal Identification Number.

bonny_clyde_oilOK. Now let’s get to work. Nobody puts a million dollar check in the mail. Nope. It is much safer to have large sums like that wired. That is the assumption our scam is based upon. With research, materials and assumptions in hand it is now time to develop the process. The Bonnie and Clyde process worked because it was simple. They convinced bank tellers to give them other people’s money. They walked in the front door, waved a gun, demanded money and the teller complied. Let’s keep it that simple.

Oh, yes. You must have a bag for the money. Open a bank account in, let’s say Africa. Open another one in the U.S. Here comes the robbery. Send a letter, on company letterhead, signed by an executive of the company, to the state treasure or auditor – or whoever in that state controls the outgoing monies. The letter should reference the description of the contract, the contract number and the company FIN. Here comes the interaction with the teller. Explain, in that letter, that you have changed banks and ask the state to forward all future payments to the bank routing and account number listed for the U.S. bank. The teller obliges. It’s that simple. The very last step is the getaway. Now we go from low-tech to a high-speed vehicle known as the wire. As soon as the money hits your U.S. bank transfer it offshore.

This really happened. Not once, but several times. And no one is sure yet how many states have been duped, nor how much money has been, or is being stolen.

May 1, 2009
W.Va. Auditor’s Office defrauded of ‘in excess of $1 million’
The Charleston Gazette

CHARLESTON, W.Va. — More than $1 million has been stolen from the West Virginia Auditor’s Office and diverted to an overseas bank as part of an “elaborate fraud,” state Auditor Glen Gainer said Friday.

The FBI and U.S. Attorney’s Office are investigating.

The money was intended for two companies that have contracts with the state’s Insurance Commission and Department of Health and Human Resources. Instead, three payments that totaled “in excess of $1 million” were diverted to an unauthorized bank account in recent weeks, Gainer said.

“It was an elaborate fraud committed by a perpetrator outside the state,” Gainer said. “Everything went to a U.S. bank initially, but it very quickly was transferred overseas. By the time we caught it, the money was gone.”

The person behind the scheme sent letters allegedly from the two companies, requesting that payments be sent to new bank accounts.

The requests were sent on the companies’ letterhead with tax identification numbers and sample checks, which investigators now believe were fake. The letters included forged signatures from corporate executives.

All changes apparently were completed by correspondence through the U.S. mail.

“It was a case of corporate identity theft,” Gainer said. “The only thing that was changed was the routing of the money. They basically asked for the remittance of the funds to be changed.”

That was Friday. Whoops. It seems it was a little more than a million. AND, it was not his fault, says the Auditor.

May 4, 2009
Companies, not state, responsible for scammed funds, Gainer says
Gazette follow-up story.

CHARLESTON, W.Va. — West Virginia should not have to repay two companies that lost nearly $2 million in a corporate identity-theft scheme, state Auditor Glen Gainer said Monday.

[snip]

It is not unusual for vendors to ask for their account information to be changed, Gainer said. They must submit proper documentation, but national standards do not dictate that the state must call firms to verify those changes.

“For us to go back and make thousands and thousands [of phone calls], I don’t have the staff to do that,” he said.

You are called the “Auditor.” I think the title implies that checking details is in your job description. The Charleston Gazette Editorial Board Sums it up.

May 5, 2009

Editorial

Fraud
‘Corporate ID theft’

Now that the auditor’s calamity has spotlighted the fake bank account scam, all agencies, businesses and families should adopt a new rule: When asked to send payments to a different recipient, call first to double-check.

My profound scientific response: Duh! So readers, how secure are YOUR state monies?

  • Peggy Sue

    Wow. This WVA Auditor is certainly doing gymnastics. We seem to living in a “pass the buck [and responsibility for anything and everything] down the road. On the other hand, I would imagine that 2 million dollars is a real hit for WVA. It’s a beautiful state but one with a lot of poverty. As things get tighter and tighter, we’ll probably be hearing about more “creative” heists like this one.

    I think I’d feel better knowing we had competent people in high and low places. Our standards have really fallen off over the last few decades.

    Thanks for the info, Eastan.

  • Eastan McNeal

    UPDATE. I do not have news from other states. In WV the Auditor just asked the Governor for one extra staffer to double check request for payment changes. He warns, however, that it may slow down payments to vendors. One of the companies, BTW, is Deloitte. $2 Million may not seem a lot compared to the trillions being stolen in DC but, if this is going on in multiple states then.. Let’s put it this way. There are a lot of needy programs in states that are going un-funded.

  • tek

    Eastan: good article. This actually happened at an archives (state) where I worked. A curator had been sending himself mail from the archives for years. One of the letters got inadvertently diverted, and an intern opened it and found valuable documents addressed to the curator. The curator resigned, but was never prosecuted. During the tenure of the next curator, valuable documents turned up missing on a regular basis. No investigation, no prosecution, the archives just told the press they weren’t sure if the documents were really missing, needed to do a thorough inventory and they didn’t have the manpower to do it.

    So, if you want make a fortune embezzling at work…

  • Tom Cat “wodie j” Jefferson Esq

    I am sure that they do not get such an enormous amount of requests for this that they couldn’t make a quick phone call to check the validity. They could designate one employee for this alone. Pay them a reasonable salary and problem solved. It would be a lot cheaper than losing $1-2 million dollars! For cryin’ out loud, I can’t believe how STUPID people are.

  • Easton, I really like your profound scientific response.

    Is there any doubt that turning MORE things over to the government is a disastrous mistake?

    • Eastan McNeal

      Looking at the Larry Doyle stories and others here I don’t know what is worse: Crooks at the helm (feds) or dopes at the door (states). There are a lot of people out there, with our money in their hands, mumbling: gvmnt bin very good to me.

      • I think the more local government gets, the better chance people have at actually halting corruption (although it will never completely disappear). Look at all the corruption we see on a large scale–who is bringing suits? I sure don’t know–‘someone else’ is taking care of it. It’s classic psychology–diffusion of responsibility allows tyranny to take hold. Less federal gov, more local gov–it’s the way our founding fathers intended, and just for this reason. Go libertarian!

        (Whew, mini rant to the world done for the day–lol.)

        • Eastan McNeal

          I thought is was quite “Sonic” of you. I wonder if these scammers are pulling anything like this on the feds.

  • bart

    http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html

    Have you see this? According to the Washington Post:

    Hackers Break Into Virginia Health Professions Database, Demand Ransom

    Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

    • listing starboard

      Just imagine what will happen when ALL health records are on line and in government control. It is a disaster in the making.

  • SiliconDoc

    More secure than our federal monies were (and are)when the clown congress conjured up their magical recipe by handing over all the money and then some to the very head fraudsters reassigned to take it to cover their former joint criminal conspiracies.
    Which is to say in the latter case, not at all.
    I just hope the many states in such dire positions of financial woe, don’t catch on too quickly – or maybe we’re already past that hope – as they colluded with congress and cover – the banks and pension and other such bailout goodies knocking on their door, exploding into view in all their glory.
    I guess more secure requires more analysis.