A fraud ring with Nigerian roots is leveraging the Department of Homeland Security’s procurement operations to steal thousands of dollars worth of IT gear from vendors, according to a report by the agency’s inspector general.
Fraudsters based in the U.S. and in Nigeria, according to a report issued by the DHS OIG on July 16, have been masquerading as DHS and other federal agency procurement officials to issue fake bid solicitations to commercial IT equipment vendors.
The OIG said it became aware of the scam last July, when it discovered members of a criminal ring based in Atlanta impersonating a DHS procurement officer to get shipments of computer equipment.
Referencing legitimate DHS solicitations for laptops, hard drives and smart phones and using the name of an actual DHS procurement official, said the report, the crooks faxed or emailed bogus orders to federal contractors across the U.S.
The crooks used spoofed government email addresses that were close to actual federal addresses, but slightly off, such as “rrb-gov.us,” according to the report. They also used headers ripped off of legitimate federal government emails, but the reply line used a slightly warped, non-governmental address, it said. In some cases, it said the group also refused to communicate via email and insisted on fax communications.
Leveraging the phony RFQs and other tactics, the group had vendors ship IT equipment to vacant commercial buildings. Once the equipment arrived at those desolate locations, the OIG said the group’s ringleader decided whether to resell the gear in the U.S. or ship it to Nigeria.
The vendors were left holding the bag for the loss.
The OIG said it found the gang was also using the scam to steal equipment not only from DHS, but also from other big federal agencies, including the Departments of Commerce, Defense, Housing and Urban Development, Justice, Labor and Transportation, the Federal Deposit Insurance Corporation and the Securities and Exchange Commission. The group even targeted the relatively tiny Railway Retirement Board.
Some of the buys, it said, were worth “hundreds of thousands of dollars.”
The OIG advised vendors to protect themselves by getting agency procurement officers’ telephone number and use them to confirm that an RFQ is legitimate. It also advised vendors to carefully scrutinize email address and to be wary of “purported procurement officials” who steer clear of email communications in favor of faxes. Typographical and grammatical errors, it said, should also set off alarm bells.
Source: Mark Rockwell