Reseller raises alarm over bogus NHS purchase order
CCL contacts CRN after receiving suspicious £12,000 purchase order purporting to be from Hampshire Hospitals NHS Foundation Trust
The boss of a reseller who was hit by a five-figure fraud in 2013 has sounded the alarm over another possible sting on his firm involving what appears to be a mocked-up NHS purchase order.
Hampshire-based reseller Computer Communications Limited (CCL) received a purchase order for nearly £12,000 worth of HP ProLiant servers and Seagate hard drives on Friday (pictured bottom).
It purported to be from Hampshire Hospitals NHS Foundation Trust, but specified a delivery address near Slough.
Although the purchase order looks authentic at first glance, CCL managing director Dennis Armstrong immediately became suspicious due to the identity of the puported buyer. He called the Trust, who confirmed they had not sent it.
"It makes a lot of sense, as you get an association with the area you are in," Armstrong said, referring to the fact the purchase order appeared to be from his local Trust.
"But purchase orders don't come out of organisations this large, this quickly. I've been done before, which is why I think I'm alert to these things. I was stupid at the time [of the 2013 fraud] not to be alert enough to spot that the delivery address was a block of flats in Bayswater."
The firm listed in the delivery details, Flostream, said they had no knowledge of the purchase order's existence, and that they had spoken directly to the NHS Trust about it. They also said that 'Kennth Smith', the name listed by the delivery address, does not work for Flostream. The company focuses on fulfilment and mail, meaning that in any case it rarely takes goods in.
Hampshire Hostpitals NHS Foundation Trust declined to comment.
Tell-tale signs the purchase order was not genuine include several apparent spelling errors and typos, including in the email address listed - [email protected].
Danny Miller, managing director of Wokingham-based VAR Business Systems, said it is fairly easy to spot the signs of a fraud if you have the proper systems in place.
"Villains are generally pretty thick, so they make little mistakes," he said.
"I had one for 22 laptops for a nightclub on a barge on the Thames, but they wanted us to deliver to Barnet. Another tell-tale sign is that they always want the expensive stuff. So we told them that they could have laptops we normally sell for £500 for £800, and they said ‘fine' - they were that stupid."
Another giveaway is that fraudsters usually want to communicate only on mobiles, Miller said.
"I've been doing this for 30 years, and not a quarter goes by when someone doesn't try it on," he said. "We tip a nod to the police when we can, but the police don't have the resources assigned to it.
"We do all the checks. We insist everyone fills in a credit application form. We use [credit-checking service] creditsafe to find out how long they have been trading, and we also use Atradius to protect ourselves. The ones who get hit are the ones that don't have the protection devices in situ. If you don't have the infrastructure or security, the next thing you know you're going down the toilet because of a bad debt. "
Paul Cubbage, managing director of distributor Target Components, urged resellers to do a ‘KLOTH.NET' on prospects' domain name and email address - to discover how recently they have been registered - before proceeding with any deal. Independently obtaining the number of the organisation the purchase order purports to be from, and then ringing it to verify that the purchase order is genuine, is another obvious failsafe, he said.
"Usually it will fall over at that stage," he said.
Long-firm frauds, where fraudsters establish a relationship with a supplier over time before hitting them on a big order, are harder to spot, Cubbage said.
"Fraudsters are taking over dormant businesses that haven't yet been struck off Companies House - maybe they knew the owner died - and then file a couple of sets of accounts that look plausible," he said. "The only real defence is to check whether there has been a change in directors, or whether accounts have been filed in quick succession.
"People just have to be vigilant. Quite often you find the people that are caught out by fraud are so excited that they don't do the basic sanity checks. Does it make sense that an NHS trust or university has decided to approach you out of the blue? We get bombarded like everyone else. We got one the other day purporting to be from Nottingham University. It didn't make sense for them to be ordering directly from a distributor. We did a KLOTH.NET on their domain name and it was only recently registered, and had nothing to do with Nottingham University.