There are a number of very common procurement frauds; well covered of course in the Bad Buying book. “Inside jobs” based around a corrupt employee take a number of forms but often consist of someone internal diverting spend to fake companies that they control or have a stake in, or to companies that are paying them a bribe. Fraud from outsiders often means submission of fake invoices, or diverting invoice payments away from genuine suppliers to the fraudster. However, most frauds could be prevented by some sensible and standard policies and processes.
So having collected examples of fraud and corruption in a fairly serious manner for over a decade now, it is rare for me to see a new variant. But a recent case in the US was quite unusual, in that it was based on buyer impersonation, which we don’t see very often. I’m sure it has happened before, but this was certainly not a common or garden case. Indeed, it was quite impressive in a way, with the fraudster showing impressive attention to detail, and a good understanding of how procurement works. And the failing was not actually with procurement policy or people; it was the suppliers who were conned and whose processes let them down.
Fatade Idowu Olamilekan, a citizen of Nigeria, was extradited from Nigeria to the US (with good cooperation between the authorities in each county) and recently sentenced to five years in prison in the US in connection with a scheme to fraudulently obtain and attempt to obtain millions of dollars.
From 2018 to 2020 he obtained details of various procurement executives in the US government sector. In particular, during the pandemic, he impersonated the Chief Procurement Officer of New York State to fraudulently obtain medical equipment, including defibrillators. He set up email addresses that were as close as possible to the correct ones for the relevant people and organisations. He then contacted suppliers, principally those already working with New York, and said he was looking for quotes for items.
After they submitted quotes, he told the suppliers that they had been successful and won the contract, and issued them with fake purchase orders (POs). The goods were to be delivered to warehouses that he nominated, and from there he shipped them to locations in the UK, Australia and Nigeria. The payment terms on the POs was 30 days, which is pretty standard, so didn’t raise any alarms. But of course that gave him 30 days to move the goods somewhere else once they were delivered, before the supplier started looking for their money. Presumably, when their cash didn’t arrive, the supplying firm eventually got through to the real buyer, who would then explain that they knew nothing about this order.
All very clever, although getting goods rather than direct cash via a fraud leaves you with the problem of disposing of the stolen goods. Criminals rarely get anything like the real value of their ill-gotten gains (so the bloke in the pub trying to flog me a laptop said). So that’s a downside of this type of activity.
Whilst this wasn’t really a very hi-tech fraud, it does raise some interesting questions as we move into the AI world. A single phone call from the supplier and conversation with a real procurement manager from New York would have put an end to this within minutes. So as transactions and even sourcing processes become more and more automated, you can imagine a situation where a clever fraudster uses a fake AI bot to place orders, which will then be processed by the suppliers’ AI powered bots. How long would it be before the supplier bot realises it has been conned?
This is not something I’ve thought about too much, but as we enter the ChatGPT era, there’s going to be a whole new world of Bad Buying fraud and corruption to think about and look out for!