Last Thursday, my stock photo agency, Index Stock Imagery, was hit by a variant of what is known as the "Nigeria Scam." Here is what happened:
1. Someone obtained one of our checks. It must have been one that we wrote to an artist, for a commission payment, because it was written on our Bank of America checking account (which we use only for this purpose).
2. That person used our check as a template and created a number of forgeries. These forgeries simulated Bank of America check stock, bank transaction codes, and security information. They also had a copy of our CFO's signature on them. The copies were good--professional quality.
3. The group involved created checks in denominations ranging from $10,000 to as much as $150,000. Then then presented these checks to businesses and banks all over the country. In just two days, they attempted to pass more than $1,000,000 worth of fake checks.
It should be no surprise to learn that we didn't have $1,000,000 in that account. If the scammers knew anything about the stock photo industry, they would not have chosen us to attack! Plus, Bank of America noticed the checks, and realized they were frauds. So, the scam ring probably didn't get much for their efforts. For all I know, they might even have lost $5,000 or $10,000 on their effort. After all, they had the overhead of making the fake checks and distributing them to a surprisingly large network of confederates.
Of course, our daily operations were completely disrupted. We had to close our account and open a new one. Bank of America could not figure out how to pay the good checks (those we actually had written), while still rejecting the bad checks. So, all of our good checks are now bouncing. The balance in the account is frozen, because Bank of America doesn't know for sure what it should clear and should not. So, we have to find another account and different funds to support the replacement checks we are writing for our artists. Each time one of our checks bounces in one of our artist's banks, our artist gets charged a $30 to $50 fee. If you figure there are 100 to 200 checks involved, we are out $3,000 to $10,000, just in bank fees. Add the pain and suffering of dealing with this mess, plus the missed mortgage payments and hassles for our artists, and we lost at least as much as the scammers.
We haven't seen any FBI agents in our office, yet. No alarm bells rang. I don't hear any speeches saying "this shall not stand" by the President or posturing by our attorney general/candidate for governor. It seems that scams like this one are part of daily business, these days, and no one in our government or legal system really notices them.
Does this piss you off? Ok, stack on top of this scam, the cost of spam. Not only the suffering of opening your email every day and finding 400+ spams that offer you Viagra, disgusting sexual adventures, or bizarre ads in Russian, Chinese, or Japanese. But also spams that contain viruses or tracking worms. Thanks to McAfee, Spamnet, and our Sprint email filtering system at work and ZoneAlarm, Windows Firewall, and AdAware at home, my poor laptop continues to survive. But, for how much longer? Even if each of these attacks has only a 0.001% chance of succeeding (one in 100,000), at 1,000+ attacks per day, the odds are against me!
Look at it another way. We are a legitimate business. If someone registers with us, and wants to hear more about our products, we send them emails. Those who receive our emails seem to like them. We get open rates over 10% and our unsubscribe rate is under 1%. But, we estimate that 20% to 50% of the emails we send are blocked by corporate and private spam filters. That takes money out of the pockets of our artists, and deprives our customers of information they want. And it is not our fault, it is the fault of the scum that clutter up the world with spam!
Another example. My blog is a modest effort, with relatively low traffic. Even so, some people want to post spam comments and spam trackbacks. They have some kind of robot posting machine that does this. I have to log on to get rid of those entries. Otherwise, what traffic I get would be siphoned off to sites that would embarrass me...
Not pissed off about this, yet? Spend your time writing an original blog. Find time in between everything else to do research, think about things, and post your idea. Then, post your prose and wait. One day later, some $%#&*@ in Singapore grabs the first 100 words of your blog and posts it on his site. He links at the bottom of your entry, to your site, so you are supposed to feel flattered. But, he didn't ask your permission and doesn't mention that he didn't write the post. Plus, he sells ads on his site...and doesn't give you a share of the money he is making off you and the other 100 people he "harvests."
Scam, Spam, and Scum. Remember the movie Network? As Howard Beale said, "I'm mad as hell and I won't take it any more!" I wish I knew what to do about it. Here is my modest plan:
1. Ignore all your spam. If EVERYONE NEVER BOUGHT ANYTHING from a spam email, they would stop doing it! NEVER buy from from someone who spams you.
2. Permit all your good email. If you are not careful, you may be blocking emails from your friends, potential business partners, even that friend from high school you always wanted to hear from, again!
3. Every time you get sent to a spam site (one of those ones that lure you in with their high Google rank and "borrowed" content) leave right away! Please DON'T click on any of the ads they carry.
4. Be careful. When you are on a Web site and you start getting asked for personal information, look for reassurance. We have to get social security numbers for our artists, so we can pay them. We have to get credit card numbers or Purchase Orders from clients, so we can bill them. We are really careful with this information--you be careful, too!
5. Vote for people who understand the problem, and will do something about it! We need help--stronger laws, international treaties, more FBI agents...heck, I'd be happy to see the Marines get involved! Forget invading Iraq and giving Iran a hard time. Let's do something about getting rid of Internet scum.
You may not be pissed about this, but I am! Please do your part to rid the world of these folks. And, give me more ideas about what we can do, as a community, to get rid of scams, spam, and scum!
I'm afraid you left off the most important thing any controller can do today to avoid scams.
Check your bank accounts EVERYDAY via your web browser for any unusual activity. If you do this you will find out that sometimes you will catch fraud before your bank does!
Posted by: Observer | March 01, 2006 at 04:59 PM
Good advice. We do what you suggest, and actually spotted the problem around the same time the bank did.
However, our bank Web tracking system is pretty weak. Stuff shows up and disappears sometimes, without explanation. Bank tech doesn't seem to me to be keeping up with the tech level of those who are attacking them!
Bahar
Posted by: Bahar Gidwani | March 01, 2006 at 05:06 PM