NAEP Pulse
 

Recent Fraud Schemes Targeting Universities & How to Protect Your University

Print this Article | Send to Colleague

By Vanessa Wong, Executive Director of Procurement & Solutions, University of California San Francisco Supply Chain Management

A recent trend of rising “supplier imposter” fraud cases targeting universities was observed particularly in areas of construction and high tech industries. Scammers who target these groups are primarily motivated by financial gain. Regardless of their level of sophistication, these scammers appear to be extremely organized and methodical in planning and executing their scams; and have proven to be successful in their efforts. Financial loss to higher education institutions has approached into the millions of dollars from a single occurrence so this is an extremely serious issue across the country.

Many universities are frequently engaged in large construction projects which require regular electronic payments of several hundred thousand dollars. It is relatively easy for a scammer to identify the construction companies involved in these projects by just driving by the construction site or looking at the online posting of public entities’ construction projects. As a result of the nature and large size of these payments to a construction company, losses are significant.

How The Scam In Automated Clearing House (ACH) Works:
The scammer, posing as an established supplier, follows university guidelines posted on the university website, completes the supplier change information form and e-mails to the university accounting the bank account changes to be used for future payments. Typically it is an individual purporting to be from a construction company with which the university has an existing business relationship. Often the scammer would use a similar domain or use another domain with similar format but with some minor variations. For example, if the actual domain is xyzbuilders.com, the scammer might register and use eyz-builders.com to send the e-mail. The university sends their next payment to the scammer’s bank account, and the money is often unrecoverable by the time the university realizes they have been the victim of fraud.

Tips on how to protect yourself from this scam:

  • Implement tighter controls in obtaining positive confirmation from the supplier of change requests on banking information.
  • Establish procedures at the university that include a means to authenticate requests to update any existing vendor financial information. These procedures will entail confirmation of valid changes through independent verification of changes with the supplier.
  • Raise awareness of fraud schemes to your campus departments and central administration by communicating on the university website and offering fraud prevention training.
  • Develop and implement fraud handling procedures (e.g., communication, escalation, fraud monitoring, tip off)

How to Validate Banking Information Change (ACH) Request:

  • To verify the request for banking method or bank account change is legitimate, contact the supplier from the known and previously used telephone number of the supplier requesting the initial setup of their bank account information.
  • Document the change confirmation from the supplier via email.
  • Keep records of communication electronically in a repository.
  • If information is not readily available for verification, place the supplier on payment hold until verification is complete.
  • Review closely the domain that the e-mail address is being sent from to confirm that it matches the actual known domain of the vendor.

How to Handle A Fraud Case:

  • If fraud was detected, immediately contact the financial institution that the university banks with to file a recall of the ACH. This has allowed some universities to recover partial if not all of the monies deposited in the fraudulent account.
  • Report suspicious fraud attempts to the university’s police department and report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov.
  • Cooperate fully with the authorities and provide accurate and thorough information to them. This is critical to assist in the criminal investigation which would result in resolution of the fraud case and/or arrest of the criminals.

Recommendation:

To safeguard university asset from financial losses related to fraud, we recommend taking the following steps:

  • Assess current supplier data management processes to identify any control gaps
  • Develop new processes and corresponding controls for the setup of new suppliers and changes to their profile and payment methods
  • Consult with your university internal audit to review and ensure control gaps are addressed
  • Subscribe to FBI fraud alerts or professional journals to keep informed of emerging fraud schemes and tip offs
  • Establish a fraud handling process which is critical to enable expedited actions that can often minimize losses and identify criminals through the authorities

 

Additional information and updates will be shared in the Spring issue of the Educational Procurement Journal magazine as well as during a session during the 2018 Annual Meeting this April in Orlando.

 

Back to NAEP Pulse