IT procurement fraud ring targets federal agencies
- By Mark Rockwell
- Jul 30, 2019
A fraud ring with Nigerian roots is leveraging the Department of Homeland Security's procurement operations to steal thousands of dollars worth of IT gear from vendors, according to a report by the agency's inspector general.
Fraudsters based in the U.S. and in Nigeria, according to a report issued by the DHS OIG on July 16, have been masquerading as DHS and other federal agency procurement officials to issue fake bid solicitations to commercial IT equipment vendors.
The OIG said it became aware of the scam last July, when it discovered members of a criminal ring based in Atlanta impersonating a DHS procurement officer to get shipments of computer equipment.
Referencing legitimate DHS solicitations for laptops, hard drives and smart phones and using the name of an actual DHS procurement official, said the report, the crooks faxed or emailed bogus orders to federal contractors across the U.S.
The crooks used spoofed government email addresses that were close to actual federal addresses, but slightly off, such as "rrb-gov.us," according to the report. They also used headers ripped off of legitimate federal government emails, but the reply line used a slightly warped, non-governmental address, it said. In some cases, it said the group also refused to communicate via email and insisted on fax communications.
Leveraging the phony RFQs and other tactics, the group had vendors ship IT equipment to vacant commercial buildings. Once the equipment arrived at those desolate locations, the OIG said the group's ringleader decided whether to resell the gear in the U.S. or ship it to Nigeria.
The vendors were left holding the bag for the loss.
The OIG said it found the gang was also using the scam to steal equipment not only from DHS, but also from other big federal agencies, including the Departments of Commerce, Defense, Housing and Urban Development, Justice, Labor and Transportation, the Federal Deposit Insurance Corporation and the Securities and Exchange Commission. The group even targeted the relatively tiny Railway Retirement Board.
Some of the buys, it said, were worth "hundreds of thousands of dollars."
The OIG advised vendors to protect themselves by getting agency procurement officers' telephone number and use them to confirm that an RFQ is legitimate. It also advised vendors to carefully scrutinize email address and to be wary of "purported procurement officials" who steer clear of email communications in favor of faxes. Typographical and grammatical errors, it said, should also set off alarm bells.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.