I was the contract CFO for a government contractor/reseller who sold Apple and other products to the government and to other government contractors. It started that summer day with an email I received from ACL’s COO: ‘Call me on my cell phone as soon as you get a chance.  The FBI just stopped by our office and we have an urgent issue’. When I talked to the COO it became clear that the group of military orders recently placed for nearly $500,000 were fake.

The FBI told us that there was a Nigerian crime ring who looked online for contractors and by contacting Apple and other manufacturers to get lists of their resellers for Apple and other products. Once they determined that the reseller sold to the government, they used their inside connections at military bases to order and arrange for receipt of orders, which they would later sneak off the bases. This was done using a military-looking email address and even live phone calls. The fraudsters put together a real looking government purchase order and sent it to ACL’s office. It even had the correct contact name, Bill Anderson. ACL called ‘Bill’ and though he had some broken English, in Washington this wasn’t that unusual.

Since the military (DLA) had ordered from ACL in the past, it wasn’t that unusual to receive more orders. So after some cursory checking, the first Apple computers and ipads were shipped to a military base. Then more orders came in, for different bases. Same story. Ultimately the fraudsters paid for a small order, some $3000. This further reduced risk around the account, since it wasn’t showing as overdue. However, the orders totaled $430,000.

Finally, after talking with DLA accounting ACL realized it wasn’t going to be paid.

Examining the Facts and Piecing Together the Evidence

ACL’s staff looked closer at the emails-though having official .mil addresses, if one looked at the sent mail their true (non-government) address was visible. This form of spoofing is common and went undetected until after the fact, when it was too late. The damage had been done.

The fraudsters had at least two mules: one who made the deposit for an early shipment, and another who worked at a military barber shop, who arranged shipments from the bases to a ship, bound for Nigeria. They ‘worked with’ Fedex by duping them and military shipping clerks into rerouting packages from Fedex facilities and military bases to Fedex offices where they just walked in and claimed the packages. This was done easily with the knowledge of the tracking numbers. Since the packages were addressed to ‘Bill Anderson’ they just walked in, said they were Bill, and without being authenticated, were given the packages.

Neither Fedex nor DLA would take responsibility, even when sued. In fact they were tight-lipped about providing information, since they obviously were duped too by having hired criminals to work at their shipping docks and barber shops.

Reasons This Fraud Was Successful

  • Customer was already an approved account with NET 30 terms in ACL’s system.
  • Bill Anderson was an actual employee at DLA
  • The emails, phone calls, and purchase order documents seemed legitimate.
  • ACL was shipping to military bases and the addresses were actual military bases which made this seem legitimate.

Who Were The Fraudsters?

Babatunde Aniyi was involved with the ACL fraud. ACL of course wasn’t the only government contractor/reseller to be defrauded. There were dozens of other companies-according to the FBI the ring may have totaled $100,000,000. In fact I know another contractor, ABC Co, who ACL was actually trying to buy, who was almost defrauded. The tipoff to ABC Co. was that the perpetrator was in too much of a hurry. While time is of the essence sometimes in military or purchasing in general, the salespeople know and sense when something is ‘off’. The fraudsters weren’t able to defraud ABC Co. due to some quick thinking by it’s CEO.

Catching The Fraudster At A Fraud Convention

I received a call from the FBI some months later-they had received a hit from the Indian immigration system that the fraudster had entered their country to attend a conference on hacking. Aniyi (the #2 in the fraud organization) had traveled from Nigeria to India to attend a fraud conference! India has extradition with the US so he was picked up, brought to the US and put in jail. There was a criminal trial, and he was convicted of conspiracy, false pretenses, impersonation and forgery, among other things. The sentence calls for 5 years in jail, a $250,000 fine and restitution. Of course most criminals in that situation don’t actually make restitution, because their assets are offshore or they’re already spent the money. He was no different. Once he served a shortened term he was deported.

Lessons for Companies

Hindsight is always 20/20 but the stronger the controls are the better the chances of not being a victim to fraudsters. Or in ABC Co.’s case, not passing the ‘smell test’ was the key, since it had an involved, hands-on CEO with years of industry experience who knew something was off and cancelled the orders, just before they were shipped.

Fraudsters will always exist. They do attend fraud conferences. They try to learn from us to keep one step ahead of technology and processes. The best we can do is keep fighting the fight, keep learning and educating others, in an attempt to keep fraud to a minimum.