Forgot your password?
typodupeerror
Security The Almighty Buck

Web Scam Bilks State of Utah Out of $2.5M 138

Posted by kdawson
from the lessons-from-the-nigerian dept.
KitB sends in a story in the Salt Lake Tribune that tells of a Web-based scam, resembling some used by Nigerian gangs, that snared the state of Utah. $2.5M was sent to a bank account in Texas before the bank raised a question and then froze $1.8M in the account. "Thieves apparently used a Nigerian-based scam to steal $2.5 million from the Utah treasury, covering their tracks by using intermediaries and a church address. A Salt Lake Tribune review of the names listed in a search warrant as receiving or transferring money [found] names of African origin or connections to that continent. Michael Kessler, ... a forensic accounting [investigator] in New York City, said the thieves appear to have used a simple scam that originated in Nigeria about five years ago. The Utah theft is the first time he's seen a government victimized. 'Their IT people should have known better,' Kessler said after reviewing a copy of the search warrant Thursday. 'It sounds like any kid could have done this.'"
This discussion has been archived. No new comments can be posted.

Web Scam Bilks State of Utah Out of $2.5M

Comments Filter:
  • Everyone (Score:5, Interesting)

    by Renraku (518261) on Saturday February 14, 2009 @07:13PM (#26859435) Homepage

    Everyone who did not oppose this scam upon hearing about it should be fired or regulated to a minimum wage job at the bottom of the totem pole.

    There is simply no excuse for wasting that much money that us taxpayers were forced to give to them. Even if they spent $2.5 million on a golden water fountain in an obscure park, at least the people could use it. No one except the scammers will get any use out of this money.

    • Re:Everyone (Score:4, Funny)

      by alexj33 (968322) on Saturday February 14, 2009 @07:21PM (#26859503)
      What happened to:

      "Government scam bilks America out of $800 Billion"?
    • Re:Everyone (Score:5, Informative)

      by RodgerDodger (575834) on Saturday February 14, 2009 @07:23PM (#26859517)

      *sigh* can't you read TFA? There wasn't a scam like the Nigerian scams - this is more a case of someone forging invoices.

      Essentially, the scammers changed the bank details for the University of Utah, and submitted invoices. The state paid them. Yes, the state was slack and had poor procedures for identifying and preventing fraud, but it wasn't one of the 419 scams. Importantly, there doesn't appear to have been an element of greed on the scamee's part.

      This was a scam technique that originated in Nigeria. It wasn't the Nigerian 419 Scam. Strangely enough, Nigeria has been the origin of more than one type of scam.

      • by khasim (1285) <brandioch.conner@gmail.com> on Saturday February 14, 2009 @07:28PM (#26859547)

        This was a scam technique that originated in Nigeria.

        Submitting fake invoices did NOT originate in Nigeria any more than the "419" (aka "The Spanish Prisoner") scam did.

        These scams have been around for YEARS.

        It's just sensationalism to mention Nigeria in the article.

        • Re: (Score:3, Informative)

          by RodgerDodger (575834)

          Possibly it's the way they arranged for the change to the bank details of a legitimate organisation? Dunno. The article said the scam originated in Nigeria. I was just pointing out that this wasn't a 419.

          • by EdIII (1114411) * on Saturday February 14, 2009 @11:19PM (#26860729)

            Possibly it's the way they arranged for the change to the bank details of a legitimate organisation? Dunno. The article said the scam originated in Nigeria. I was just pointing out that this wasn't a 419.

            This is a multi-part scam. What occurred with the state of Utah had nothing to do with Nigeria at all. That is just tabloid journalism where they mention something catchy in the title to get people to read an article that might otherwise be uninteresting.

            Part one was where the scammers used an entity that was already billing the state of Utah and faked invoices with bank accounts changed to funnel the money to the scammers instead. The University of Utah was obviously known to the state and it was not unusual for them to be submitting large invoices.

            Part two, and this is the Nigerian component, was using a person's greed to accept what is sometimes illicit funds in order to receive a share. That's classic Nigerian. I know where there is 10,000,000$ USD but I need your help to access it. In return for your bank account details and cooperation I agree to give you a "commission".

            The people who created the bank accounts where the state of Utah funds were deposited into were the victims of the "Nigerian" fraud. Although, it's not exactly clear that they were actually victims in the sense that they lost money.

            The part that is disappointing is not the "country bumpkins" that cooperated in receiving the money, but the accountants working for the state of Utah that did not have the sense to check bank account numbers against an approved list before transferring millions of taxpayer dollars.

            • Re: (Score:2, Funny)

              by interkin3tic (1469267)

              What occurred with the state of Utah had nothing to do with Nigeria at all. That is just tabloid journalism where they mention something catchy in the title to get people to read an article that might otherwise be uninteresting.

              Because the average Salt Lake resident is FASCINATED by all things relating to Nigeria ;-)

              • by jythie (914043)

                Given how xenophobic the area is, attaching any crime to something foreign will get you reads.

            • Re: (Score:2, Informative)

              by hattig (47930)

              You would have thought that the billing/payment system in use would manage the bank account details separately. I.e., a bill comes in, it gets added to the accounting system, and a payment is flagged as due to the university, which then gets paid using the University's details stored on the system already. And any "change of details" letter would of course involve a double check with the institution.

              I can't believe that a system would exist whereby they would manually transfer the money to the details on th

              • by Teancum (67324)

                OK, let's just assume for the moment that you are in the accounting department for a medium-sized business wanting to do business with a government agency. For some reason, you have moved to a different bank and you want to have a new routing number for all invoice payments for your business. How do you make that happen?

                You get the vendor number of your business, together with "sufficient" information to prove that you are who you claim your are, and somebody in the accounting office makes the change to t

            • You don't watch enough movies and television.
              In the world of fiction, the incompetent or negligent employees are in on it. Get fired. Walk away in shame. And secretly gets a cut of the millions.

        • by Joebert (946227)
          It's a good thing you mentioned that, for a moment there I was thinking nuke Nigeria.
      • Re: (Score:1, Interesting)

        by Anonymous Coward

        I find it hard to believe that this scam originated in Nigeria. It seems like just regular organized crime fraud to me. It's not as if accounts payable departments of corporations and governments have never run into falsified invoices to be paid to fictitious companies before. That the perpetrators had enough information to get the bank accounts changed, makes it seem like an inside job to me. I just don't see the Nigerian connection, other than the "African origin" of the names on the search warrant(?).

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Maybe this is just me, but I don't find this scam as laughably lame as others here. Big corporations with $500+M in sales likely have controls in place to prevent this type of thing, sure, but how about state and local governments, universities, small and mid-size businesses, mom and pop establishments... many could be victimized by this type of thing.

      • It wasn't even changing the bank accounts. This was a situation where somebody got some purchase orders for a university department and the state paid what appeared to be legitimate purchase orders drawn on department funds. The "vendor number" is to speedily process and simplify the task of allocating funds to people who are providing services or products to the university.

        Where this scam became a scam was with the process of submitting the purchase orders to the state, and submitting new bank account information for the vendor. Indeed, some of the purchases that were made may have even been legitimate, in terms of having a vendor like a computer supplier deliver a dozen or more computers to the department and then submitting the purchase order to the university accounting office. (I don't know what exactly was purchased here, but this seems to be something on the order of what was done.) The goods were delivered, payment was expected, and a check was cut and sent to what state records said was the legitimate vendor.

        The "vendor number" wouldn't be the department's code number, although it is possible that the director's signature was forged and several purchase orders were sent through asking payment for items that have never even been delivered in the first place. The reporters on this incident certainly got the details screwed up in terms of typical purchase order procedures.

        Having used Utah state purchase orders myself as a state employee, I can see how this would get missed for some time until the paperwork gets through. Accounting for all of this takes months and quite a bit of good faith is depended upon through out the whole process... although there are a number of points where purchase orders are questioned eventually and have to be reviewed. Smaller businesses would scream quickly if they didn't get their money right away, so it would have to be a larger vendor like Wal-Mart or Circuit City (again, I don't know the specifics here, but this is typical) where the accounting chain is much longer and wouldn't get caught right away.

        What is the scary thing here is that this department had so much money to throw around that missing a couple millions dollars wouldn't be missed. It wasn't the "department's bank account number" as all state funds are deposited together in one place, including tax funds and research grants. This is about how money was disbursed once authorization from the project administrators/department chair has occurred and was intended to pay what appeared to be legitimate debts.

        The University of Utah does have billions of dollars floating around from various research grants and project of various types, so even though the amount of money here seems staggering, it is a drop in the bucket compared to how much money flows through that campus. It isn't even the first inappropriate allocation of funds, although this one should have had flags come up quite some time earlier from a whole bunch of different sources.... not the least of which was the project lead who should have been reviewing invoices charged to his project (where this design department comes into play) and questioning things that seemed out of place. The state won't allocate money if the project has insufficient funds on the charge code.

        • by Herkum01 (592704) on Saturday February 14, 2009 @08:45PM (#26859981)

          The whole reason for all of these procedures was because they do not trust their employees with money. Instead they put their trust in a system which is basically a Purchase Order number. Once someone knows the system they can keep the money coming like an ATM.

          I am surprised that this does not happen more often because all it takes for someone to get money is the belief that the system will take care of it. A few months later when the mistake has been identified it is too late.

          • by nextekcarl (1402899) on Saturday February 14, 2009 @08:54PM (#26860019)

            I wish I had mod points for you. When people trust a system implicitly it is at least as bad as trusting a person implicitly. At least with a person they may have the character to not screw you. A systems has the morals of whoever is using it, and that changes with every user, legitimate or otherwise.

          • Re: (Score:3, Insightful)

            by Anonymous Coward

            "The whole reason for all of these procedures was because they do not trust their employees with money."

            Anyone wanting to have accountability in government won't trust people with cash either. It's just too easy to forget to enter a payment in the system, and then you have 'hundreds of thousands of dollars unaccounted for' such as with the complaints about Halliburton.

            The bottom line is: any system can leak, and large systems naturally develop cracks through which exploits can occur. Constant maintenance

        • by urbanriot (924981) on Saturday February 14, 2009 @08:55PM (#26860025)
          If this was a purchasing issue, why does the article quote the interviewee as suggesting, "Their IT people should have known better,"
          • by EveLibertine (847955) on Saturday February 14, 2009 @09:04PM (#26860065)

            If this was a purchasing issue, why does the article quote the interviewee as suggesting, "Their IT people should have known better,"

            The interviewee is quite possibly a douche nozzle.

          • by garvon (32299)

            From TFA
            "In one case investigated by Kessler's firm, thieves used computer software transmitted by e-mail to monitor financial information input by the chief financial officer of an Ohio insurance firm. Once they had the information, they diverted insurance payments to their bank account. About $1 million was stolen. "
            so yes it is an it problem. ....sort of.

            • Re: (Score:3, Insightful)

              by X0563511 (793323)

              Oh wow, a classic crime, but they use a COMPUTER!

              Quick, fire up the spin-machine!

          • by Teancum (67324)

            If the problem was the IT people, what should the IT people have done here?

            Sent all requests for updating records to dev/null?

    • Re:Everyone (Score:5, Insightful)

      by oheso (898435) on Saturday February 14, 2009 @08:00PM (#26859763)
      That doesn't sound at all like a Nigerian scam to me. It sounds like good, old-fashioned white collar fraud. The story is horrible. The Ohio insurance firm case apparently has nothing to do with the story. There's no explanation why the university's "IT people should have known better". What did the IT people have to do with it? I love the suggestion that people should immediately be suspicious of those with "names of African origin or connections to that continent". And let's see who we're looking for. A guy with a Minnesota driver's license. A truck driver -- but not a Minnesota license? Narrowing it down here ...
    • Re: (Score:2, Funny)

      by Anonymous Coward

      "should be fired or regulated to a minimum wage job"

      Uh, do you mean "relegated"?

    • by dangitman (862676)

      million on a golden water fountain in an obscure park, at least the people could use it.

      For golden showers?

    • by HartDev (1155203)
      Wow I live in Utah and it is great to see all the money extracted from me going to waste....Hey I am in IT I could replace a few people.
    • Understand this: conservative religion is the enemy of education just as advanced education is the enemy of ignorance. The state of Utah (people and government) are dominated by one of the largest conservative churches in the United States.

      This doesn't mean everyone in Utah or in the LDS are ignorant or unintelligent. The leadership is likely as sharp as any top CEO's, but the rank & file? Why do they need to be educated beyond the minimum necessary to shuffle their papers? It's a waste of tax-payer

  • by jensend (71114) on Saturday February 14, 2009 @07:32PM (#26859583)

    Already there are lots of people making silly comments about how stupid the state must be to fall for a 419 scam. But this wasn't a 419 scam or anything like it- the fraudsters submitted paperwork to change the bank account information for a group with which the state already did business and then submitted a bunch of fake invoices. The state paid the bills. They should have had more things in place to protect against these kinds of fraud, but this wasn't a case of idiotic gullibility or greed.

    • Re: (Score:3, Interesting)

      by timeOday (582209)
      The sad thing is, securing the state's accounting systems and procedures to protect against a recurrence of this scam will likely cost more than the $700K that was lost. Certain people love to blame the victom for not doing everything possible to protect themselves, yet decry the wasteful beaurocracy of government - not realizing those are the two sides of the security coin. Most of the stupid and annoying rules out there can be traced back to a perpetrator, and to a victim who said "never again." Think
  • by DavidTC (10147) <slas45dxsvadiv.v ... m ['x.c' in gap]> on Saturday February 14, 2009 @07:32PM (#26859585) Homepage

    Unless they mean the insurance company's IT department, as a password sniffer apparently got past them.

    What that story has to do with the 'change the account number for vendor and submit bogus invoices' story I don't know. At no point do they actually appear to explain the fraud.

    Also, a 'Nigerian' scam traditionally refers to advance fee fraud, aka, 'I have X million here that you can get if you send me Y thousand.'. That does not appear to be what happened here.

    There's a difference between being dumb and falling for that scam, and having someone break in and change the address your business (Or, in this case, government) are supposed to send money to.

    • That's a MUCH better explanation than TFA had.

      From TFA:

      In one case investigated by Kessler's firm, thieves used computer software transmitted by e-mail to monitor financial information input by the chief financial officer of an Ohio insurance firm.

      Sounds like a trojan to me. Or possibly an exploit of Outlook to install a keylogger. But not in any way "Nigerian".

    • by Teancum (67324)

      I'm curious about what business it was that had the purchase orders go through and not get money deposited into their account. It may have been somebody who created a new vendor number and simply submitted bogus purchase orders with the project administrator's signature (or department chair's sig), but it seems like that would have drawn a whole bunch of attention. Vendors themselves get reviewed at least to find if they are a legitimate business, although getting a vendor number isn't all that hard of a

      • by DavidTC (10147)

        Well, they did say the scammers submitted purchase orders themselves.

        So it's entirely possible that the business that was supposed to get paid hadn't actually submitted any purchase orders at all. Like a contractual landscaping company that hadn't actually done any work recently, but obviously would be still in the system. It could even be a company they had stopped using altogether.

        By not expecting any money, the company was not surprised when they didn't get it.

        And, heck, there could have been legit pa

    • Re: (Score:3, Funny)

      by KZigurs (638781)

      I was under impression that majority of government contracts fall under the 'I have X million here that you can get if you send me Y thousand.' type...

  • Stop the presses! This is unprecedented!

    -jcr

    • Re: (Score:3, Informative)

      by dangitman (862676)
      Except for the fact that this doesn't appear to have anything to do with stupid, incompetent bureaucrats - unless you only go by the misleading summary.
  • Good day (Score:4, Funny)

    by ShooterNeo (555040) on Saturday February 14, 2009 @07:38PM (#26859621)

    PLEASE KINDLY PARDON ME FOR ANY INCONVENIENCE

    Good Day,

    Please, kindly pardon me for any inconvenience this letter may cost you because I know it may come to you as a surprise as we'have no previous correspondence.

    I got your contact as i was searching for helping hand in your country , this is why I decided to appeal to you directly for assistance because I' have no relations or friends in your country for help me.I am Mrs.Tema Williams from Zimbabwe. I am a widow being that I lost my husband last year.

    My husband was able to secure a sum of $2,500,000 dollars American through creative use of finanial instruments from the state of Utah.

    I want you to do me a favour to receive this funds to a safe account in your country or any safer place as the beneficiary.

    For your assistance, I have two options for you. Firstly you can choose to have 5% of the money for your assistance, and helping my family investing this funds, or you can go into partnership with me for the proper profitable investment of the money in your country. Which ever the option you want, please do notify me in your reply.

    I have plans to do investment in your country, like real estate and industrial production.This is my reason for writing to you. Please if you are willing to assist me and my only Son Williams, indicate your interest in replying soonest.

    Thanks and best regards .
    Mrs Tema Williams

  • by jc42 (318812) on Saturday February 14, 2009 @07:39PM (#26859625) Homepage Journal

    Could He have been in on the scam?

    • by El Torico (732160)

      Don't blaspheme, just be quiet and pass the collection plate.

      • Re: (Score:2, Informative)

        Even though Utah != Mormons, I'll assume that you're referring to them.

        Mormons don't have a collection plate.
    • +5?

      Right, because all religious people believe that God makes sure that they never lose any money or make any mistakes.
      • by jc42 (318812) on Saturday February 14, 2009 @08:02PM (#26859781) Homepage Journal

        Yeah; I was a bit surprised by that "+5 Informative" rating. But I clicked on it and got the details. Only one mod was "Informative". Another was "Funny", which was what I was going for. The other was "Underrated", which has me a bit puzzled.

        And I well remember when I was little, and was sent to Sunday School at several different churches as we moved around every few years. In every one of them, I heard "teaching" that if you truly believe in God, and pray to Him (and tithe ;-), you'll get very rich. Lots of other religious people have, so you can, too.

      • by Jantastic (196238)

        +5?

        The devil must have mod points today

    • Re: (Score:3, Insightful)

      Really? You're modded +5 informative for a question that gets answered in the first week of any non-denominational, even atheist-leaning comparative religions course? You might start with Victor Frankl and continue from there. Or just GOTO 10 and troll again...I mean, religion-bashing seems to get you great mod points around here, and none of it (that I've ever seen) even approaches 200-level college material...
      • Re: (Score:3, Funny)

        by theskipper (461997)

        So "Humor Analysis and Identification" is a 300-level class?

        • Oh SURE, his informative gets updated to "funny" just after I post a super-serious response. That happens every time I talk to Raelians about UFOlogy, too. They start out with this serious look on their face, then at the end of the discussion they're laughing about it like we all live in some sort of a big comic book. On to the next victim, I guess. Religion has been saved this time.
          • You realize posters don't moderate their own posts, right? The fact that it was moderated informative by someone doesn't mean the poster wasn't trying to be funny.
    • I got "Funny", "Informative" and "Flamebait" mods for this one. (And the "Overrated" mod seems to have disappeared.)

      This rating has surpassed all my previous ratings for incongruity. I'll have to keep a link to it, as a nice example of how screwy the moderation can get around here.

      It is impressive how poor a sense of humor a lot of the folks here seem to have. Maybe I should have included a smiled. But I really thought it would be redundant this time.

      • by Legion303 (97901)

        "I'll have to keep a link to it, as a nice example of how screwy the moderation can get around here."

        Exhibit B: I have a high karma rating even though I've been trolling and making one-liners almost exclusively for about 6 years straight.

  • Whether it was a Nigerian scam or just a plain St. Louis swindle, there are plenty of people out there looking to con you. You just can't be too careful. Nigeria might have lots of oil wealth, but that is tightly held by the families in the oil business. The rest of the population was to dig up their own "income". Just amongst legitimate bills, there are lots of errors and unnecessary stuff that gets added to the bills to piss me off. I wish I had knowledge to know which things were completely unnecessa
    • by LiENUS (207736)

      I paid a bit more for using aluminum gears, rather than plastic parts,

      LOL what? I've never heard of plastic gears, your mechanic may have meant some kind of retainer for the gears, not the actual gears. Automatic transmissions are typically tough little buggers that have to put up with a lot of force, plastic wouldn't hold up 10 minutes as a gear. All in all 700$ doesn't sound like too much to do what is essentially a complete rebuild on your tranny.

      • by Dantoo (176555)

        The sprockets that drive the odometer and speedometer are typically nylon. They don't bear much load and are well lubricated. They can wear or fail in a number of different circumstances. I had one replaced with one that had a different tooth count. Gave me great fuel economy as I was driving around at about 10mph less than I thought I was.

      • by Teancum (67324)

        Actually, I've heard of worse. In an attempt to help reduce sound in the engine, I've heard of wooden gears being used as a timing gear. I kid you not!

        In a drive to maximize profits to the manufacturer, cheapened parts made of plastic can and often do get made. You can have some plastic parts that are able to withstand a significant amount of stress... at least to have a mean time to failure rate that is outside of a typical warranty period of the automobile. The more hidden that you find the parts (lik

  • by moxley (895517) on Saturday February 14, 2009 @08:12PM (#26859827)

    I love this guy's quote: "Their IT guys should have known better."

    Yeah, right..Blame the IT people, because they most certainly are the ones who decide who gets paid...

    I think it's either that whoever fucked up figures the ol standby excuse of "blaming IT" will work in almost any situation....Or is it the old "those IT nerds, they're supposed to be smart - they should've warned us, those confounded proton jockeys!"

    • Re: (Score:3, Informative)

      by Teancum (67324)

      I agree. The IT guys here are the last people who should get the blame here.

      Utah was one of the first government to allow an "electronic identity" for commerce, and that may have been one of the sources of problem here in terms of somebody forging an identity to switch bank accounts of a vendor. But the blame is not with the guys running the servers but rather the lame procedures requiring only an SSN and mother's maiden name to have your identity "confirmed" electronically.... if even that much informati

    • by Biswalt (1273170)
      I love that the guy blaming the IT guys also apparently didn't read the article. POs and vouchers are easy enough to screw up, I work in a small store, and deal with POs everyday. Small little errors go undetected very easily until it gunks shit up at a later point in time, and then it's a pain in the ass to get it done right. On another note, I was going to say this was a small amount of money relatively, but Utah's overall general fund holds about $150 million so 2.8 million would have represented abou
      • by Teancum (67324)

        Utah's General Fund holds about $150 million?

        Where on earth did you get that figure? What possible reason do you think this would have come from "general funds" of the state in the first place and not something "earmarked"?

        Tax revenue earned by the state of Utah in 2008 for "general fund allocations" was $778 million, and a total overall budget of $5.5 billion dollars overall for fiscal year 2009 (admittedly including education and construction allocations here too).

        $700 thousand (all that was really lost)

  • by Jane Q. Public (1010737) on Saturday February 14, 2009 @08:18PM (#26859859)
    The only "Nigerian" connection seems to be the name "Ongaga". Not compelling to me.

    I wonder, though, if the choice of a bank in Texas was deliberate, and if they were using a third party as a shill of some kind. When I was in Texas, years ago, I noticed some of the "different" laws Texas has in regard to banking. I don't know if they are still the same, but at the time, ANY bank error in favor of a customer legally became the property of the customer, without question.
  • by kimvette (919543) on Saturday February 14, 2009 @10:13PM (#26860455) Homepage Journal

    I am proud to say that this will never happen to me. I am about to come into some money - approximately $5million US, and when I receive it I will be sure to avoid scams such as that.

    How am I coming into the $5mil? I'm glad you asked. I recently received an email from Ima S. Ucker, who as you might know is the nephew of a deposed prince in Nigeria who is in need of assistance of getting their family wealth away from some crooks. They just need a tiny fraction of their wealth to return to their comfortable lifestyles, so they offered to give me the vast majority of their wealth in exchange for helping them transfer the money. All I had to do was to provide them with my full name, address, date of birth, social security number, savings account number and pin --- oh wait. . .

  • Re: (Score:2, Funny)

    by jordan314 (1052648)
    Dibs on Nebraska
  • Get real and take off that silly underwear. This is the devil's playground, its not an inheritance from God's Will.
  • They don't call them Utards for nothin'

I am a computer. I am dumber than any human and smarter than any administrator.

Working...