Slashdot Mirror
Web Scam Bilks State of Utah Out of $2.5M
KitB sends in a story in the Salt Lake Tribune that tells of a Web-based scam, resembling some used by Nigerian gangs, that snared the state of Utah. $2.5M was sent to a bank account in Texas before the bank raised a question and then froze $1.8M in the account. "Thieves apparently used a Nigerian-based scam to steal $2.5 million from the Utah treasury, covering their tracks by using intermediaries and a church address. A Salt Lake Tribune review of the names listed in a search warrant as receiving or transferring money [found] names of African origin or connections to that continent. Michael Kessler, ... a forensic accounting [investigator] in New York City, said the thieves appear to have used a simple scam that originated in Nigeria about five years ago. The Utah theft is the first time he's seen a government victimized. 'Their IT people should have known better,' Kessler said after reviewing a copy of the search warrant Thursday. 'It sounds like any kid could have done this.'"
Everyone who did not oppose this scam upon hearing about it should be fired or regulated to a minimum wage job at the bottom of the totem pole.
There is simply no excuse for wasting that much money that us taxpayers were forced to give to them. Even if they spent $2.5 million on a golden water fountain in an obscure park, at least the people could use it. No one except the scammers will get any use out of this money.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Um, read TFA. The scam "style" was reminiscent of Nigerian M.O., but the invoices were to a BofA account in Texas.
fell for one of these, even after I warned him. The crazy part is I'm pretty sure he's using business funds, not his own money.
I would like to transfer a sum of SEVEN HUNDRED EIGHTY SEVEN BILLION DOLLARS to a bunch of rich people. I request of you your help in this transaction, and I will need your taxcode number. In return, I will give you economic stability.
Please help me kind sirs!!!
I didn't read TFA (of course), so I find it really hard to believe anyone of any kind of intelligence and access to state funds could've fallen for a 419.
It was probably either 1) More elaborate than a simple 419, or 2) if they did fall for it, I'd say odds are that it's an inside job.
I mean, really, people can't be THAT stupid, can they?
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Submitting fake invoices did NOT originate in Nigeria any more than the "419" (aka "The Spanish Prisoner") scam did.
These scams have been around for YEARS.
It's just sensationalism to mention Nigeria in the article.
Already there are lots of people making silly comments about how stupid the state must be to fall for a 419 scam. But this wasn't a 419 scam or anything like it- the fraudsters submitted paperwork to change the bank account information for a group with which the state already did business and then submitted a bunch of fake invoices. The state paid the bills. They should have had more things in place to protect against these kinds of fraud, but this wasn't a case of idiotic gullibility or greed.
Unless they mean the insurance company's IT department, as a password sniffer apparently got past them.
What that story has to do with the 'change the account number for vendor and submit bogus invoices' story I don't know. At no point do they actually appear to explain the fraud.
Also, a 'Nigerian' scam traditionally refers to advance fee fraud, aka, 'I have X million here that you can get if you send me Y thousand.'. That does not appear to be what happened here.
There's a difference between being dumb and falling for that scam, and having someone break in and change the address your business (Or, in this case, government) are supposed to send money to.
If corporations are people, aren't stockholders guilty of slavery?
Stop the presses! This is unprecedented!
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Haha haha haha haha haha haha haha haha ho-hum
Sorry couldn't resist.
Is there a part in this bail-out plan for bailing out dumbass states?
I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
Article Quotes:
Their IT people should have known better," Kessler said after reviewing a copy of the search warrant Thursday.
The search warrant ... said someone in August obtained a vendor number for the University of Utah ... forged the signature of the department's director and submitted paperwork to the state of Utah changing the department's bank account information.
(Some bits chopped out, read the article for the full paragraph)
How is this the IT people's fault? Someone forged a signature, submitted it, and the state accepted it. I think it was a procedure problem and not a technology problem. Article also mentions that they now have done steps to verify the direct deposit stuff.
PLEASE KINDLY PARDON ME FOR ANY INCONVENIENCE
Good Day,
Please, kindly pardon me for any inconvenience this letter may cost you because I know it may come to you as a surprise as we'have no previous correspondence.
I got your contact as i was searching for helping hand in your country , this is why I decided to appeal to you directly for assistance because I' have no relations or friends in your country for help me.I am Mrs.Tema Williams from Zimbabwe. I am a widow being that I lost my husband last year.
My husband was able to secure a sum of $2,500,000 dollars American through creative use of finanial instruments from the state of Utah.
I want you to do me a favour to receive this funds to a safe account in your country or any safer place as the beneficiary.
For your assistance, I have two options for you. Firstly you can choose to have 5% of the money for your assistance, and helping my family investing this funds, or you can go into partnership with me for the proper profitable investment of the money in your country. Which ever the option you want, please do notify me in your reply.
I have plans to do investment in your country, like real estate and industrial production.This is my reason for writing to you. Please if you are willing to assist me and my only Son Williams, indicate your interest in replying soonest.
Thanks and best regards .
Mrs Tema Williams
Could He have been in on the scam?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
That's a MUCH better explanation than TFA had.
From TFA:
Sounds like a trojan to me. Or possibly an exploit of Outlook to install a keylogger. But not in any way "Nigerian".
Whether it was a Nigerian scam or just a plain St. Louis swindle, there are plenty of people out there looking to con you. You just can't be too careful. Nigeria might have lots of oil wealth, but that is tightly held by the families in the oil business. The rest of the population was to dig up their own "income". Just amongst legitimate bills, there are lots of errors and unnecessary stuff that gets added to the bills to piss me off. I wish I had knowledge to know which things were completely unnecessary.
For example, my automatic transmission was not working. I had to pay $700 for getting the gears replaced. I paid a bit more for using aluminum gears, rather than plastic parts, but this was ok. However, what sort of thief designer would put plastic gears in a transmission? But, I could not just purchase the gears alone. I had to buy the who damn assembly!!
It wasn't even changing the bank accounts. This was a situation where somebody got some purchase orders for a university department and the state paid what appeared to be legitimate purchase orders drawn on department funds. The "vendor number" is to speedily process and simplify the task of allocating funds to people who are providing services or products to the university.
Where this scam became a scam was with the process of submitting the purchase orders to the state, and submitting new bank account information for the vendor. Indeed, some of the purchases that were made may have even been legitimate, in terms of having a vendor like a computer supplier deliver a dozen or more computers to the department and then submitting the purchase order to the university accounting office. (I don't know what exactly was purchased here, but this seems to be something on the order of what was done.) The goods were delivered, payment was expected, and a check was cut and sent to what state records said was the legitimate vendor.
The "vendor number" wouldn't be the department's code number, although it is possible that the director's signature was forged and several purchase orders were sent through asking payment for items that have never even been delivered in the first place. The reporters on this incident certainly got the details screwed up in terms of typical purchase order procedures.
Having used Utah state purchase orders myself as a state employee, I can see how this would get missed for some time until the paperwork gets through. Accounting for all of this takes months and quite a bit of good faith is depended upon through out the whole process... although there are a number of points where purchase orders are questioned eventually and have to be reviewed. Smaller businesses would scream quickly if they didn't get their money right away, so it would have to be a larger vendor like Wal-Mart or Circuit City (again, I don't know the specifics here, but this is typical) where the accounting chain is much longer and wouldn't get caught right away.
What is the scary thing here is that this department had so much money to throw around that missing a couple millions dollars wouldn't be missed. It wasn't the "department's bank account number" as all state funds are deposited together in one place, including tax funds and research grants. This is about how money was disbursed once authorization from the project administrators/department chair has occurred and was intended to pay what appeared to be legitimate debts.
The University of Utah does have billions of dollars floating around from various research grants and project of various types, so even though the amount of money here seems staggering, it is a drop in the bucket compared to how much money flows through that campus. It isn't even the first inappropriate allocation of funds, although this one should have had flags come up quite some time earlier from a whole bunch of different sources.... not the least of which was the project lead who should have been reviewing invoices charged to his project (where this design department comes into play) and questioning things that seemed out of place. The state won't allocate money if the project has insufficient funds on the charge code.
I love this guy's quote: "Their IT guys should have known better."
Yeah, right..Blame the IT people, because they most certainly are the ones who decide who gets paid...
I think it's either that whoever fucked up figures the ol standby excuse of "blaming IT" will work in almost any situation....Or is it the old "those IT nerds, they're supposed to be smart - they should've warned us, those confounded proton jockeys!"
are among the most gullible people on the planet. I have not ever met one that didn't take any anything anyone says as completely true.
The only "Nigerian" connection seems to be the name "Ongaga". Not compelling to me.
I wonder, though, if the choice of a bank in Texas was deliberate, and if they were using a third party as a shill of some kind. When I was in Texas, years ago, I noticed some of the "different" laws Texas has in regard to banking. I don't know if they are still the same, but at the time, ANY bank error in favor of a customer legally became the property of the customer, without question.
If you do more than 100,000 a year with a bank you should automatically have a clause that states all assets transferred to Nigeria (or any country you don't regularly do business with for that matter) should be frozen
You mean foreign countries like New Jersey and Texas? The story says the money was being sent to a bank in Texas (which was the entity that raised a flag on this) and checks were going to some nonexistent guy in New Jersey.
But you're on the right track that there should be some "human checking" if the banking details of a state's approved list are changed. I have no idea why the IT people are being blamed. This was the error of some clerk in the accounting department, or worse, by the management of that department who didn't have a validation process for changes in banking information for vendors who are paid over a certain amount.
The whole reason for all of these procedures was because they do not trust their employees with money. Instead they put their trust in a system which is basically a Purchase Order number. Once someone knows the system they can keep the money coming like an ATM.
I am surprised that this does not happen more often because all it takes for someone to get money is the belief that the system will take care of it. A few months later when the mistake has been identified it is too late.
I wish I had mod points for you. When people trust a system implicitly it is at least as bad as trusting a person implicitly. At least with a person they may have the character to not screw you. A systems has the morals of whoever is using it, and that changes with every user, legitimate or otherwise.
If this was a purchasing issue, why does the article quote the interviewee as suggesting, "Their IT people should have known better,"
According to some reports, Utah has/had the 49th lowest average IQ of the 50 states.
"Liberty may be endangered by the abuses of liberty as well as the abuses of power." -- James Madison
If this was a purchasing issue, why does the article quote the interviewee as suggesting, "Their IT people should have known better,"
The interviewee is quite possibly a douche nozzle.
Actually, being on the opposite side now (I am a small business) we know when a Purchase Order comes in that we're on a 30+ day hold to get our actual money. We have to ship product immediately, and then invoice, and wait. Some agencies are fast (only 30 days from invoice to payment), some are characteristically slow. So it's possible for 60-90 days to pass before anyone realizes something really DID go wrong, and that it's not just a standard delay in the system.
Perhaps even the whole douche.
... and then they built the supercollider.
"The whole reason for all of these procedures was because they do not trust their employees with money."
Anyone wanting to have accountability in government won't trust people with cash either. It's just too easy to forget to enter a payment in the system, and then you have 'hundreds of thousands of dollars unaccounted for' such as with the complaints about Halliburton.
The bottom line is: any system can leak, and large systems naturally develop cracks through which exploits can occur. Constant maintenance, accounting, and double-checks are one defense, which in this case worked (according to the summary, where 1.8M of the 2.5M was stopped cold). So we're talking better than 2/3 of the fraud was successfully caught on the double-check, and a total loss of 700 thousand out of a yearly budget of many millions or a few billion.
Not perfect, but not a loss of all 2.5 million (and I hope they are looking into ways to retrieve some of that money, as this appears to have happened recently).
Poor accountancy procedures, like this, are the reason why I'm being made redundant. Our accounts team where so awful at organising payment I would regularly get calls about invoices over 9 months due. Eventually we got put on stop by all our suppliers, we lost our clients, we lost our jobs.
Actually, I've seen a re-enactment of a similar scam, and it was very convincing.
I am proud to say that this will never happen to me. I am about to come into some money - approximately $5million US, and when I receive it I will be sure to avoid scams such as that.
How am I coming into the $5mil? I'm glad you asked. I recently received an email from Ima S. Ucker, who as you might know is the nephew of a deposed prince in Nigeria who is in need of assistance of getting their family wealth away from some crooks. They just need a tiny fraction of their wealth to return to their comfortable lifestyles, so they offered to give me the vast majority of their wealth in exchange for helping them transfer the money. All I had to do was to provide them with my full name, address, date of birth, social security number, savings account number and pin --- oh wait. . .
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Why must my mod points expire the day before I need em....? Up for you and the parent...
From TFA ....sort of.
"In one case investigated by Kessler's firm, thieves used computer software transmitted by e-mail to monitor financial information input by the chief financial officer of an Ohio insurance firm. Once they had the information, they diverted insurance payments to their bank account. About $1 million was stolen. "
so yes it is an it problem.
I got "Funny", "Informative" and "Flamebait" mods for this one. (And the "Overrated" mod seems to have disappeared.)
This rating has surpassed all my previous ratings for incongruity. I'll have to keep a link to it, as a nice example of how screwy the moderation can get around here.
It is impressive how poor a sense of humor a lot of the folks here seem to have. Maybe I should have included a smiled. But I really thought it would be redundant this time.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Oh wow, a classic crime, but they use a COMPUTER!
Quick, fire up the spin-machine!
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
any IT dept should have picked this up.
They deserve to get robbed.
I am surprised that this does not happen more often because all it takes for someone to get money is the belief that the system will take care of it.
I am intrigued by your ideas, and wish to subscribe to your newsletter.
Well it couldn't have been my fault, must have been someone elses. Done over computers you say, then it must have been IT's fault.
Hey, buster, Texas joined the USA as an equal nation! Name another "state" that has their own national beer(!)
/uses the US dollar because the Texas mint has been closed for 150 years
moox. for a new generation.
A douche nozzle is actually a quite sophisticated piece of plastic.
With it's slim and sleek shape, as well as strategically positioned delivery holes, a douche nozzle thoroughly cleans the vagina without causing much if any damage or discomfort. All the while dealing with pressure from the resident douche-bag.
A douche-bag on the other hand, simply spews a mess all over the place on its' own.
I'm sure we all appreciate your attempt at linguistic innovation, but we've spent decades calling people douche-bags for a reason.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
This is Slashdot. He's just bad-mouthing douche nozzles because he's jealous they actually succeed to enter vaginas.
Dibs on Nebraska
Sounds to me that they didn't follow the system.
I mean anybody with a forged paper can change bank account details. At the least that you
should require at least 2 supervisors to confirm, especially a person from the department
that the payment was for.
Even if the invoices were forged,if the bank account details were not changed, they could get their money back.
Sounds like nobody is watching that they are following procedures.
Quoting from TFA " . . . someone in August obtained a vendor number for the University of Utah's design and construction department. They then forged the signature of the department's director and submitted paperwork to the state of Utah changing the department's bank account information.
Fraudsters logged onto a state Web site and submitted invoices to the state on behalf of the campus department."
I'm no expert (although I do supervise various aspects of "micropurchasing" -- including accounting for proper use of funds, verifying purchases / audits -- for one small part of a federal government agency), but with the wide variety of specific internal accounting procedures / paperwork out there in different agencies and organizations, it seems to me that to execute the steps described above to reroute the money would require some insider knowledge (What form do I use? Who signs it? Who do I send it to? How do I send it -- pdf, some web app, internal messenger system?). I didn't see any mention of that possibility in TFA.
Get real and take off that silly underwear. This is the devil's playground, its not an inheritance from God's Will.
Still, "douche nozzle" is bad ass
Constant maintenance, accounting, and double-checks are one defense, which in this case worked
No they did not. What happened was money laundering laws kicked in and the BANK asked why there was so much money coming into the account. This was not caught by the state.
They don't call them Utards for nothin'
If the problem was the IT people, what should the IT people have done here?
Sent all requests for updating records to dev/null?
Maybe this is part of the 'reorganization plan' SCO keeps telling the bankruptcy court it's working on but never seems to complete.
Understand this: conservative religion is the enemy of education just as advanced education is the enemy of ignorance. The state of Utah (people and government) are dominated by one of the largest conservative churches in the United States.
This doesn't mean everyone in Utah or in the LDS are ignorant or unintelligent. The leadership is likely as sharp as any top CEO's, but the rank & file? Why do they need to be educated beyond the minimum necessary to shuffle their papers? It's a waste of tax-payer money and it is dangerous (they might ask questions about the status quo).
This is true of nearly all conservative religions. The more conservative the religion, the more they oppose higher levels of education for all. Only a few "elite" need education to rule over the rest. Prime example is Amish, where their kids are exempt from state education requirements beyond eight grade because it would harm the Amish's community and religion. Their religion depends on their children blindly accepting their lot in life and education beyond and eighth grade level would threaten that. The children (think of the children!) must have their potentials permanently "nipped" for the benefit of the Amish religion. Of course now the Amish are becoming a larger and larger tax drain on the state as they cannot support their medical costs as they age -- none of them have any skills beyond 1800's farming and barn-building 'technology'. But it's "O.K." -- this is America, where withholding medical and education benefits from children is considered a "religious right" -- and education of children in a nationally standardized _minimum_ curriculum is considered a violation of "religious freedom".
Some countries call that child abuse. In the US it passes for religious freedom, where 1 in 5 adults believe man walked the earth at the same time as dinosaurs and over 50% of those with a high-school education, only, believe man was created in the form he exists today.
Unfortunately, for a democracy to work, education about the issues is essential. Otherwise votes are made on whichever opinion gets the best funding for marketing to the ignorant masses who then go out and vote the way the best-funded media campaign as told them to vote.
Every once in a while, a 'hole' in the education of the thrall masses results in an embarrassment to the elite. It happens. Makes for good "ammo" as to why they (the elite) need to censor the internet: to protect them.