JSA issued a special alert.
Fraudsters are targeting the jewelry industry with a scam based on "social engineering," the Jewelers' Security Alliance reports.
In a "special alert" email, the organization said it has received "numerous recent reports" of fraud attempts. They have these elements:
- A caller contacts a retail store or supplier and knows a great deal about both the company he is allegedly calling from and the company he is calling. This knowledge includes the names of employees, shipping procedures, inventory on hand and even SKU numbers.
- The caller requests that a certain high-end item be shipped overnight. The goal of the criminal is ultimately to divert a package shipped by FedEx, UPS or another shipper to a different address.
- In some cases a branch of a multiple-location retail chain will receive a call allegedly from a store manager or other employee of another branch requesting that a certain high-end item be shipped right away, sometimes to the store, but sometimes to a customer or non-store address. The person who calls knows names, procedures and sometimes SKU numbers, and sometimes will pretend to be a manager, salesperson or shipping person from the requesting branch. If the caller can’t have the branch ship the item to a specified location, the person will later contact FedEx or UPS and try to have the shipment diverted from the “requesting branch” to a different address.
- One variation of the scam is that a caller impersonating someone from a retail store contacts a supplier requesting that a high-end item be sent to the retail store. Sometimes the store has an existing account with the supplier. Again the goal of the impersonator is to divert the shipped package to a different address.
The scammers engage in so-called “social engineering,” in which they have researched the names of personnel, procedures and online inventory of the target company and the company they are impersonating. They use social media, websites and telephone calls to gain information. They will call numerous times if necessary to collect information.
Here's what JSA recommends:
- Confirm who you are really talking to. If it is someone from a retail store or even another branch of your firm and you do not know the person, excuse yourself and say you will call back. In other cases call back the store after the order or request is made to confirm that it is legitimate. Do not use the number given to you by the caller, but call the actual number of the store, obtained from Google or elsewhere.
- Beware of calls from blocked or “unknown” numbers.
- Do not be tricked into giving callers information about your personnel or procedures. Alert all employees not to give out inappropriate information. The scammers want to know as much as they can about your firm so they can sound legitimate.
- Maintain strict policies limiting changes of address on shipments. Some firms have only one person who can authorize a change of address, or have specified to FedEx or other shippers that all attempts to change addresses should instead be returned to the firm shipping the goods. Firmly notify your shipper of your instructions concerning changes of address.