In mid-January, Lekoil, an African oil exploration and production company lost an astonishing 70% of its share price almost overnight. This dramatic decline in fortunes arose from the fact that they fell victim to a simple advance payment fraud.
The company believed that it had secured a $184 million loan from the Qatar Investment Authority (QIA) to fund the appraisal of an oilfield. To complete the transaction, they paid over an agreed fee of £600,000 to Seawave Invest, a Bahamas-based intermediary which had facilitated the introduction to their alleged interlocutors at the QIA.
When the transaction was exposed to public scrutiny it became clear that Seawave was a sham. The real QIA had known nothing about the transaction. The financing – already announced to the market – had never existed.
The case was quickly trumpeted – mostly by the due diligence industry – as a cautionary tale. The remedy, according to many of the articles penned at the time, was for businesses to pour more time and money into ‘on-the-ground’ enquiries into any proverbial ‘Greeks bearing gifts.’
Within the space of a few weeks, the world had changed. On the ground enquiries faced new challenges, and amid a global scrabble to secure PPE and medical supplies advance payment fraud began to boom.
Fraud is based on three principles: pressure, rationalisation and opportunity. The sad truth is that Covid-19 is providing plenty of opportunities to exploit demand.
Fraudsters won’t let a good crisis go to waste. In the current environment there is an increased risk of credit fraud, procurement fraud, and compliance fraud. This is driven by a unique combination of factors which makes ‘lockdown’ such a fertile environment for a fraudster to operate: staff working remotely; the furlough of “non-essential” staff from compliance or accounts; supply chain issues; and pressure to meet targets.
In the last month alone, the UK’s National Cyber Security Centre has taken down more than 2,000 online coronavirus scams – including almost 900 advance-fee fraud schemes. Many of these involve payments on a scale that makes costly due diligence or legal redress impractical. A small business that has lost $5,000 on a PPE order for their workers is hardly likely to spend five times that paying for due diligence, or twenty times as much litigating the case if their funds are lost. The fraudster knows this. He relies on it.
While Lekoil’s case was not about COVID-19, it undoubtedly has resonance in an era where knowing your counterparty is more important than ever. The guiding principle in any such case must be, simply, what doesn’t add up?
Schillings’ Intelligence & Investigations team reviewed the Lekoil case, in conjunction with leading forensic accountants Forensic Risk Alliance. We picked up six indicators – several of which were available via online research – which should have prompted serious questions on Seawave and the individuals representing it.
Spotting a Fraud
1. The terms of the loan
To secure the loan, funds were paid in advance, rather than being tied to the acquisition of the loan. Furthermore, the loan facility was being offered at 3.72% which was below market rate of this type of loan which typically would have attracted a rate of around 7%. Knowing what the market rate is helps to spot outliers, which may signal that something is amiss.
Clear inconsistencies are always red flags, so it is worth doing a careful check over phone numbers, addresses, email addresses and contact names to see whether they present a coherent picture. Do they fit with the narrative that has been presented?
For example, Seawave Invest claimed to be based in the Bahamas but the contacts page on its website listed a PO Box in Accra, Ghana as its address.
A phone number was listed for the company, and when researched it appeared to be a contact number for an individual named Susanne Rolle-Tiedemann at Holowesko Pyfrom Fletcher, a law firm situated in Nassau, Bahamas. According to its website, that firm specialised in real estate, financial services, wills & estate planning and “related fields of law.” According to her LinkedIn profile, Rolle-Tiedemann is a Legal Assistant at Holowesko Pyfrom Fletcher. Again, would this be consistent with the profile of a firm providing services to the QIA?
3. Poor grammar – and ‘cut & paste’ text
The website for Seawave Invest was littered with discrepancies and grammatical errors. This immediately calls into question the credibility of the site’s authors.
If an investment professional can’t spell “project” on their public platform are they likely to be trusted by a major institutional investor to advise on a $1.8m deal?
This prompted us to reverse-search the text, revealing that it has been lifted wholesale from another (defunct) site. It’s also common to see images or director bios for fake companies borrowed from elsewhere online, so reverse searching text and images is a quick trick that can pay dividends.
4. Incomplete profile
In examining the website, we also noted that large portions were incomplete or “under construction.” There was a lack of third party literature on Seawave, and it had precious little profile online and on social media.
In itself, this might not be a deal breaker, as legitimate firms do eschew press coverage in some circumstances, but combined with the inconsistencies and other red flags set out above, it certainly added to the sense that caution should have been taken.
In this case, the firm’s “partners” were listed as “UPDATE IN PROGRESS.”
5. Historic domain information
Domain registration information is not the treasure trove it once was, as most fraudsters are sophisticated enough today to register their website using a proxy server, but with reasonable regularity you get lucky and find historic domain information. With respect to Seawave, the site was registered with a proxy service – Wild West Domains LLC – but working back though the historic domain information showed that it was first registered in April 2017 to “eglobesolution” in Lomé, Togo.
You would think that no one would place their trust in a business that had been struck off, and yet this is what appears to have happened. As you can see below, the company has been listed as Struck Off the company register.
We do not know whether Lekoil checked this when they first engaged, however given the timing it seems unlikely that it was cross-checked before funds were paid through.
When you start to engage with a counterparty, it is worth checking that they are in good standing, their filings are up to date, and that they remain so for the duration of the relationship.
It is also worth checking any verifiable credentials that a counterparty claims (e.g. a legal or accountancy qualification, or membership of a trade body). In some cases, this can be verified online. In other cases, an enquiry on the phone or via email may help to verify, or not.
Three steps to avoiding advance fee fraud
Fraud is as old as human history – as far back as ancient Greek there is a written record of a practice surprisingly similar to modern-day insurance fraud – and it is not going away.
The Lekoil case study establishes that while fraudsters can be ambitious in their targets and remarkedly energetic in some respects they are likely to make mistakes. It is worth examining in detail a network of websites, entities, ‘characters’ or ‘personas’ for any signs that all is not as it seems. The risk areas highlighted above provide a guideline for anyone who has access to the internet, curiosity, and a bit of common sense.
Armed with this information, an individual or entity – whether a company or a charity – can also take three easy steps to avoid falling victim to a scam of this kind.
1. Do the facts fit the narrative?
Put these facts together and reflect on whether the facts you’ve identified fit the story. Can you see a logical explanation for why the business might be struck off, registered in a tax free jurisdiction or represented by a low-budget website? What is the purpose of additional layers of agents, brokers and other middlemen? Use this to form the basis of your own set of questions. If the answers are incomplete, unsubstantiated or your contact is evasive, it is a strong indication that you might be dealing with a fraudster.
2. Ask for third party verification
If you are not sure whether something is authentic, ask the counterparty for more details and documentation where relevant. Ask for third-party verification, e.g. from a bank, and if you are sufficiently suspicious ask for a secure way to speak to a third-party directly, as opposed to accepting an email that might be spoofed. Of course, much of this could be falsified by a committed fraudster but pressing for authentication increases the chance that you become a poor return on investment for a fraudster – and they move on to lower hanging fruit.
3. Maintain internal checks and balances
A system for sign off that involves more than one employee – and ideally perspectives from across departments should be encouraged. Involve the legal and compliance departments of your business early on to get another, perhaps more sceptical, viewpoint. Likewise, training staff on key business risks – like advance fee fraud and social engineering – will pay dividends. Continue to adhere to company policy on authorisation for payments even when a large number of staff may be working remotely. Complement this procedural rigour with strong cyber security, including regular risk assessments and reviews of system access permissions.
Ultimately, fraudsters will take their chances where they can – in crisis and in periods of ‘normal’ trading. That said, it is possible, even without taking formal advice, to frustrate a fraudster and ensure that you and your business do not become victims.
By Trevor Wiles of Forensic Risk Alliance, and Lily Kennett and Juliet Young of Schillings and with research by Georgia Lacey of Schillings and Michael Milton of Forensic Risk Alliance.