Identity Theft

A PSA delivered from our CEO about some pesty scammers along with information about how to identify them.

Favorited Favorite 0

Last year we danced in court with a Patent Troll and they eventually backed off. This year SparkFun is a victim of Identity Theft. Yes - a company can also get its identity stolen. Let me explain.

There is a website www.sparkfunn.com that was privately registered on January 8th and updated on January 10th, 2022. Notice the extra n in funn. Cute right? It reminds me of when I tell people my name is spelled with two n’s, not one. Close but that’s not my name or SparkFun’s.

With the domain sparkfunn.com officially registered, these scammers are sending emails using this domain with actual names of SparkFun employees to get other companies to ship them product. The email address is a digital sleight of hand to get in the door, but the actual PO attached to their email is pretty brazen.

Here is an actual PO from one of our partners that notified us.

alt text

Our Logo. Our BIlling Address. Not our shipping address.

The vulnerability the scammers are exploiting is the fact that so much business is still done via PO (purchase order). While SparkFun requires all its customers to place orders online using authenticated accounts and encrypted transactions, a huge number of SparkFun suppliers (people we buy our raw parts from) still prefer to get orders placed via email. One of our suppliers received the above PO for Fluke multimeters and diligently put the order into their system, complete with the incorrect (not SparkFun) shipping address. Because we have "Net30 terms" with this vendor (SparkFun doesn't have to pay for the parts until 30 days after the order is received), the supplier shipped the order before payment was required. Once the supplier shipped the first order, the scammers realized they had an easy target and placed additional orders until the supplier caught on. Unfortunately, once an order ship it can become very difficult to get any of that inventory back. To be clear, SparkFun didn't have to pay for these parts, we were just the most believable company to emulate.

Why Fluke multimeters? While suppliers like SparkFun, Digi-Key and others sell a huge number of products, scammers know it's far easier to sell an expensive but stolen DMM than it is to sell an esoteric low cost part. Don't steal a reel of 0.1uF caps; steal something like a DMM that can be sold to far more people.

How to fix the problem? It's pretty obvious: Stop accepting emailed purchase orders. Of course it's easy to say, unfortunately the electronic supply industry is huge and archaic. Change is hard. But just like it was once hard to imagine buying airline tickets, shoes, TVs, or even cars online, industries change to meet the customer where they are. Business will move away from emailed POs but it will take time. In the meantime, scams like this will be far too easy to pull off.

Here is what we know about these scammers.

Ship information: 4045 Lakefront Ct, Earth City, MO 63045 attn: Randy Fragner. Not our address or employee.

Ship information: 1705 54th Ave. SW Laneeth, AL 36863 attn: James Larry. Not our address or employee.

Phone number 720-773-8818 is a landline. Aware enough to use a CO area code but not us. Calls are answered by an unidentified automated system asking the caller to leave a message.

International Operation - Spanish-based Firm

So now what? Well this is the most frustrating part…

We have lawyers involved and have spoken to several organizations but unfortunately, this will likely turn into a game of Whack-A-Mole. Here is a copy of the notice that was sent a few months ago. I’m not providing the names and signatures - call me paranoid now.

alt text

As you can see our lawyers threw everything at it. I mean - “The Anticybersquattting Consumer Protection Act of 1999 (ACPA)” is a first for me. And while we can throw every conceivable lawsuit to threaten these awful people, our expectations are low that we’ll even get a response. It’s an International Operation and likely not their first scam in this digital world that they are very good at hiding in.

We’ve reached out to as many partners as we can behind the scenes to inform them on what is going on. But just like the Patent Troll, we would like to expose these people too. Be vigilant out there, especially with emails and don’t hit the link so fast. This was a good one I received this month.

alt text

We know SparkFun is not alone in dealing with scammers like this, so if you have any suggestions or comments we would love to hear from you!


Comments 6 comments

  • Member #498483 / about 3 weeks ago / 3

    I’m sorry you guys had to go through this. On the bright side - if you’ve seen the Mark Rober / Scammer Payback / Jim Browning collab to counterattack the Amazon refund scammers, imagine how epic the next collab could be if SparkFun joins the team!

  • embeddedtom / about 3 weeks ago / 3

    The MO address is an actual business (Dalton Logistics Inc). Perhaps notifying them of this scam might help attack this problem from another angle.

    At least the bogus webpage seems to be down.

  • Member #1456495 / about 3 weeks ago / 3

    A C&D may cause them to stop pretending to be Sparkfun, but it won't really stop them. At most, they'll just move on to the next victim.

    If you get wind of this happening again, have law enforcement go to the delivery address when the shipment is due. If you find out about it before anything ships, work with law enforcement and perhaps have a tracking devices added to the shipment. Those addresses are unlikely to be the final destination. It is also possible they they get re-routed via the carrier before delivery.

    They had to pay for the spoofed domain and perhaps rent for the delivery addresses. Remember that old adage: Follow the money.

  • Sergeant82d / about 3 weeks ago / 2

    I am going through a similar situation with an Amazon seller right now. I both trusted, and didn't look deeply at, the fact that I was purchasing 'on Amazon', and now I am trying to get over $500 back from a scammer. Good luck with your case!

  • Member #887589 / about 3 weeks ago / 1

    Drawing and quartering - the perfect punishment for scum like this. Having twice been hacked, I have no mercy for their kind.

  • Member #134773 / about 3 weeks ago / 1

    I hope that you also reported this to the authorities, such as the CO, MO, and AL Attorneys General officies. I suspect that there are also Federal officials, maybe the FTC, that would be interested in this. I'm not an attorney, nor do I play one on TV, but what they are doing is clearly a crime, and they really should get an "all expense paid vacation at the graybar hotel".

    I probably should say that I wouldn't expect the AGs to act on just one instance, as they have "bigger fish to fry", but sometimes a boatload of "small fish" can be easier to fry...

Related Posts

Recent Posts

Tags


All Tags