We kicked off our series on storage spoofing with an interview with Ronald Backers, who works as a Business Intelligence Adviser for the Port of Rotterdam Authority. In this instalment, we look into various similarities between different attempts at storage spoofing, based on case studies provided by the founder and CEO of a trading company in the port area who served as a source on the subject.

[this article in Dutch? Click here]

In our previous article we wrote, among other things, about ‘suppliers’ who offer non-existent stocks for sale at attractive rates and about the specific products that these fraudsters claim to own. However, according to our source, the clearest sign that you are actually dealing with an attempted fraud is the kind of deal that you are offered, and the specifics of how the ‘seller’ handles the transaction.

WARNING SIGNS

A concrete example: an email comes in from a company in Russia. They offer to sell a product like JP54, D2 or D6 – already stored at a facility in Rotterdam – at an attractive price level. “The purported ‘seller’ then makes the offer a bit more specific. Sure the product is for sale, but it has to be transferred to different storage tanks – at short notice. And all of a sudden, ‘a friend of his’ pops up, who has some spare storage capacity ‘for 3-5 days’…”

“The seller presents hard proof like websites, invoices and all sorts of forged documents. And then you get the invoice, which naturally needs to be paid immediately. They charge amounts of USD 100,000 to 450,000 for this kind of storage facilitation. The banks used for the transaction are obscure establishments based in some other country. And that’s where you see the spoof: the buyers think they have scored a huge bargain. They think that with a modest investment, they have landed a new volume that can be put on the market. However, the physical product is nowhere to be found.”

“When I offer a car for sale online, I tell the prospective buyer ‘Listen, it’s sitting in a car park in the city center – you’re welcome to come and check it out.’ This emphatically isn’t the case with these attempts at storage spoofing. The companies may offer more or less official-looking documents, but as soon as you start asking questions about the company, the location or the origin of the products, it all becomes very vague or they stop responding to your queries. Suddenly they can no longer be reached for a few days. Or they send you the tank coordinates, a link to a website they have made themselves or forged documents.”

“We have a DD department (DD for ‘due diligence’, which involves checking transactions with the appropriate care), which extensively checks everything that comes in. Oil trading is mainly based on bank compliance – unless your name’s Shell or Exxon, that is. Everything complies very clearly with current regulations and legislation and is conducted via the official channels. What we often see in storage spoofing is Gmail and Yahoo addresses, which are a pretty clear sign that something fishy is going on. That’s your first red flag right there. And the same applies to the documents they send. What’s more: we have a Port Intelligence department that we can use to track everything that goes in and out. A simple check is often all you need to blow a story out of the water.”

“As it is, the stories are always about Russian owners and Russian tank farms. You don’t even find those here!” But if you aren’t aware of that kind of context, it becomes a lot harder to navigate the wide range of deals offered in the port area. And if you don’t know ‘how it’s done’ or how parties relate to one another or which parties there are, you run a far larger risk of becoming the victim of a scam. And this makes storage spoofing a particularly high risk at the international level: you have companies that aren’t familiar with the ins and outs of the port area. Which is one reason why we are also offering these articles in English. Because that’s the second threat posed by storage spoofing as a phenomenon: the danger of it becoming a negative business case for the port area. “You may get a situation where people think ‘Gosh, Rotterdam is full of crooks’.”

‘SOMETHING FEELS OFF’

“You know: the other thing with storage spoofing,” he continues, “is that greed plays a role. When something’s ‘too good to be true’ it generally is.” We see the same thing going on in attempts to scam people via phishing or, for example, CEO fraud. You know the feeling: everything seems to be in order, but something feels ‘off’ – starting with the unusual pricing in the deal on offer.

That is why you should always check the so-called ‘red flags’ – by which you can also recognise a phishing email, incidentally: a strange email address, an excessively positive tone, lots of language errors or weird translation choices, a curious looking URL behind a link or an unusual, impersonal salutation. And remember: ‘too good to be true’ is often indeed too good to be true.

“Just last week we had an example of someone who listened to his gut feeling on this.” The offer in question involved the fuel type JP54 – the same product that plays a key role in countless other storage spoofing attempts, according to Ronald Backers. And that doesn’t even exist, incidentally. Another car analogy (“everyone understands those”): “Imagine someone’s offering a Mercedes Z30. You and I know there’s no such thing, but someone who isn’t knowledgeable about BMW or Mercedes models is an easy target – blinded by the prospect of a really good bargain.”

“Another example: Ferrari produces around 300 cars per month – by hand. So if someone is suddenly offering 3,000 vehicles in one go, something’s very fishy indeed. Of course, we are traders: it’s not the first time we meet someone who thinks they have the golden goose. But there are enough warning signs that should have you wary at the very least. And on top of that, they do everything in barrels, while over here, we use tonnes or cubic metres.” Or, to stick to car analogies: “When someone offers a brand-new Ferrari for 50,000 euro, you can be sure something strange is going on…”

NIET-PLUIS GEVOEL

,,Weet je wat het óók is met storage spoofing,” zegt onze bron: ,,de rol van hebzucht. Als het ‘too good to be true is’, dan is dat waarschijnlijk ook zo.” Hetzelfde zien we met pogingen om je via phishing of CEO-fraude op te lichten. Je kent dat wel: het lijkt allemaal te kloppen, maar toch voelt er iets raar. Te beginnen met de bijzondere prijsstelling van de aangeboden deal.

Check daarom altijd de zogenaamde ‘red flags’: een vreemd e-mailadres van de afzender, een overdreven (positieve) boodschap, veel taalfouten of rare vertalingen, een merkwaardige URL onder een linkje of een afwijkende, onpersoonlijke aanhef. En onthoud: te mooi om waar te zijn is vaak te mooi om waar te zijn.

,,We hadden vorige week iemand die precies dat gevoel volgde.” Het ging om een aanbod van de brandstof JP54, hetzelfde product dat Backers herhaaldelijk bij pogingen van storage spoofing voorbij ziet komen. Een product wat sowieso niet bestaat. Opnieuw een auto-analogie (,,dat begrijpt iedereen”): ,,Stel je voor dat er iemand een Mercedes Z30 aanbiedt. Jij en ik weten dat dat geen bestaand model is, maar wie geen verstand heeft van BMW’s of Mercedessen kan zich zomaar laten oplichten, verblind door een aantrekkelijke deal.”

,,Een ander voorbeeld: Ferrari maakt zo’n 300 auto’s per maand, met de hand. Als er dan ineens ergens 3.000 modellen aangeboden worden, is er iets goed mis. Wij zijn natuurlijk traders, die vaker mensen krijgen die het gouden ei denken te hebben. Maar er zijn genoeg signalen waardoor er een belletje zou moeten rinkelen. En dan doen ze ook nog alles in barrels, terwijl wij hier gewoon in tonnen of kubieke meters werken.“ Of, om in de analogie met auto’s te blijven: ,,als er een gloednieuwe Ferrari voor 50.000 euro aangeboden wordt, dan is er iets aan de hand.”

STAY AWARE

Share this post