A PSA delivered from our CEO about some pesty scammers along with information about how to identify them.

Hyperedge- . IoT, Embedded Systems, Artificial Intelligence,

Favorited Favorite 0

Last year we danced in court with a Patent Troll and they eventually backed off. This year SparkFun is a victim of Identity Theft. Yes – a company can also get its identity stolen. Let me explain.

There is a website www.sparkfunn.com that was privately registered on January 8th and updated on January 10th, 2022. Notice the extra n in funn. Cute right? It reminds me of when I tell people my name is spelled with two n’s, not one. Close but that’s not my name or SparkFun’s.

With the domain sparkfunn.com officially registered, these scammers are sending emails using this domain with actual names of SparkFun employees to get other companies to ship them product. The email address is a digital sleight of hand to get in the door, but the actual PO attached to their email is pretty brazen.

Here is an actual PO from one of our partners that notified us.

alt text

Our Logo. Our BIlling Address. Not our shipping address.

The vulnerability the scammers are exploiting is the fact that so much business is still done via PO (purchase order). While SparkFun requires all its customers to place orders online using authenticated accounts and encrypted transactions, a huge number of SparkFun suppliers (people we buy our raw parts from) still prefer to get orders placed via email. One of our suppliers received the above PO for Fluke multimeters and diligently put the order into their system, complete with the incorrect (not SparkFun) shipping address. Because we have “Net30 terms” with this vendor (SparkFun doesn’t have to pay for the parts until 30 days after the order is received), the supplier shipped the order before payment was required. Once the supplier shipped the first order, the scammers realized they had an easy target and placed additional orders until the supplier caught on. Unfortunately, once an order ship it can become very difficult to get any of that inventory back. To be clear, SparkFun didn’t have to pay for these parts, we were just the most believable company to emulate.

Why Fluke multimeters? While suppliers like SparkFun, Digi-Key and others sell a huge number of products, scammers know it’s far easier to sell an expensive but stolen DMM than it is to sell an esoteric low cost part. Don’t steal a reel of 0.1uF caps; steal something like a DMM that can be sold to far more people.

How to fix the problem? It’s pretty obvious: Stop accepting emailed purchase orders. Of course it’s easy to say, unfortunately the electronic supply industry is huge and archaic. Change is hard. But just like it was once hard to imagine buying airline tickets, shoes, TVs, or even cars online, industries change to meet the customer where they are. Business will move away from emailed POs but it will take time. In the meantime, scams like this will be far too easy to pull off.

Here is what we know about these scammers.

Ship information: 4045 Lakefront Ct, Earth City, MO 63045 attn: Randy Fragner. Not our address or employee.

Ship information: 1705 54th Ave. SW Laneeth, AL 36863 attn: James Larry. Not our address or employee.

Phone number 720-773-8818 is a landline. Aware enough to use a CO area code but not us. Calls are answered by an unidentified automated system asking the caller to leave a message.

International Operation – Spanish-based Firm

So now what? Well this is the most frustrating part…

We have lawyers involved and have spoken to several organizations but unfortunately, this will likely turn into a game of Whack-A-Mole. Here is a copy of the notice that was sent a few months ago. I’m not providing the names and signatures – call me paranoid now.

alt text

As you can see our lawyers threw everything at it. I mean – “The Anticybersquattting Consumer Protection Act of 1999 (ACPA)” is a first for me. And while we can throw every conceivable lawsuit to threaten these awful people, our expectations are low that we’ll even get a response. It’s an International Operation and likely not their first scam in this digital world that they are very good at hiding in.

We’ve reached out to as many partners as we can behind the scenes to inform them on what is going on. But just like the Patent Troll, we would like to expose these people too. Be vigilant out there, especially with emails and don’t hit the link so fast. This was a good one I received this month.

alt text

We know SparkFun is not alone in dealing with scammers like this, so if you have any suggestions or comments we would love to hear from you!

Read more about this on: Sparkfun Commerce Blog