Anatomy of a Scam Investigation: Chapter One

Fun

[Wondering what's going on here? Check out the Chapter Index on this series.]

I mentioned yesterday that my firm received what I believe to be a fraudulent pseudo-invoice for services not rendered. It appeared to be a variation on the classic toner scam, discussed here.

For some reason, this one seriously pisses me off. Maybe its because the fraud is so blatant. Maybe it's because the weasel-worded disclaimer designed to give them a defense to fraud claims is so perfunctory and lame. Maybe it's because after I sent an email to the scammer's lawyer, the scammer himself called me and tried to run a con on me. Like I'm a fucking rube.

So. I've decided to dedicate some time and money to investigating this scam and the people and companies responsible for it. I've also decided to write about the investigation, and use it as an opportunity to discuss con man culture and how anyone with an internet connection, a few bucks, and some time can investigate an attempted scam — or, preferably, conduct due diligence on a suspected scammer before they can even try to con you.

I'm going to discuss using Google, using PACER (which allows access to federal court records), using state court records, and taking effective action against scammers.

So.

Every story has starting point. This story starts with my firm's office manager sending an email asking if anyone knew of work performed by UST Development, Inc. of Ontario, California. She indicated we had no record of services rendered by them, and our outside IT firm had not heard of them. I asked her to send me the invoice. She complied, sending me a pdf. Here it is:

I was suspicious immediately. It was a while before I noticed the semi-coherent and inconsistent disclaimer: "Thank you for your business. This is not a statement for services rendered but for preventative maintenance." What does that even mean? Does it mean it is not a statement for "services", but is a statement for "maintenance"?

When in doubt, I go to Google. I Googled "UST Development, Inc." — with the quotation marks, which helps exclude useless returns — and hit immediate paydirt: a report on Scam Informer. Though the primary complaint was about wages, the comments included people complaining that UST Development, Inc. had billed them for services not rendered — for $175, the same amount mentioned on our invoice:

I just recieved an invoice for $175.00 with 800-818-9777 and www.ustdevelopment.com on it. I have no idea who this company is and what this invoice is for. I found t his posting and thought I'd share this infomation.

11 days ago by KTM 525

Ditto That, I just received the same Invoice Dated 8/01/2011 $175.00 for "Telecom Maintance/Service call." Bet they are sending this out to every company and hoping the A/P Dept doesn't check with IT to see if it's Legit.
6 days ago by Desk

I received the same invoice with a 30 day past due. I have had no contact with this company whatsoever.
I will call them and if they can't give me an explanation my next call will be to the state attorney's general office.

I noted that the complaints appeared in a short period of time, which is characteristic of fraud schemes — fraudsters tend to spam their victims and then change schemes and disappear within a few months after the complaints pile up.

More about that first report on Scam Informer later: it's where I first encountered the names David Bell and Brandon Bell, which will figure prominently later in this investigation.

At this point I was satisfied that I was dealing with a scam, and told my office manager not to pay the invoice and to keep a watch for anything similar or any communications from the company.

In our next chapters, we'll talk about pursuing UST Development, Inc., and pursuing David Bell and Brandon Bell through records of, for instance, bankruptcy proceedings. The main point: with a few bucks and a few minutes, you can track down an astounding amount of information about people trying to cheat you.

But first, let me anticipate the scammers' defense and the devil's-advocate arguments I may draw: how can it be fraudulent if the invoice says right on it "Thank you for your business. This is not a statement for services rendered but for preventative maintenance"?

Simple: fraud law doesn't work like that.

Whether a communication is fraudulent — for the purposes of criminal law, torts, or consumer protection law — depends upon communications as a whole. Scammers cannot insulate themselves with fine print, hidden disclosures, or contradictory disclaimers when the entire solicitation is intended to defraud and is misleading to a reasonable person. Now I go all lawyery on your ass: See, e.g., Federal Trade Commission v. Cyberspace.com LLC, 453 F.3d 1196 (9th Cir. 2006) (apparent "refund check" that, if cashed, signed up recipient for monthly fee was deceptive even if back had disclaimer that would have informed customers if pointed out to them).

Here are the reasons why the UST Development, Inc. "invoice", taken as a whole, is fraudulent:

1. It's made to look exactly like an invoice for services rendered.

2. UST Development will argue that it's only a solicitation for business, but nothing on the invoices advertises or describes the type of services UST Development offers, or why a consumer should choose them, making it appear even more like an invoice rather than a solicitation. (See Cyberspace.com, supra (“[t]he receipt of a check, the perusal of which would reveal no obvious mention of an offer for services, no product information, and no indication that a contract is in the offing, coupled with an invoice that has no advertising or solicitation purpose, creates an overall impression that the check resolves some small, out-standing debt.") What honest and competent advertiser would try to solicit business with a document that describes the services offered only as "preventative maintenance," without offering any indication whatsoever of what type of maintenance is involved or why the recipient should choose this particular business to provide it?

3. Contrary to the argument that the invoice is merely soliciting business, it shows amounts "due" on past dates, an assigns those amounts fictitious invoice numbers. It also refers to the charges as a "balance", and places the total in a box for "1-30 days past due" rather than "current." If it's a solicitation for future business, why are those dates in the past? And why does it break it into two items for two dates? All of this is designed to create the impression that it is an invoice for services rendered in the past, and is intended to create that impression.

4. The cheesy "disclaimer" itself is incoherent and internally inconsistent. If it's a solicitation, why does the disclaimer thank the recipient for business that the recipient hasn't given yet? It says it's not a statement for services rendered, but "for preventative maintenance" — what does that mean? How does it explain that it's only a solicitation?

5. Finally, if this is truly intended only as a solicitation — if the "solicitation" angle is not merely a dishonest dodge, a planned defense to fraud allegations — then there will be proof. Somewhere, some companies have probably fallen for this and sent UST Development, Inc. checks based on these invoices. If UST Development, Inc. is honest — and not engaged in mail fraud — then it's responded to those checks by contacting those companies to schedule the preventative maintenance they've paid for, right? How about it, UST Development, Inc.? If the FBI served a search warrant on your business, would they find evidence of you providing those services, or trying to do so, to companies that sent you checks?

[Edited to add] 6. It doesn't satisfy federal law governing solicitations made to appear like invoices. See, e.g., 39 U.S.C. section 3001:

(d) Matter otherwise legally acceptable in the mails which—
(1) is in the form of, and reasonably could be interpreted or construed as, a bill, invoice, or statement of account due; but
(2) constitutes, in fact, a solicitation for the order by the addressee of goods or services, or both;
is nonmailable matter, shall not be carried or delivered by mail, and shall be disposed of as the Postal Service directs, unless such matter bears on its face, in conspicuous and legible type in contrast by typography, layout, or color with other printing on its face, in accordance with regulations which the Postal Service shall prescribe—
(A) the following notice: “This is a solicitation for the order of goods or services, or both, and not a bill, invoice, or statement of account due. You are under no obligation to make any payments on account of this offer unless you accept this offer.”; or
(B) in lieu thereof, a notice to the same effect in words which the Postal Service may prescribe.

No. It's clearly fraud. It's not a close call. If I were still a fed, I would feel perfectly confident taking this to trial based just on what we know so far — and I would win.

But this isn't all that we know. Oh, no. Not by far.

Tune in for the next chapter, when we use Google, PACER, and other resources available to everybody in order to corroborate our fraud case, and to find out the background of the people involved. It's rare to find a first-time fraudster — and believe me, ladies and gentlemen, we have not here. In further chapters, I'll discuss the alphabet soup of federal, state, local, and private agencies that I'm going to bring to the party.

See you soon. Remember: scammers are scum.

Edit: Chapter Two is up. So is Chapter Three. So is Chapter Four. And now Chapter Five.

    Edited to add: Cynthia Bell, wife of David Bell, or a person pretending to be her, sent me an email that contained, in part, the following response about the fraud analysis above:

    "This mailing was nothing more than a marketing tool to rebuild a business after a devastating loss. There were no threats of being sent to collection, no run around. If the client calls the office, they get a human being who explains the benefit of purchasing the service agreement and if they decide they do not want it, they are permanently removed from the database. If they paid the invoice, they received a welcome letter outlining the service agreement and what was included with their payment. There is no fraud here. Every single person who pays the invoice will receive the service they are paying for."

I find this completely unconvincing, for the reasons already enumerated above, and for reasons shown in the next chapters of this discussion.

Additional update: please read this important note.

Last 5 posts by Ken White

43 Comments

35 Comments

  1. Al  •  Sep 10, 2011 @5:01 pm

    Oh man, this makes me pine for the heyday of the MMF Hall of Humiliation.

  2. Bethany  •  Sep 10, 2011 @5:11 pm

    I am so excited to see how this turns out! My office just got a similar invoice from a company nobody's heard of with an answering machine on their phone line…. If I can get some alphabet soup on them before I leave forever for maternity leave, it would make me very happy.

  3. Ken  •  Sep 10, 2011 @5:29 pm

    Bethany, feel free to send me a pdf (ken at popehat dot com) if you want me to do some digging.

  4. Doug  •  Sep 10, 2011 @6:24 pm

    thank you

  5. Kresh  •  Sep 10, 2011 @6:42 pm

    Had similar invoices come through every so often while I was AP manager for my former company. The office used to have a good time laughing at them.

  6. Mark Bennett  •  Sep 10, 2011 @6:52 pm

    It's Branden Bell, not Brandon. Branden Tomeric Bell.

  7. shotgunner  •  Sep 10, 2011 @9:42 pm

    good on your office manager/AR person. Saved you some bux and provided you with a fun piece to work on!

  8. G Thompson  •  Sep 10, 2011 @10:32 pm

    I Love a good Spammer/Scammer hunt *gets out elephant gun* ;)

    For your info the CALI License board has some interesting info, and the hunt begins at the source

  9. Ken  •  Sep 10, 2011 @10:57 pm

    G. Thompson, you're reading ahead. We're still in Chapter One.

  10. Mike  •  Sep 10, 2011 @11:09 pm

    Any chance I'll be able to turn the series into a how to manual, now that I am located in an international tax haven?

    Kidding of course.

    When I had my little company it was depressing to learn of all the ways people would try to scam us for a few dollars. The endorsement of a check as signing a contract, that one really pissed me off.

  11. d-day  •  Sep 10, 2011 @11:14 pm

    /getting popcorn

  12. Fnord  •  Sep 10, 2011 @11:29 pm

    Oh, this is going to be good. I can hardly wait for chapter 2.

  13. perlhaqr  •  Sep 11, 2011 @6:49 am

    Hunh.

    I wonder if this would apply to the various domain registrar companies who send out "renewal notices" to customers of other registrars, which, when you pay the bill, do at least really renew your domain registration, but also transfer your account from your previous registrar to the new registrar, and typically charge you 3 to 4 times what you were paying before.

  14. McNugget  •  Sep 11, 2011 @10:41 am

    I ,literally, cackled with glee when I read this. I cannot wait to hear the rest. However, question- Do you think they are capable of finding this site based on the info they may have or find on you? If so would them reading the posts destroy the future fun and potentially help them to know what you're doing so they can plan ahead? Or have they already bulldozed themselves into a hole so enormous that you could give them a detailed outline on your plans for them and there's still no way they could squirm away?

    Anyway, happy hunting!

  15. Chris Berez  •  Sep 11, 2011 @11:14 am

    Excellent post. I'm looking forward to reading further chapters. I hope you destroy these bastards (or at least serve as a prime factor in their destruction).

  16. Shylock Holmes  •  Sep 11, 2011 @1:04 pm

    You know, for all the supposed street-smarts that con-men are meant to have, you might have thought it would occur to them that it's probably a poor idea to send your fraudulent notices to law firms, especially those with former prosecutors as partners.

  17. b  •  Sep 11, 2011 @4:31 pm

    Shylock, it's about numbers, as with any phishing or other email scam. They send this to a broad swathe of people and are still virtually guaranteed that only a tiny minority will even Google the company name, much less engage in further investigation or file any sort of complaint.

    And I agree: scammers are scum. Or, in this case, thanks to Ken, they're also chum.

  18. G Thompson  •  Sep 11, 2011 @9:22 pm

    Ken replied in a moment of clarity: G. Thompson, you’re reading ahead. We’re still in Chapter One.

    Oops, sorry.. I plead temporary incapax since whenever scammers are involved I get all psychicpsycho.

  19. Shylock Holmes  •  Sep 12, 2011 @1:38 am

    @b, I guess that's right – they must need to send such large numbers of letters in order to generate a return that it's not feasible to check who they're sending it to. Either that, or they're actually dumbasses. Probably a little of column A, a little of column B…

  20. piperTom  •  Sep 12, 2011 @6:53 am

    I note that "ustdevelopment.com" now redirects to "http://www.us-telecom.com/". Don't know if the later is related to the former. Possibly, they are covering up in reaction to Ken. If I was them, I'd be in Argentina by now.

    No, on second thought, I'd be refunding as much as possible, pleading guilty, and apologizing — but that's just me.

  21. joshua  •  Sep 17, 2011 @8:08 pm

    BTW another useful thing to google for is the phone number on the document. Lots of idiots reuse numbers with different identities.

  22. ab  •  Sep 18, 2011 @5:43 am

    Visiting from BoingBoing. Thank you sir, excellent series. Bookmarked.

  23. Mark Giles  •  Sep 18, 2011 @3:37 pm

    Excellent first chapter, better than a bodice ripper. I'm on the edge of the cliff awaiting more chapters.

  24. Wizard Gynoid  •  Sep 18, 2011 @4:52 pm

    As a former Corporate Controller I can tell you this is not unusual. There are enough amateur bookkeepers in the world who are so snowed under with the volume of their work that this can easily slip by. Typical scenarios are when a new accountant comes in to clean up the mess of a previous slipshod accounting office. Accurate invoice purchasing and invoice records may not exist. The company is probably being bombarded with overdue statements from angry vendors. It's easy for a statement like this to get paid in that kind of environment.

  25. Wizard Gynoid  •  Sep 18, 2011 @4:58 pm

    @shotgunner This would have more likely been caught by a competent A/P person, not A/R.

  26. Sue  •  Sep 19, 2011 @3:42 pm

    The BK was reopened by ePay last month, I do believe. Ken, send me an email. Sue S.

  27. Sue  •  Sep 19, 2011 @3:43 pm

    Ken – Let me complete that last sentence. Send me an email so I can reply back with a bunch of stuff I have on them. Sue S.

  28. Ken  •  Sep 19, 2011 @4:32 pm

    Please note update in bold at the bottom of the post:

    Edited to add: Cynthia Bell, wife of David Bell, or a person pretending to be her, sent me an email that contained, in part, the following response about the fraud analysis above:

    “This mailing was nothing more than a marketing tool to rebuild a business after a devastating loss. There were no threats of being sent to collection, no run around. If the client calls the office, they get a human being who explains the benefit of purchasing the service agreement and if they decide they do not want it, they are permanently removed from the database. If they paid the invoice, they received a welcome letter outlining the service agreement and what was included with their payment. There is no fraud here. Every single person who pays the invoice will receive the service they are paying for.”

    I find this completely unconvincing, for the reasons already enumerated above, and for reasons shown in the next chapters of this discussion.

  29. Mark Bennett  •  Sep 19, 2011 @4:44 pm

    I'm not saying that Cynthia Bell is a sociopath, but trying to garner sympathy ("to rebuild a business after a devastating loss") when called to account for one's bad acts would be prototypical sociopath behavior.

  30. SPQR  •  Sep 19, 2011 @5:02 pm

    Ken, you remain unconvinced because the invoice speaks for itself … and it speaks of brazen and outright fraud.

    Wouldn't you think that this email confirms Cynthia's involvement in the fraud, BTW?

  31. Ken  •  Sep 19, 2011 @5:04 pm

    @SPQR, it could be interpreted that way. But it's not conclusive. Many a wife has refused to believe her husband is a bad man.

  32. SPQR  •  Sep 19, 2011 @5:10 pm

    Ah, well, we've both got stories that start with that, don't we?

  33. Scott Jacobs  •  Sep 19, 2011 @6:51 pm

    Hell, Ken's entire marriage is predicated upon just such a belief…

  34. Justin  •  Sep 20, 2011 @7:32 am

    Ken,

    A great article. I couldn't help but think about my own long-running experience with a company that calls me at work about once a month with the same tired, overpowered, ridiculous method. I had two incoming calls yesterday and they forgot to 'anonymous' or falsify their number or name. 813-849-0783 – Commercial Lighting Co from Tampa (they have a few similar complaints at 800notes.com) These guys are crooks – every one of them. I've reported them to the state AG, but they've been at this for at least 8 years. Unbelievable.

  35. Givem Hell  •  Sep 20, 2011 @3:05 pm

    One trick you can do is to take that email address and paste it into Facebook and hit "search", this – if associated with FB, will confirm their identity.

8 Trackbacks