The team is joined by Guest Kats Rosie Burbidge, Stephen Jones, Mathilde Parvis, and Eibhlin Vardy, and by InternKats Verónica Rodríguez Arguijo, Hayleigh Bosher, Tian Lu and Cecilia Sbrolli.

Tuesday, 9 December 2014

Pay it again scam

This morning's Tuesday Tiddlywinks post included an example of a renewal scam letter of the kind which savvy applicants and their advisors are all too aware, but which are targeted at smaller and less experienced applicants who may only have one or a few IP rights.

The letter, purporting to come from OHIM, and carrying a pretty authentic-looking logo, prompted Andrew Johnson, Formalities Director with Marks & Clerk LLP, to send the IPKat a patent equivalent, purporting to come from the European Patent Organization (yes, the American spelling), which again bears a logo very similar to the real organisation's "fingerprint" trademark. The two examples are shown below.

XKCD "Ten Thousand" by Randall Munroe
The IBAN codes identify that payments are being made into an account at Raiffeisenbank D.D Bosnia/Hercegovina in Sarajevo, and the IPKat hopes that someone there takes action to stop the flow of money to the scammer. He wonders if perhaps OHIM and the EPO might consider taking action themselves to combat the usurping of their names and logos, albeit with minor variations.

The IPKat knows that many readers are wearily familiar with this practice, but as the XKCD cartoon illustrates, each piece of information that supposedly "everyone knows" is entirely fresh news to a great many people every day.

The advice, as ever is the same: if you receive correspondence seeking the direct payment of money to an IP organisation, and if you aren't wholly au fait with making payments of that kind to that exact recipient, run it past an attorney who does this every day.


Roufousse T. Fairfly said...

This particular installment of the age-old fake invoice scam is particularly brazen in that it doesn't even make a plausible attempt at creating a close-but-not-quite-identical identity, or include defensive small print.

You are calling for OHIM and the EPO to take action. But what could these, or the marks, attempt concretely, besides "increasing awareness"?

By the time any action would/could/will be taken, all but the daftest perps will have closed shop and moved on since a long time.

The problem isn't limited to the IP sector, even though this field is attractive as very fresh address lists are easy to come by, and the "fees" you can potentially rake-in are fairly high, thus providing an interesting yield.

As a kid I would open and sort the mail for my father's business after finishing my homework. I came across a "past-due" fake invoice for listing in a telex pseudo-directory. That was a lesson. Indeed, there is a first time for everyone.

These days, even fake tax assessments or bills for funeral services are being sent out. These seems to be no limit in the scammers' imagination.

The solution lies upstream, and would require a political will that doesn't exist. (Think of e-mail spam...)

How did we ever end up with the hideous IBAN system?

With all those digits, why can't it be used to establish the identity and/or reputation of the payee?

In the field of cryptography, applicant credentials are already verified for issuing SSL cryptographic/signing certificates, and the system relies on a chain-of-trust model.

Couldn't a similar concept be developed for bank transfers? Or would the potential for social engineering, and the reluctance of the middlemen to take on any potential liability, still be too great?

I wouldn't place too much hope in the bank to sort out this particular case. The general reputation of the Raiffeisen bank group is slightly less than sterling.

Anonymous said...

The EPO has today posted a link to the October OJ page giving many examples of these scams:

Roufousse T. Fairfly said...

I have a question: did your correspondents keep the envelopes in which the letters came in?

If they carried Austrian (EPO - the letter gives the address in Vienna), or Spanish (OHIM) stamps, this would suggest a well planned coup with possible accomplices. The postmark could provide a useful lead in the investigation.

A return address isn't visible on the "OHIM" letter's window area. (The address on the "EPO" letter was blanked out, but I suspect that its design is similar). If a real OHIM/EPO return address was on the envelope, then I would expect more than a few letters to turn up at Alicante or Vienna as returned mail. This could also be useful.

The 8-day delay for payment suggests a hit-and-run type of operation, which would be run roughly as follows:

- Software for generating the "invoices" is developed (I note the use of colour).

- the arrangements for printing the letters and filling the envelopes are made.

- a bank account is opened, probably using forged credentials.

- The up-to-date database of targets is obtained from some electronic official gazette, and a promising subset of targets selected. It would be based on criteria such as geographical selection (An applicant based in Europe would have better banking facilities), size of applicant (I wouldn't try this on IBM or Siemens), type of transaction (an international application entering the European phase would seem a good target, as the mark may not have that much experience with the EPO).

- D-Day: The operation is launched: the letters are printed, the envelopes stuffed, and the lot is carried abroad for mailing (for both credibility and speed). I would backdate the letters a bit to generate more pressure at the receiving end: "Oh my goodness! This letter is already a week old, and the deadline is upon us".

- Cash withdrawals are made from the account as often as possible as the money pours in. You would have to show up at the bank counter (and raise suspicions), as the amounts involved are larger than the usual daily ATM limits. Or you could transfer electronically the money from a master account to satellite ones, and milk the latter individually. You could also forward the money abroad, but again there is usually a daily limit involved. Frequent transactions at the branch would suggest an accomplice behind the counter.

If the the cost of generating and mailing one letter is of the order of 1 Euro, and the take 2000 Euros, then break-even is reached if more than one mark in 2000 bites the bait. I suspect that the actual odds are much better.

I do see one problem: the destination bank account is outside SEPA, which should ring alarm bells at the accounting department. Transfers outside the European economic area normally incur fees and require opening a different menu in an online-banking user interface.

These transfers also aren't subject to the EU transfer delay rules -- we're talking of several days instead of the Euro-zone overnight standard

Could the Raiffeisen be faster than their competitors? They are present in both western Europe and the Balkan. You could gain so much more if only you could shave off a couple of days before running away.

So, roughly speaking, your risk exposure is probably limited to less than two weeks, from the moment the letters arrive to the time cash is withdrawn from the account. (And that's assuming all authorities act promptly and efficiently, something that is already difficult enough even WITHIN the EU).

Roufousse T. Fairfly said...

The OJ announcement isn't specific to this particular scam, it is only a generic warning that has been put out for years by just about every patent office.

Roufousse T. Fairfly said...

I was looking in more detail the IBAN on both documents.

Both numbers identify the same branch.

But the account numbers differ slightly:

1215001 for the "EPO" invoice
1215003 for the "OHIM" one.

The last two digits are check numbers.

The "1" and "3" suffixes could simply be sub-accounts of a master account. Then, the relatively small size of the leading part ("1215" or even "12150") would suggest that there aren't that many customers, and that the branch manager might be expected to have some inkling on the nature of the business of his customers.

Entering the full IBAN in a search engine yields a third case in the Netherlands. This letter is dated 11.11 instead 17.11, and the distance between both "invoice" serial numbers (I'm running out of scare quotes) is 592061-590662=1399, if that means anything. This could be a suggestion of the scale of the operation. Stuffing several mailboxes with thousands of letters would definitively require accomplices, and franking+posting them from a post office would probably leave some traces behind.

Anonymous said...

A trade mark client of mine got one purporting to come from WIPO, complete with WIPO-like logo. The address given was a number in the chemin des Colombettes that, according to Google Maps, doesn't actually exist!

Anonymous said...

Wait a minute... Has anyone seen that Roufousse T.Fairly has posted a comment of only 1 sentence? What happened?

Anonymous said...

> Has anyone seen that Roufousse T.Fairly has posted a comment of only 1 sentence? What happened?

Must be a computer crash or a keyboard failure. Probably, we'll receive a few pages report later.

Roufousse T. Fairfly said...

I promise to learn to draft my nonsense in the style of French court decisions, with a series of clauses beginning with "ATTENDU QUE ...", "CONSIDÉRANT QUE ..." separated by semicolons, and terminated by a single, lonely, period on the very last page.

I've been rare lately, the scam letters keep my mind off the cr*p going on at the EPO currently. Both glad and sad not to be there anymore.

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':