Scammers Impersonate Digi-Key to Defraud Buyers
Urgent Notice – Digi-Key Wire Fraud
Digi-Key Corporation aka Digi-Key Electronics aka Digi-Key Sales Corporation’s name, logo and likeness are being used in a wire fraud scheme to defraud component buyers.
A victim/buyer receives an unsolicited email from an individual purporting to be a customer service representative of Digi-Key advising the buyer they will be their new point of contact, or Digi-Key representative, for future sales with Digi-Key Corporation.
Emails from the imposter invite the victim to send requirements for quotation under the guise Digi-Key’s online store is not updated in real time and that for faster service, the buyer is encouraged to communicate directly with their new Digi-Key representative.
After numerous email communications and product quotes, the imposter sets the hook. The buyer places an order for parts with wire transfer in advance payment terms. Payment is made as required; the parts are not delivered; the imposter vanishes.
On September 30, 2021, a buyer received an unsolicited email from, what appeared to be, a sales representative from Digi-Key Electronics offering various Texas Instruments parts for sale (see file titled “Initial Fraudulent Digi-Key Email”). The buyer had no need for the TI parts but the introductory email prompted an ongoing dialogue that resulted in numerous additional product quotations from the imposter (see files titled “Fraudulent Digi-Key Email 2” and “Fraudulent Digi-Key Email 3”). Please note: on several occasions the imposter “no quoted” the buyer’s requirements citing stock was allocated or had recently been sold. The imposter was clever and patient in their intent on building a rapport with the buyer to gain his trust.
On October 5, 2021, the buyer placed a purchase order with the imposter for 1,000 pieces of ST Microelectronics part number STM32F437VIT6 totaling $16,500.00.
October 7, 2021, the buyer placed a second purchase order for 1,350 pieces of NXP part number MK24FN1M0VLL12 totaling $42,795.00.
In response to the purchase orders, the buyer received an invoice bearing the Digi-Key trademarked logo along with accurate contact information and credentials belonging to the well-known authorized distributor (see file titled “Fraudulent Digi-Key Invoice”).
On October 8, 2021, payment for both orders totaling $59,325.00, was wired as instructed (see file titled “Wire Instructions”) to the following bank account:
Bank Name: Metropolitan Commercial Bank
Account Number: 8799014960
Beneficiary Name: Digi-Key Electronics
On October 14, 2021, the buyer reached out to their local Digi-Key office directly and discovered they had been defrauded. The bank account does not belong to Digi-Key and the invoice was fraudulent.
Upon receiving the victim’s payment, the imposter ceased all communication.
ERAI reached out to Metropolitan Commercial Bank to report this incident. We were advised all Metropolitan bank accounts beginning with “8799” belong to Payoneer, Inc. and that Metropolitan Commercial Bank could not assist in this matter.
The buyer believed they were issuing payment to one institution, only to realize later, payment was made to a third party.
Payoneer provides ecommerce payments, online money transfer services, and business to business escrow services. The company was founded in 2005 in Israel and is now headquartered in New York, NY. Payoneer is commonly used to provide payments to international contractors and freelance individuals in countries all over the world. Payoneer’s business model is similar to Paypal but with a wider international reach and is more focused on business-to-business and business-to-individual payments rather than individual-to-individual and individual-to-business payments like PayPal.
In July of this year, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement with Payoneer Inc. Payoneer agreed to remit $1,400,301.40 to settle its potential civil liability for 2,260 apparent violations of multiple sanctions programs. Payoneer processed payments for parties located in the Crimea region of Ukraine, Iran, Sudan, and Syria, and processed payments on behalf of sanctioned persons on OFAC’s List of Specially Designated Nationals and Blocked Persons (“SDN List”) (see file titled “OFAC Enters Into $1,400,301.40 Settlement with Payoneer Inc.”).
ERAI’s attempts to reach Payoneer to address this matter have been futile.
1. Assume all unsolicited emails are fraudulent!
2. Verify the identity of the company and individual you are communicating with by contacting the company via their authentic URL (e.g. www.digikey.com).
3. Speak with a supplier representative by phone by dialing only the phone number identified on the verified corporate website prior to making wire transfer payments to confirm the order and to confirm the wire transfer instructions.
If you have received an unsolicited email from an alleged Digi-Key representative or have been the victim of fraud, please contact email@example.com.
SEE MORE BLOG ENTRIES