The information published in this column was provided by the Healthcare Distribution Alliance Pharmaceutical Cargo Security Coalition
There are three types of phishing scams making the rounds within the pharmacy and pharmaceutical industries, according to Healthcare Distribution Alliance (HDA) Pharmaceutical Cargo Security Coalition (PCSC). Below are brief summaries of the three types of phishing schemes to be aware of:
- Product recall fraud (pharmacy/manufacturer): Scammers call a pharmacy distributor first, posing as an employee of a legitimate manufacturer. During the call, the scammers indicate that there has been a product recall and that the pharmacy needs to send the alleged “affected” product back. To make the scheme seem more realistic or legitimate, the scammers then follow up with what looks to be a legitimate product recall request in the form of a letter. The contents of the letter again identify the product that is supposedly being recalled, with instructions to re-package the product and have it ready for pickup. The scammers then arrange for an unwitting mule or other courier (such as FedEx or UPS) to pick up the product. The letter indicates that the recalled product will be replaced with proper product, which never actually happens.
- Pharmacy/wholesaler fraud: In this scheme, scammers first pose as a legitimate pharmacy to place an order from the wholesaler. When the wholesaler sends the product to the pharmacy, the scammer contacts the pharmacy, posing as the wholesaler, to say they have shipped the product to the pharmacy in error and ask for the wholesaler to box the shipment back up and a courier (again, an unwitting mule or other courier like FedEx or UPS) will come and pick it up.
- Bank account/payment fraud: The scammers pose as a legitimate wholesaler and, through a business email compromise, contact the pharmacy to indicate that the terms of payment for product orders have changed and that there is a new account routing number to be used when a payment is made for an order. The “new account” is actually the scammers’ account and not where the payment should be made.
To avoid becoming victim to one of these phishing schemes, pharmacies should ask themselves the following questions:
- Does anything appear to be out of the norm from how business has traditionally been done between partners;
- Does a request seem rushed, unusually elevated, or does not make sense; or
- Does something just not feel right?
Example of Recent Fraud Case
A recent pharmacy fraud attempt was discovered that is consistent with the phishing scams summarized above. In this particular case, a pharmacy distributor had been contacted by a woman who used the name “Marianne.” She stated she was calling from a pharmacy in Arkansas, which is actually a legitimate customer of the distributor. The caller ID on the distributor’s phone displayed the correct telephone number for that legitimate customer. “Marianne,” when asked, had the pharmacy customer’s account number – exactly as it should have been – as well as the correct address location. This was followed by a fairly innocent conversation; and an order was eventually placed.
After the order had been placed, the pharmacy in question then received a call from what would appear to be the legitimate distributor. Again, the caller ID shown on the pharmacy phone matched the distributor’s number exactly. The pharmacy was told that the shipment needed to be returned and provided information about a courier that would come to pick it up. The courier (in this case an unwitting FedEx contractor) ends up taking the parcel to a postal shipping store. Just prior to the arrival of the parcel(s), the postal shipping store gets a call that the “ship to” address needs to be changed. Again, the caller ID on the phone at the shipping store displays the number/name of the legitimate pharmacy distributor. In this particular case, the parcel was going to be re-routed to an address in Pennsylvania. That process, however, was able to be stopped.
Please note, there are some signs that encompass the usual operation of these fraudulent actors, including the example case summarized above. In many of these instances:
- the subjects who call are female. The most common names used are “Marianne” and “Heather”
- the caller can cause the correct pharmacy telephone number to appear on the caller ID, when calling a distributor
- the caller can cause the correct distributor telephone to appear on caller ID, when calling a pharmacy
- the caller will be familiar with the addresses of both locations – and freely offer that information up as confirmation they are legitimate
- the suspect will know the correct pharmacy account number when speaking with the distributor – and vice versa
- the caller will not have a specific item number, but will offer some type of a National Drug Code number
- when questioned about prior order history, the caller will politely indicate that they cannot recall or are a new representative
- when the caller is asked to place the eventual order online, that caller will request the person to whom they are speaking to manually enter the order instead – to avoid the traditional process the suspect caller is not familiar with
- the time from the order being placed to when the order would be picked up by courier is usually quite rapid, rarely more than 24 hours
- the caller indicates that she is the one who will arrange for the courier, and that there is no need for the person who has been called to do that
- the courier(s) is an unwitting participant
There are federal authorities from both the FDA and the Federal Bureau of Investigation that are working these types of cases. Anyone who has experienced one of these scams may contact PCSC staff at 401/623-1344 to be put in contact with the investigating agents.