When it comes to online B2B purchasing, there are black-and-white trustworthy vendor websites, and then there are infinite shades of gray. Deceptive websites are rampant today, increasingly targeting professional, industrial and commercial users. Procurement professionals in industrial manufacturing are of specific interest to scammers hoping to exploit the high dollar, high volume and semi- to fully automated purchasing attributes found in this sector.
To us, protecting against such risks falls under the domain of supplier performance management, which describes the overall body of work practices and tools needed to properly qualify, vet, manage and analyze manufacturing suppliers.
In this article, we pull out the portions of supplier performance management that concern spotting deceitful online industrial suppliers and discuss how buyers can protect themselves when sourcing online.
Spotting Shady Tactics in International Procurement
Let’s begin by shining a light on the four main categories of dodgy supplier actions in play today:
- Unscrupulous tactics: Shady sales tactics have existed for as long as humans have been bartering goods and services. While not themselves illegal, unscrupulous tactics can certainly be unbecoming, onerous and unethical. For example, an online storefront may add unnecessary fees to purchases, require artificially high minimum order volumes or sneak in cost exclusions in the fine print.
- Deceptive tactics: Deceptive website design (or dark patterns) is a category of design tactics that intend to coerce users into unintended actions, typically to extract sensitive information. This type of tactic is not usually illegal itself, but the subsequent use of this information does often broach into illegal territory. For example, a website may ask for extensive personal identification to sign up for an account, and may later use that information to steal a user’s identity.
- Malicious tactics: Outright malicious attacks are rampant in commercial settings, as the potential payoffs are significantly higher when exploiting businesses than with individual consumers. Malicious websites can be completely illegitimate, representing suppliers and goods that do not exist. The actions of these sites are predominantly illegal, existing solely to extract corporate, proprietary and competitive information from unsuspecting users for financial gain. Such sites tend to accompany multiple angles including phishing, smishing, ransomware and other digital attacks.
- Misrepresentative tactics: Misrepresentative tactics are a relatively newer and more nuanced form of illegal online bait-and-switch. Websites and sellers may present themselves as legitimate suppliers, but in reality, are individuals or groups independent of and unassociated with the organizations they are claiming to represent. These nefarious third parties interject themselves into a transaction between a buyer and a legitimate supplier, skimming money off the top of the sale, swapping in counterfeit or sub-par goods or outright hijacking orders from the legitimate supplier.
Evaluating Offshore Suppliers’ Websites
As an industrial buyer, you may search online for new suppliers and manufacturers frequently, trying to identify potential new vendors in order to keep your sourcing options open and pricing competitive. You might also be on the receiving end of constant new sales offers via email, phone, direct mail or by referral. By and large, some of the websites and conversations you come across are going to be illegitimate. You should take the stance of healthy skepticism until you can prove which suppliers are trustworthy.
While your organization may provide general online security training against web attacks and phishing emails, what more might you need to know in order to tell the difference between legitimate and shady industrial supplier tactics? Here are key considerations to keep in mind when it comes to supplier performance management:
- Name consistency: Websites and emails can very easily be spun up displaying names of legitimate companies and their staff, but we must remember that these are just letters on a screen and are not themselves evidence of trustworthiness. One key giveaway is if a company or person’s name is close to – but not exactly – the authentic supplier’s name. For example, receiving an email from Duwai Forging Company when the actual legal entity is named Duwai Forging Corporation.
- Website completeness: Fake websites tend to be incomplete, missing key items that any legitimate company would usually include such as terms of service, site map or webmaster contact information. Misrepresentative websites might be largely complete using copied information from the real company’s site but will overly emphasize informal contact methods such as WhatsApp or text. Malicious websites are usually less complete and emphasize downloads of some sort to deliver an exploit.
- URL appearance: Users should always scrutinize a website’s URL, as this can be a dead giveaway that a site is not what it appears. Fake URLs are typically delivered via email or web ads. Be sure to check these names against direct web search results or a known contact’s email domain. Minor differences such as between “www.xian1mfg.com” and ” www.xian1manufacturing.com” may be hard to spot. Completely random addresses such as “www.ax1220aaa.com” and addresses with uncommon extensions such as “www.xian1mfg.biz”, are easier to spot. All should be verified before clicking.
- Domain history: Further to the above point, web domains are very easy to set up for bogus activity. Users can utilize the Who.is domain history lookup tool to check a domain’s ownership and registration information before visiting a suspicious site. One key detail to check using this tool is the age and original registration date of the domain. If the domain was created the week before advertisement emails started showing up in your inbox, it’s likely to be a scam.
- Site certification/security: Legitimate domains often pay for site security certification to build trust in their visitors. Illicit websites do not often go to this extent, but it is becoming increasingly common in B2B website scams. Users should always check for safe browsing indicators such as the padlock symbol by the URL, a green highlight from add-on URL trust tools or the check box next to the certificate symbol. Further, users can check that certificates were issued in the name of the expected company.
- Generic buyer reviews: You may have heard of issues in the 2010s of Amazon becoming flooded with paid, inauthentic product reviews, used tactically by sellers to boost the public image of their stores and products. This tactic has spilled over into industrial buying, with many marketplace sites in particular displaying fake positive reviews meant to entice buyers into illegitimate transactions. Users can often spot fake reviews when they occur in a short time frame (even on the same day), have very similar repetitive comments or are posted by users with no other activity on the platform than posting reviews.
- Consumer payment methods: Websites and sellers claiming to represent major offshore manufacturers are often opportunistic individuals without sophisticated back-office or payment management systems. As such, these bad actors can sometimes fake the appearance of legitimacy all the way up until payment is due, at which time they’ll request payment via PayPal, Venmo, Cash App, consumer bank transfers or ACH transfers to private foreign bank accounts. In proper supplier performance management, buyers must verify account ownership and transaction methods before sending money, or even better, push for insurable payment methods to verified recipients.
- Procurement sequence: At the end of the day, buyers should never ignore their gut feeling. In addition to all the above suggestions, if something in a new transaction doesn’t feel right, buyers must keep their guard up. One of the most common indicators of deceitful sales activity is when the seller deviates from standard procurement steps. When sellers break patterns in a suspicious way such as asking for early downpayment or disregarding sample product deliveries, eyebrows should be raised and activity halted until legitimacy can be verified.
Questions About Supplier Performance Management?
Identifying trustworthy and suitable manufacturing suppliers can be difficult without the help of an expert. If you have questions about supplier performance management, contact us. We’re eager to help.
