Skip to content
PPE Consultants
  • Home
  • Procurement
    • Procurement
    • Portfolio
  • Consultancy
    • Quality Assurance
    • Investigating scams
  • About us
  • Contact
  • Blog
Posted indue diligence

How to make a killer due diligence, part II: Metadata is king

Posted by By Chris 25. May 2021No Comments

Many people think due diligence requires detective skills or access to special databases. While these qualities certainly help, I want to de-mystify the process of vetting a new partner and show some basic skills and techniques that anyone with an internet access can do in a short time. Therefore PPE Consultants is launching a series of articles over the coming days to teach you how to make a killer due diligence on future partners. However I must emphasize that these techniques only work if they are carried out with the right mindset. The greatest enemy you face is your own wishful thinking that can blind you and make you ignore hard facts. So please, if you implement the techniques I will write about, always try to be as impartial and objective as possible.
In the last post I already wrote about some best practices with Google and Google Maps, but now I would focus on some more refined techniques, especially when it comes to checking the validity of documents.

Metadata

Those of you who are unfamiliar with IT most probably ask: what the hell is metadata? According to wikipedia it is “data that provides information about other data”. In short, it contains information about when a file has been created, who was the creator, if it was modified, or even the timezone of the computer on which it was created. These are crucial informations: since most scammers modify documents, or lie about their whereabouts it is always good to know if you received the original file or something that has already been altered.

Datapoints to look out for

  • Creator: The identity of the creator of a document is somewhat of a murky information. The metadata cannot tell you exactly if the owner is for instance Mr. Thomas Smith, but it tells you their username on their computer. For many people it is just user or admin, but there are others (especially if the computer is owned by a company) where you find something like TSmith (to stick to the example). While this data is not a solid proof of anything, it can be an additional point to verify the originality of a document.
  • Time of creation: This is already a more important piece of information. If you get a document that was supposedly created recently, you can verify if this is true.
  • Timezone of the creating computer: Another important factor. Many scammers lie about their whereabouts, and this is a very useful trick to expose them. Since they are connected to the internet, their computer automatically changes the timezone, and this leaves a mark on the documents they create.
  • Characterset of the creating computer: A similar thing to the timezone, and only works for certain countries that doesn’t use latin characters (like China for instance). However if you are approached by someone claiming to be from the US, but their default characterset is chinese, this can already raise questions.
  • Dates of modification: If a document has been modified, the time of modification will be present on the document. However be vary, because digital signatures also count as modification.

How to extract this information

That depends on the file we are talking about. For PDFs and images you can use any Adobe product, or you can try online tools like Metadata2Go. However to extract metadata from e-mails is somewhat more complicated. In general you need the original header of the e-mail (note that this doesn’t work if it has been forwarded). For popular email services like Gmail this is fairly easy, however if you use something you are unfamiliar with, try to ask someone with a background in IT.

Case study

To demonstrate the importance of metadata in filtering out scams, let me give you two case studies that happened to me in the last year.

Case #1

Our parent company was approached by an offer for a very big quantity of flu vaccines from a broker. We received an officially looking Full Corporate Offer however when looking at the metadata I found clear evidence of it being altered. We called the company that was present on the letterhead, and guess what? The CEO didn’t even knew who the person was who sent us this document and confirmed that this document is a forgery. (Good that we catched them early, because they demanded a 50% upfront payment…)

Case #2

A few weeks ago a friend of mine came to me boasting that he recently made contact with a company that has very good connections to several factories and has allocations with them. I asked for some brief introduction in the company, and received a PDF file with the details of their offer. It seemed very good and convincing but something felt off. So I started to extract metadata out of the documents and it turned out that the timezones, the author and even the characterset were different than what we have expected. This already sparked some suspicion in my friend and he decided to dig deeper… and you can guess the results.

Backsides

While metadata is crucial to check the originality of documents it is not an ultimate evidence in itself. Even if the metadata of a document is flawless, you have to conduct additional due diligence on your partners. It simply doesn’t replace additional verification methods like checking financial status and ownership. The reason why I’m saying this is because metadata can be erased or altered. Most scammers are not so advanced and smart to do these extra steps, however with some basic level IT knowledge anyone can forge a document where the metadata is corresponding with the content. Several companies even erase these valuable pieces of information as a normal business practice. So, when it comes to tracing originality of documents via metadata always keep two things in mind:

1) Metadata is an extra layer of security but not the main defense line against scams. It can signal if something is fishy but if your only evidence about the genuinity of a partner is a document that seems legitimate, you have to conduct additional due diligence.

2) It has to be treated with caution. Several companies alter their documents as normal business practice. For example, when they only want to change the date on a document and don’t want to make a new one from scratch. If you see a modification it doesn’t automatically mean that they try to scam you. Nevertheless, it is always worth to check it, especially when it comes to emails. An anomaly in the metadata can save your time and money – as you have seen in the case studies.

Conclusion

Extracting and interpreting metadata requires practice and some basic level IT knowledge. However it is worth to get a hang of it. Most scammers usually don’t bother to modify these tiny datapoints in their fraudulent documents, so it is a very effective weapon to use against them. However there are still more tricks how you can verify your future partners, so stay with us: in the coming article we’ll show 5 very easy but effective techniques to make due diligence.

Related

Tags:
docdocxdue diligencegmailmetadatapdf
Last updated on 27. April 2022
Chris
Co-founder of PPE Consultants, head of business development for a company with 30 years of expertise with medical devices, with a passion for educating the general public.
View All Posts

Post navigation

Previous Post
How to make a killer due diligence, part I.: Learn to use Google How to make a killer due diligence, part I.: Learn to use Google
Next Post
How to make a killer due diligence, part III: Additional practices How to make a killer due diligence, part III: Additional practices
Copyright 2022 — PPE Consultants
All rights reserved.
Scroll to Top
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo

IMPORTANT

Please note that PPE Consultants has ceased all activity as of 2022 and we do not plan to get involved in selling, buying or brokering of any COVID-19 related products again (this includes face masks, respirators, gloves, test kits, medication etc.).

However since we know that many of you enjoyed and learned from our contents, we decided not to delete this website. While we restricted access to the majority of this website, our blog along with the contents is freely accessible to anyone interested.

×