How to make a killer due diligence, part II: Metadata is king

Many people think due diligence requires detective skills or access to special databases. While these qualities certainly help, I want to de-mystify the process of vetting a new partner and show some basic skills and techniques that anyone with an internet access can do in a short time. Therefore PPE Consultants is launching a series of articles over the coming days to teach you how to make a killer due diligence on future partners. However I must emphasize that these techniques only work if they are carried out with the right mindset. The greatest enemy you face is your own wishful thinking that can blind you and make you ignore hard facts. So please, if you implement the techniques I will write about, always try to be as impartial and objective as possible.
In the last post I already wrote about some best practices with Google and Google Maps, but now I would focus on some more refined techniques, especially when it comes to checking the validity of documents.

Metadata

Those of you who are unfamiliar with IT most probably ask: what the hell is metadata? According to wikipedia it is “data that provides information about other data”. In short, it contains information about when a file has been created, who was the creator, if it was modified, or even the timezone of the computer on which it was created. These are crucial informations: since most scammers modify documents, or lie about their whereabouts it is always good to know if you received the original file or something that has already been altered.

Datapoints to look out for

Creator: The identity of the creator of a document is somewhat of a murky information. The metadata cannot tell you exactly if the owner is for instance Mr. Thomas Smith, but it tells you their username on their computer. For many people it is just user or admin, but there are others (especially if the computer is owned by a company) where you find something like TSmith (to stick to the example). While this data is not a solid proof of anything, it can be an additional point to verify the originality of a document.
Time of creation: This is already a more important piece of information. If you get a document that was supposedly created recently, you can verify if this is true.
Timezone of the creating computer: Another important factor. Many scammers lie about their whereabouts, and this is a very useful trick to expose them. Since they are connected to the internet, their computer automatically changes the timezone, and this leaves a mark on the documents they create.
Characterset of the creating computer: A similar thing to the timezone, and only works for certain countries that doesn’t use latin characters (like China for instance). However if you are approached by someone claiming to be from the US, but their default characterset is chinese, this can already raise questions.
Dates of modification: If a document has been modified, the time of modification will be present on the document. However be vary, because digital signatures also count as modification.

How to extract this information

That depends on the file we are talking about. For PDFs and images you can use any Adobe product, or you can try online tools like Metadata2Go. However to extract metadata from e-mails is somewhat more complicated. In general you need the original header of the e-mail (note that this doesn’t work if it has been forwarded). For popular email services like Gmail this is fairly easy, however if you use something you are unfamiliar with, try to ask someone with a background in IT.

Case study

To demonstrate the importance of metadata in filtering out scams, let me give you two case studies that happened to me in the last year.

Case #1

Our parent company was approached by an offer for a very big quantity of flu vaccines from a broker. We received an officially looking Full Corporate Offer however when looking at the metadata I found clear evidence of it being altered. We called the company that was present on the letterhead, and guess what? The CEO didn’t even knew who the person was who sent us this document and confirmed that this document is a forgery. (Good that we catched them early, because they demanded a 50% upfront payment…)

Case #2

A few weeks ago a friend of mine came to me boasting that he recently made contact with a company that has very good connections to several factories and has allocations with them. I asked for some brief introduction in the company, and received a PDF file with the details of their offer. It seemed very good and convincing but something felt off. So I started to extract metadata out of the documents and it turned out that the timezones, the author and even the characterset were different than what we have expected. This already sparked some suspicion in my friend and he decided to dig deeper… and you can guess the results.

Backsides

While metadata is crucial to check the originality of documents it is not an ultimate evidence in itself. Even if the metadata of a document is flawless, you have to conduct additional due diligence on your partners. It simply doesn’t replace additional verification methods like checking financial status and ownership. The reason why I’m saying this is because metadata can be erased or altered. Most scammers are not so advanced and smart to do these extra steps, however with some basic level IT knowledge anyone can forge a document where the metadata is corresponding with the content. Several companies even erase these valuable pieces of information as a normal business practice. So, when it comes to tracing originality of documents via metadata always keep two things in mind:

1) Metadata is an extra layer of security but not the main defense line against scams. It can signal if something is fishy but if your only evidence about the genuinity of a partner is a document that seems legitimate, you have to conduct additional due diligence.

2) It has to be treated with caution. Several companies alter their documents as normal business practice. For example, when they only want to change the date on a document and don’t want to make a new one from scratch. If you see a modification it doesn’t automatically mean that they try to scam you. Nevertheless, it is always worth to check it, especially when it comes to emails. An anomaly in the metadata can save your time and money – as you have seen in the case studies.

Conclusion

Extracting and interpreting metadata requires practice and some basic level IT knowledge. However it is worth to get a hang of it. Most scammers usually don’t bother to modify these tiny datapoints in their fraudulent documents, so it is a very effective weapon to use against them. However there are still more tricks how you can verify your future partners, so stay with us: in the coming article we’ll show 5 very easy but effective techniques to make due diligence.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.