SMEs warned over email scam

email scams, email scam, invoice scam
Login into account in email envelope and fishing hook. Phishing scam, hacker attack and web security concept. online scam and steal. vector illustration in flat design

The Australian Cyber Security Centre (ACSC) has warned small to medium-sized businesses supplying IT and electrical products of a social engineered email scam requesting quotes on goods.

A number of Australian businesses have been forced to close since the scam began due to the losses they have sustained. The amounts lost average between $30K and $100K with the largest to date being $170K. To date, the cyber criminals have yielded more than $700,000 through what has been termed freight forwarding scams.

These scammers spoof domains, emails and signature blocks of legitimate Executives of universities or large Australian enterprises. For example, they use lendleases.com.au instead of lendlease.com.au. Using the assumed identity, the scammers approach SMEs requesting quotes and delivery of IT including hard drives and laptops or technical goods such as defibrillators, environmental/gas/electrical monitoring equipment and even cosmetics. If the victim responds to the quote, the scammers attempt to gain credit by either delaying payment through excuses, or requesting payment on the invoice on 30 or 14 days credit.

Here’s an example email scam:

Hello sales
Good Morning. I am XXXXXXXX, the University of Sydney chief procurement officer. On behalf of the University I request the quote of the following item(s).
HP Elitebook 840 G3 14″ Intel i7 8GB 512GB SSSD Touch Win 10 Pro (V6D70PA) SKU: V6D70PA
BenQ mh534 Eco-Friendly 1080p Business Projector SKU: 13BQMH534
DJI Phantom 4 PRO+ 4K UHD Drone SKU: DJI-PHNTM-4-PRO-PLUS
DJI Inspire 2 Drone (Single Remote) SKU: 3495036
Please present your quote with your company letter head .
The University term is NET 30 with Purchase order (PO).
Billing address;
Finance Service Center
Level 4, Margaret Telfer Building (K07)
The University of Sydney NSW 2006
Australia

XXXXXXXXXXX| Chief Procurement Officer
Director, Procurement & Finance Service Center
Procurement Services | Finance | Operations Portfolio
EASE – VALUE – RELEVANCE
THE UNIVERSITY OF SYDNEY
Room 210, Services Building G12 | The University of Sydney | NSW | 2006

The victim organisation is then directed to send the goods to an Australian freight forwarding company and handed to another scammer who manages the delivery phase. The name on the delivery contact is almost always different to the original scammer.

The scammers then attempt to scam the freight company by providing payment through stolen credit cards or on credit. They request shipment to a number of different locations overseas, such as Dagenham, UK, Deira, Dubai, Kuala Lumpur, Malaysia and Singapore. Once dispatched, there is little chance of recovery.

How to protect yourself

There are a number of ways organisations can protect themselves from becoming victim to this Business Email Compromise freight scam:

  • Ensure due diligence on new customers – don’t trust cold callers
  • Always check the domain
  • Contact the company by phone and confirm the order and the contact are genuine
  • Check the Purchase Order carefully; there are often obvious mistakes
  • Validate the customer before providing any credit
  • Confirm that the delivery address is a genuine address for that company.

What to do if you have been compromised

Affected organisations are urged to go to ReportCyber and report it. Visit ACSC’s Stay Smart Online website and sign up for the alert service about new threats.