Cyber criminals using fake business domains
Last week Action Fraud, the UK’s national fraud & cyber reporting centre issued a warning about a recent scam where cyber criminals were using spoofed email addresses of UK universities to order high value IT equipment and pharmaceutical chemicals.
With this type of attack increasing and fraudsters impersonating one particular university netting over £350,000 worth of goods, Director of Action Fraud – Pauline Smith states, “This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar.”
Whilst we at Frontline have not been defrauded, we have received a number of emails over the past few months that follow this pattern appearing to be from various well-known UK universities looking to place orders for IT equipment. With awareness sometimes the best defense against these types of attacks, this blog takes a look at what to look out for.
What are fraudsters actually doing?
Cyber criminals are registering domains that closely mirror those of existing universities such as xxxac-uk.org, xxxacu.co.uk and xxxuk-ac.org. Following this, they send through an email requesting a quote for IT equipment or pharmaceutical chemicals usually with a short deadline for response in place. Typically they will use the details of a legitimate employee along with an address associated with the university.
Once they receive the quote a purchase order is sent through that would look similar to that of the university. It is at this stage that either the address is changed on the PO or an alternative delivery address is requested that is not associated with the university.
The goods are then sent to this new address and as you have probably guessed, no payment is ever received.
What can you do?
It can be all too easy to get caught up in the act of a sale but sometimes if things seem too good to be true, they usually are. Here are some tips that could prevent you from becoming the next victim:
- New customer – if you have not done business with the organisation before, make sure you have checks in place i.e. address details matched registered address, credit agreements, etc.
- Contact details – often a legitimate employees contact name is used however the phone number supplied will either be invalid or not associated with the actual end customer. Check the company’s website for a phone number and call asking for the supposed contact.
- Internet Search – put the email address into a search engine and see what comes up. Usually if the email has been linked with fraud in the past, these will be the first few hits.
- Delivery address – be wary of any last minute delivery address changes.
- Education – spread awareness of these types of scams across your employees so that they are more alert and can spot potential fraudulent emails.
As you can see from this type of attack, it is a fairly low tech approach that looks to exploit human error rather than a technological hack. Awareness, policies and education can go a long way in ensuring that your business minimises its cyber security risk. Take a look at one of our previous blogs ‘Are your staff actually the problem when it comes to cyber security?’, that discusses the focus cyber criminals are taking on the individual rather than the IT system.
If you have any questions about this blog or cyber security in general, then get in contact with a member of the Frontline team today.