A new procurement scam has netted at least $1.5 million from Australian companies in New South Wales over the past few weeks, according to 10 daily. The scammers are posing as representatives of Australian universities looking to buy expensive products, such as electrical and medical equipment.
They tell the targeted company to deliver the equipment to a warehouse, but they never end up paying for it. The victim only realizes that they haven’t been dealing with a university when they don’t receive payment.
NSW police said the fraud was “elaborate,” with one of the victim companies losing $500,000. The scam is also thought to have affected many more businesses across the country who haven’t reported that they fell for it. Detective Superintendent Linda Howlett told 10 daily that companies who are approached with an offer should contact universities directly using a separate mode of communication.
“We urge businesses to make independent inquiries with the University procurement section to check the legitimacy of the transaction,” Howlett said. “When making further inquiries, go directly to the University website and seek legitimate contact details rather than using the numbers listed in the email.”
Organizations often assume they won’t fall victim to such a fraud, but it’s worth keeping in mind how many victims there are. 10 daily notes that more than 5,800 companies in Australia lost at least $7.2 million to business email compromise scams alone last year. With such high payoffs, attackers are willing to put in the effort to make the scams extremely convincing, and there often won’t be any obvious warning signs until it’s too late. This latest procurement scam was convincing enough to pull in a million-and-a-half dollars.
New-school security awareness training can teach your employees how to prevent these social engineering scams by routinely taking steps to verify the authenticity of requests, even if they look legitimate on the surface.