The Australian Cyber Security Centre (ACSC) has warned that multiple Australian IT suppliers have permanently closed their doors after falling victim to procurement scams, CRN reports. These scams involve attackers spoofing emails and domains to pose as real employees of universities or corporations. And it doesn't only happen down under, this is a worldwide problem.
The criminals send fraudulent requests for computer equipment to small and medium-sized Australian IT businesses, and ask to purchase the items with 30-day payment terms. The victim company agrees, and sends the products to a delivery company in Australia.
Next, these fraudsters either try to pay the delivery company with stolen credit cards, or they attempt to ship the products again with payment terms. The hardware is then shipped overseas, at which point it’s usually lost for good. The victim companies don’t realize they’ve been duped until it’s too late.
According to the ACSC, companies in Australia are losing an average of between $30,000 and $100,000 to freight forwarding email scams, with one incident costing a business $170,000. These scams center around theft of physical property rather than direct money transfers, and they often involve fooling multiple people.
The fact that both the IT suppliers and the delivery companies are scammed in the same operation shows that the criminals possess solid social engineering skills and a good grasp of business processes. And it also answers the question, how do you monetize a stolen credit card?
Organizations need to educate their employees and implement proper policies to prevent this type of fraud from taking place. New-school security awareness training can make your employees mindful of social engineering tactics so that they’ll be primed to recognize red flags.
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This updated manual provides a thorough overview of how executives and high-risk employees are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: