Fr overseas buyers, a scheme using phony purchase orders for high-priced items via net has been increasingly popular.
In a significant development, threat researchers at Proofpoint have uncovered an intricate RFQ (Request for Quote) scam that targets businesses with high-value electronics, medical devices, and other goods. The scam, which utilises net financing terms, has been disrupted by Proofpoint's Takedown Team who deactivated 19 malicious domains associated with the fraud.
The scam typically begins with a seemingly routine RFQ email, often sent from lookalike domains or free email accounts like gmail or hotmail. Actors involved in the scam either abandoned conversations or quickly switched to new domains to continue their schemes.
The post-approval process of the scam includes expedited shipping requests, partial order deliveries, and the use of fake documents to facilitate the fraud. Organizations should be wary of shipping to residential addresses or freight forwarding companies, as shipping addresses are often withheld until approval, with attackers coordinating with mules or freight forwarders, many of which specialize in shipments to West African nations like Nigeria and Ghana.
The scammers, posing as legitimate procurement agents from real companies, use stolen or publicly available data, including employer identification numbers (EINs) and DUNS numbers, to support fraudulent financing applications. Mismatched sender domains or suspicious domain names are indicative of potential scams, while the use of free email services like gmail or hotmail to pose as established companies is a red flag.
If the target agrees to the terms, the scammers provide supporting business documentation to speed up the credit approval. Organizations can reduce risk by staying alert to urgent requests for net financing from unfamiliar senders.
Proofpoint intercepted fraudulent packages through coordination with US shipping companies like fedex tracking. The scam targets businesses with high-value goods, with messages listing specialized, high-demand items such as Fluke brand testing devices, surveillance equipment, medical instruments, business-critical hardware like Wi-Fi routers and hard drives.
Proofpoint will continue to monitor these threats and collaborate with partners to identify, block, and neutralize malicious operations tied to RFQ scams. However, the mastermind behind the RFQ fraud scandal, uncovered through network financing conditions, is not publicly disclosed or identified.
Stay vigilant and be cautious of unsolicited RFQ emails, especially those requesting net financing. By following these precautions, businesses can protect themselves from falling victim to such scams.
