The Australian Cyber Security Centre (ACSC) is warning small to medium sized businesses supplying IT and electrical products of a social engineered email scam requesting quotes on goods.

A number of Australian businesses have been forced to close since the scam began due to the losses they have sustained. The amounts lost average between $A30K and $A100K with the largest to date being $A170K. To date, the cyber criminals have yielded more than $A700,000 through what has been termed freight forwarding scams.

The scammers spoof domains, emails and signature blocks of legitimate Executives of universities or large Australian enterprises. For example, they use lendleases.com.au instead of lendlease.com.au.

Using the assumed identity, the scammers approach SMEs requesting quotes and delivery of IT including hard drives and laptops or technical goods such as defibrillators, environmental/gas/electrical monitoring equipment and even cosmetics. If the victim responds to the quote, the scammers attempt to gain credit by either delaying payment through excuses, or requesting payment on the invoice on 30 or 14 days credit.

Here’s an example email scam:

Hello sales

Good Morning. I am XXXXXXXX, the University of Sydney chief procurement officer. On behalf of the University I request the quote of the following item(s).

HP Elitebook 840 G3 14” Intel i7 8GB 512GB SSSD Touch Win 10 Pro (V6D70PA) SKU: V6D70PA

BenQ mh534 Eco-Friendly 1080p Business Projector SKU: 13BQMH534

DJI Phantom 4 PRO+ 4K UHD Drone SKU: DJI-PHNTM-4-PRO-PLUS

DJI Inspire 2 Drone (Single Remote) SKU: 3495036

Please present your quote with your company letter head .

The University term is NET 30 with Purchase order (PO).

Billing address;

Finance Service Center

Level 4, Margaret Telfer Building (K07)

The University of Sydney NSW 2006

Australia

XXXXXXXXXXX| Chief Procurement Officer

Director, Procurement & Finance Service Center

Procurement Services | Finance | Operations Portfolio

EASE – VALUE – RELEVANCE 

THE UNIVERSITY OF SYDNEY

Room 210, Services Building G12 | The University of Sydney | NSW | 2006

The victim organisation is then directed to send the goods to an Australian freight forwarding company and handed to another scammer who manages the delivery phase. The name on the delivery contact is almost always different to the original scammer.

The scammers then attempt to scam the freight company, by providing payment through stolen credit cards or on credit. They request shipment to a number of different locations overseas, such as Dagenham, UK, Deira, Dubai, Kuala Lumpur, Malaysia and Singapore.

Once dispatched, there is little chance of recovery.

How to protect yourself

There are a number of ways you can protect yourself and your business from becoming victim to this Business Email Compromise freight scam:

• Ensure due diligence on new customers – don’t trust cold callers
• Always check the domain
• Contact the company by phone and confirm the order and the contact are genuine
• Check the Purchase Order carefully; there are often obvious mistakes
• Validate the customer before providing any credit
• Confirm that the delivery address is a genuine address for that company.

What to do if you have been compromised

If affected, go to ReportCyber and report it. Visit ACSC’s Stay Smart Online website and sign up for the alert service about new threats.