The FBI has issued a warning to US companies about a new type of fraud in which criminals use email impersonation to place orders for goods from vendors.
Using tactics similar to business email compromise (BEC), the criminals are able to acquire products such as construction materials, agricultural supplies, computer technology hardware, and solar energy products.
The fraudsters use spoofed emails to initiate bulk purchases, with the emails often using the names of real employees of the companies they impersonate. The FBI has advised vendors to check the source of an email before agreeing to a transaction, and to verify the buyer’s contact information through reliable sources such as a company’s website or social media channels.
BEC attacks are a common form of cybercrime in which criminals trick their victims into diverting funds to the fraudster’s account, with losses from such attacks reaching almost $2.4 billion in the US alone in 2021. This new type of fraud is similar in that it also involves impersonating a company in order to deceive vendors into fulfilling purchase orders.
However, in this case, the aim is to obtain goods rather than money.
While the technical skills required to spoof an email address are relatively low, the criminals involved in this scheme appear to be knowledgeable in business payments and skilled at hiding their activities.
They have been known to use fake references and counterfeit W-9 forms to apply for credit, which allows them to start additional purchase orders without having to pay in advance.
This can delay the discovery of the fraud and make it more difficult to trace the criminals involved.
The FBI’s warning highlights the importance of verifying the source of an email before agreeing to a transaction, particularly when it comes to bulk purchases.
By taking steps to verify the buyer’s contact information, vendors can help to protect themselves from falling victim to this type of fraud.
It is also a reminder that cybercriminals are constantly evolving their tactics, and that businesses must remain vigilant in order to protect themselves from the ever-changing threat landscape.
