A number of Australian businesses have been forced to close since the scam began due to the losses they have sustained. The amounts lost average between $30K and $100K with the largest to date being $170K. To date, the cyber criminals have yielded more than $700,000 through what has been termed freight forwarding scams.
The scammers spoof domains, emails and signature blocks of legitimate Executives of universities or large Australian enterprises. For example, they use lendleases.com.au instead of lendlease.com.au.
Using the assumed identity, the scammers approach SMEs requesting quotes and delivery of IT including hard drives and laptops or technical goods such as defibrillators, environmental/gas/electrical monitoring equipment and even cosmetics. If the victim responds to the quote, the scammers attempt to gain credit by either delaying payment through excuses, or requesting payment on the invoice on 30 or 14 days credit.
Here’s an example email scam:
Good Morning. I am XXXXXXXX, the University of Sydney chief procurement officer. On behalf of the University I request the quote of the following item(s).
HP Elitebook 840 G3 14” Intel i7 8GB 512GB SSSD Touch Win 10 Pro (V6D70PA) SKU: V6D70PA
BenQ mh534 Eco-Friendly 1080p Business Projector SKU: 13BQMH534
DJI Phantom 4 PRO+ 4K UHD Drone SKU: DJI-PHNTM-4-PRO-PLUS
DJI Inspire 2 Drone (Single Remote) SKU: 3495036
Please present your quote with your company letter head .
The University term is NET 30 with Purchase order (PO).
Finance Service Center
Level 4, Margaret Telfer Building (K07)
The University of Sydney NSW 2006
XXXXXXXXXXX| Chief Procurement Officer
Director, Procurement & Finance Service Center
Procurement Services | Finance | Operations Portfolio
EASE – VALUE – RELEVANCE
THE UNIVERSITY OF SYDNEY
Room 210, Services Building G12 | The University of Sydney | NSW | 2006
The victim organisation is then directed to send the goods to an Australian freight forwarding company and handed to another scammer who manages the delivery phase. The name on the delivery contact is almost always different to the original scammer.
The scammers then attempt to scam the freight company, by providing payment through stolen credit cards or on credit. They request shipment to a number of different locations overseas, such as Dagenham, UK, Deira, Dubai, Kuala Lumpur, Malaysia and Singapore.
Once dispatched, there is little chance of recovery.
How to protect yourself
There are a number of ways you can protect yourself and your business from becoming victim to this Business Email Compromise freight scam:
- Ensure due diligence on new customers – don’t trust cold callers
- Always check the domain
- Contact the company by phone and confirm the order and the contact are genuine
- Check the Purchase Order carefully; there are often obvious mistakes
- Validate the customer before providing any credit
- Confirm that the delivery address is a genuine address for that company
What to do if you have been compromised
If affected, go to ReportCyber and report it.
Visit ACSC’s Stay Smart Online website and sign up for the alert service about new threats.
Follow our essential steps to protect your business
Malicious or criminal attacks are deliberately crafted to exploit known vulnerabilities for financial or other gain. Many cyber incidents exploit vulnerabilities involving a human factor, such as unwittingly clicking on a malicious link and disclosing passwords.
If you own or run a business, there are simple steps you can take to protect your information online.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, implementing our recommended Essential Eight makes it much harder for cyber criminals to succeed.