Fraudsters £350k Spoof University Emails

Uploaded on 2018-07-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Action Fraud is issuing a warning as reports show that fraudsters are registering domain names to look like they belong to UK university email addresses.  UK and European supply companies are being defrauded out of vast sums of money as a result of this. 

Fraudsters imitating one university’s address lead to a total victim loss of over £350,000.

How the fraud works
This type of fraud, known as European distribution fraud, happens when a company from overseas (usually from Europe) delivers products to the UK, but isn’t paid for the goods or the cost of shipping.
 
Fraudsters are registering domains that are similar to genuine university domains such as xxxxacu-uk.org, xxxxuk-ac.org and xxxacu.co.uk. These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name. 
 
Suppliers will receive an email claiming to be from a university, requesting a quotation for goods on extended payment terms. Once the quotation has been provided, a purchase order is emailed to the supplier that is similar to a real university purchase order. 
 
The purchase order typically instructs delivery to an address, which may or may not be affiliated with the university. The items are then received by the criminals before being moved on, however no payment is received by the supplier.
 Director of Action Fraud, Pauline Smith, said:
 
 “This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar.
 
 “We know that there is a lack of reporting by affected companies and without this vital intelligence, a true picture of EDF cannot be reflected. “If you or your business has been a victim, report it to Action Fraud.”
 
Protect your business against European distribution fraud 
 
• Ensure that you verify and corroborate all order requests from new customers. Use telephone numbers or email addresses found on the retailer’s website but do not use the details given on the suspicious email for verification purposes.
• If the order request is from a new contact at an organisation that’s an existing customer, verify the request through an established contact to make sure it is legitimate. 
• Check any documents for poor spelling and grammar, this is often a sign that fraudsters are at work.
• Every Report Matters – if you have been a victim of fraud or cyber-crime, report it to Action Fraud online or by calling 0300 123 2040.
 
Action Fraud
 
 
« Mitigating IoT Cyber Risks: Training Is The First Step
What A ‘Cyber 9/11’ Would Look Like »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

PSW Group

PSW Group

PSW Group is a full-service Internet solutions provider with a special focus on Internet security.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Cloud Native Computing Foundation (CNCF)

Cloud Native Computing Foundation (CNCF)

CNCF seeks to drive adoption of cloud native technologies by fostering and sustaining an ecosystem of open source, vendor-neutral projects.