Fraudsters £350k Spoof University Emails

Uploaded on 2018-07-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Action Fraud is issuing a warning as reports show that fraudsters are registering domain names to look like they belong to UK university email addresses.  UK and European supply companies are being defrauded out of vast sums of money as a result of this. 

Fraudsters imitating one university’s address lead to a total victim loss of over £350,000.

How the fraud works
This type of fraud, known as European distribution fraud, happens when a company from overseas (usually from Europe) delivers products to the UK, but isn’t paid for the goods or the cost of shipping.
 
Fraudsters are registering domains that are similar to genuine university domains such as xxxxacu-uk.org, xxxxuk-ac.org and xxxacu.co.uk. These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name. 
 
Suppliers will receive an email claiming to be from a university, requesting a quotation for goods on extended payment terms. Once the quotation has been provided, a purchase order is emailed to the supplier that is similar to a real university purchase order. 
 
The purchase order typically instructs delivery to an address, which may or may not be affiliated with the university. The items are then received by the criminals before being moved on, however no payment is received by the supplier.
 Director of Action Fraud, Pauline Smith, said:
 
 “This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar.
 
 “We know that there is a lack of reporting by affected companies and without this vital intelligence, a true picture of EDF cannot be reflected. “If you or your business has been a victim, report it to Action Fraud.”
 
Protect your business against European distribution fraud 
 
• Ensure that you verify and corroborate all order requests from new customers. Use telephone numbers or email addresses found on the retailer’s website but do not use the details given on the suspicious email for verification purposes.
• If the order request is from a new contact at an organisation that’s an existing customer, verify the request through an established contact to make sure it is legitimate. 
• Check any documents for poor spelling and grammar, this is often a sign that fraudsters are at work.
• Every Report Matters – if you have been a victim of fraud or cyber-crime, report it to Action Fraud online or by calling 0300 123 2040.
 
Action Fraud
 
 
« Mitigating IoT Cyber Risks: Training Is The First Step
What A ‘Cyber 9/11’ Would Look Like »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Opengear

Opengear

Opengear designs, manufactures and delivers the most feature-rich, cost-effective, flexible solutions for secure remote infrastructure management. Wit

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.