FBI: Criminal group melds scams to defraud retailers

Criminals targeting retailers of everything from laptops and routers to pharmaceuticals, safety and medical equipment

140904 FBI

The FBI and Internet Crime Complaint Center (IC3) today issued a warning about a criminal group using e-mail account spoofing, phishing and a variety of social engineering attacks to defraud retailers of everything from laptops and routers to industrial equipment.

The FBI says the scheme usually begins with scamsters posing as school officials approaching retailers with a plan to buy large amounts of merchandise.

+More on Network World: FBI warns businesses “Man-in-the-E-Mail” scam escalating+

The FBI advisory describes how the scam works:

Step 1: A subject, posing as a school official, contacts a retailer’s customer service call center by telephone or e-mail. Using social engineering tactics, the subject attempts to gather additional information about the purchasing account. The subject typically terminates the phone call or e-mail session once sufficient information is gathered to place an order. Subjects also obtain account information from the school’s public website, if available.

Step 2: The subject makes a second contact with the target vendor, again representing himself as a school official and providing the account information obtained from step one. Billing to the school’s line of credit, the subject makes large purchases (such as laptops, routers, hard drives, printer toner, printer ink, medical supplies, and industrial equipment) with some orders totaling more than $200,000.

Step 3: During the purchase, the subject provides the customer service representative with a U.S. shipping address, typically belonging to a victim of a “romance scam” or “work from home” fraud scheme. A subject contacts the online scam victim and directs the individual to re-ship the office supplies to an address in West Africa, typically Nigeria, the United Kingdom, or to a U.S.-based storage or warehouse facility. To facilitate the re-shipment, the individual receives a shipping label prior to receiving the merchandise.

The FBI added that in another variation of the scheme, the subject provides the true shipping address of the school he is purporting to represent. The subject then contacts the school, posing as an employee of the vendor, claiming that the products were shipped to the school in error. The school, believing it is returning the products to their rightful owner, reships the items to a domestic address provided by the subject. Recruited individuals in the U.S. then re-ship the products overseas, the agency stated.

+More on Network World: John Dillinger, Bonnie and Clyde escape the shredder as FBI finishes vast digital fingerprint/ID project+

E-mail Account Spoofing Techniques are used by subjects to place orders by establishing false school e-mail accounts, which appear similar to legitimate school e-mail addresses but lack the .edu extension. Below are variations of spoof email addresses:

  • purchasing@ucdavised.us
  • purchasingdept@unlav-edu.org
  • purchase@uchicagoed.us

Once the fraud is discovered, the retailer absorbs the financial losses without recourse to the school.

Check out these other hot stories:

DARPA bolsters blueprint to build robotic services for satellites

Smart Grid: From cybersecurity to networking challenges US Dept. of Energy takes a snapshot of electric utilities

Witness the future: The 1955 Video Phone

John Dillinger, Bonnie and Clyde escape the shredder as FBI finishes vast digital fingerprint/ID project

US Navy goes all Iron Man for industrial duty

Death notice: In Delaware your social media accounts now go to your heirs

DARPA looks to build James Bond-like armored super vehicle



Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022