The FBI warns of an increase in highly realistic purchase orders used to defraud corporate suppliers

http://www.fbi.gov/news/stories/2014/october/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims/cyber-crime-purchase-order-scam-leaves-a-trail-of-victims

QUOTE: What began as a scheme to defraud office supply stores has evolved into more ambitious crimes that have cost retailers around the country millions of dollars—and the Nigerian cyber criminals behind the fraud have also turned at-home Internet users into unsuspecting accomplices.

FBI investigators are calling it purchase order fraud, and the perpetrators are extremely skillful. Through online and telephone social engineering techniques, the fraudsters trick retailers into believing they are from legitimate businesses and academic institutions and want to order merchandise. The retailers believe they are filling requests for established customers, but the goods end up being shipped elsewhere—often to the unsuspecting at-home Internet users, who are then duped into re-shipping the merchandise to Nigeria.

They order large quantities of items such as laptops and hard drives,” said Special Agent Joanne Altenburg, who has been investigating the cyber criminals since 2012 out of our Washington Field Office. “They have also ordered expensive and very specialized equipment, such as centrifuges and other medical and pharmaceutical items.”

 

Indicators of Fraud – Businesses can avoid becoming victims of purchase order fraud by being aware of several fraud indicators:

Incorrect domain names on websites, e-mails, and purchase orders. The scammers use nearly identical domain names of legitimate organizations, but in the case of a university, for example, if the URL does not end in .edu, it is likely fraudulent.

The shipping address on a purchase order is not the same as the business location. Likewise, if the delivery address is a residence or self-storage facility, it should raise red flags.

Poorly written e-mail correspondence that contains grammatical errors, suggesting that the message was not written by a fluent English speaker.

Phone numbers not associated with the company or university, and numbers that are not answered by a live person.

– Orders for unusually large quantities of merchandise, with a request to ship priority or overnight.