Fraudsters spoof university email addresses in six figure supply fraud

Scammers' Spoofing University Addresses To Perpetrate A Fraud

European distribution fraud usually involves a company overseas that delivers a product to the UK but is not paid the price of goods or the shipping. The scammers send emails to the intended victim, which appear to be from university scholars or officials. 

They hack affiliated individuals' personal email addresses or accounts and gain access to their inboxes. They register domains comparable to institutions like uk.org, .edu, ac.org or co. UK, and contacts suppliers to send requests to buy high-value goods like medical equipment or IT goods in the university's name. 

Some academies have multiple individuals targeted by such emails, sent by spoofed profiles where the vendor thought they were getting messages from reputable sources.

How Does It Happen?

The supplier gets an email that claims it is from a university, and they are requested to send a quotation to ensure the payment terms. Once the quotation is accepted, they are emailed a purchase order from the institution's mail address that asks them to send the goods to the given location. 

Often, the address of the requested email is not affiliated with the university, and the goods are received by scammers who do not make any payments for the goods.

Some scholars even get an invitation to speak at certain events at the online conferences held by the institutions. Those who join compromised websites are presented with a legitimate webinar control panel. The user is then asked to log in to the account through their pre-filled email address.  

How To Protect Yourself?

• Universities have certain rules regarding the size and placement of appliances. The businesses that sell supplies should verify the mail and check the requests for orders from a new customer. Then, call the customer directly using the numbers on the website.

• Businesses should be able to spot the emails sent by the university as bogus to avoid a loss. Therefore, it is necessary to conduct checks like verifying the order with the other party by calling them and checking the document they sent in detail for spelling or unusual grammatical errors.

• Sometimes, they send such messages for intelligence gathering or long-term medical research theft. Check the agreement/contract documents carefully. 

• If you get an order request from a new contact other than an existing one, verify the request through an established contact.

• If you suspect a fraud, report the matter to the local regulatory agency.