The Federal Bureau of Investigation on March 24 sent out a special bulletin warning companies of criminals spoofing US-based companies who make large vendor purchases. This type of attack, Business Email Compromise (BEC), happens when you or someone within your organization received an e-mail that is spoofing either your company, or a company that you often deal with.
In these latest cases, the FBI notes that the threat actors "exploits the fact that so many of us rely on email to conduct business -- both personal and professional." They go on to state that "In many BEC scams, criminals send an email message that appears to come from a known source making a legitimate request."
Businesses that deal with the following are being told to be vigilant:
-
Construction Materials
-
Agricultural Supplies
-
Solar Energy Products
-
Computer Technology Hardware
According to the FBI, vendors may receive an invoice from a familiar company and name, which shows a granted credit repayment of Net-30 or Net-60 terms. Threat actors have also been known to provide fraudulent W-9 forms.
"Victimized vendors ultimately discover the fraud after attempts to collect payment are unsuccessful," the bulletin states. Of course, once the vendors reach out to the companies they are trying to collect from, they will learn the orders did not come from them.
The FBI stresses that businesses should always verify large purchases by contacting the buyer through their provided means.