Vendors Need to Be Vigilant, FBI Says

Vendors Need to Be Vigilant, FBI Says
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="1"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->
The Federal Bureau of Investigation on March 24 sent out a special bulletin warning companies of criminals spoofing US-based companies who make large vendor purchases. This type of attack, Business Email Compromise (BEC), happens when you or someone within your organization received an e-mail that is spoofing either your company, or a company that you often deal with.

In these latest cases, the FBI notes that the threat actors "exploits the fact that so many of us rely on email to conduct business -- both personal and professional." They go on to state that "In many BEC scams, criminals send an email message that appears to come from a known source making a legitimate request."

Businesses that deal with the following are being told to be vigilant:

    Construction Materials
    Agricultural Supplies
    Solar Energy Products
    Computer Technology Hardware

According to the FBI, vendors may receive an invoice from a familiar company and name, which shows a granted credit repayment of Net-30 or Net-60 terms. Threat actors have also been known to provide fraudulent W-9 forms.

"Victimized vendors ultimately discover the fraud after attempts to collect payment are unsuccessful," the bulletin states. Of course, once the vendors reach out to the companies they are trying to collect from, they will learn the orders did not come from them.

The FBI stresses that businesses should always verify large purchases by contacting the buyer through their provided means.