It is clear that fraudulent organisations are also active in the IT sector. We speak from experience, because in recent weeks we have also been confronted with fraudulent orders (‘scam orders’) in which mainly components (e.g. memory, SSDs, etc.) and high-end mobile phones are most frequently requested in large numbers.
How do you recognize fraudulent emails?
Below is an anonymous example and some tips.
Feel free to share them, the more vigilant we are in our sector, the more likely it is to avoid these fraud cases.
Be wary of a number of techniques that scammers use:
- They combine email and phone communications to pretend to be real customers.
- They often create fake email accounts that look like they’re from a real customer of yours and then call to complete the order. Or orders are forwarded from a customer’s sales@ or info@ email address.
- Fraudsters often send couriers to physically collect fraudulently purchased goods.
- For larger organisations, business information is often publicly available on the company’s domain, so fraudsters have easy access to it. Easy to generate a very real purchase order that at first sight looks credible as an email from a (potential) customer.
Tips: Best to be doubly attentive at:
- Orders for often large quantities of e.g. components or high end mobile phones.
- Urgent or hasty requests, such as the next day’s shipment or a formulation that encourages you to take action.
- Poor grammar, punctuation, uppercase letters and spelling – see anonymous example.
- Requests for tenders in at least 2 languages.
- Check the company location, shipping and billing address of orders on Google Maps. The handy Street View makes it possible to see exactly where the address is located. When you hear on the phone that they have 35 employees and it’s a small terraced house, maybe something’s wrong? Also be vigilant about accommodation addresses, rental locations (garage boxes) or addresses of freight forwarders.
- Check the URL of the email/website. This can easily be done via sites such as https://who.is/ or http://www.whois.com/ or http://whois.domaintools.com/
For example, if you find an e-mail address that is linked to a foreign IP address or that has been created very recently, it may light up a light.
- Check that everything is correct with Google search engine. e.g. the e-mail address, the requested shipping address and the name of the person/company name.
- Finally, check the phone number on the request for quotation or the order and call the official fixed phone number of the customer and ask for the person mentioned in the e-mail as the contact person.
We hope you find these tips usefull to weapon yourself against attempted fraud. The more vigilant we all are, the more likely it is that these fraud cases will be avoided.