Industry News

UK university domains spoofed in massive fraud campaign targeting suppliers

Be on your guard if your company has received an order which appears to come from a UK university email address.

That’s the advice of Action Fraud, the UK’s national reporting service for fraud and financially-motivated cybercrime, after it saw a marked rise in the number of domains being registered that look very similar to genuine universities.

The domains are being registered by online criminals, who are using them to create lookalike email addresses with the intention of placing high-value orders with suppliers.

As Action Fraud explains, the criminals are using the bogus email addresses to commit distribution fraud.

Distribution fraud is where criminals make an order to a supplying company (often overseas) via email, posing as a well-known organisation. The ploy is often convincing because they will use an email address that looks similar to the genuine organisation and steal their branding.

Action Fraud says that in the current case, fraudsters are registering domains that are similar to genuine university domains such as xxxxacu-uk.org, xxxxuk-ac.org and xxxacu.co.uk.

Placing orders for a large quantity of expensive products (such as food, pharmaceuticals, or IT equipment), the fraudsters will avoid payment in advance by using faked purchase orders, bank transfer confirmation documentation, or by giving the organisation’s real address for invoicing.

However, the criminals ask for the delivery to be made to an address that does not belong to the spoofed organisation, or in some cases will contact the delivery driver en route to give them a new delivery address.

The end result is that the delivery is taken by the criminals without a payment being made, and any invoices a supplier sends to the organisation’s real address go unpaid.

Victims are said to have lost over £350,000 in total.

“This type of fraud can have a serious impact on businesses. This is why it’s so important to spot the signs and carry out all the necessary checks, such as verifying the order and checking any documents for poor spelling and grammar,” said Pauline Smith, director of Action Fraud.

Action Fraud offers some sensible advice on how to avoid being duped by criminals posing as a legitimate business making an order:

  • Ensure that you verify and corroborate all order requests from new customers. Use telephone numbers or email addresses found on the retailers website – do not use the details given on the suspicious email for verification purposes.
  • If the order request is from a new contact at an organisation that’s an existing customer, verify the request through an established contact to make sure it is legitimate.
  • Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.

This isn’t the first time that British universities have found their identities “cloned” by criminals.

Last year, Newcastle University warned that fraudsters had created what appeared to be a professional-looking website, posing as the university in an attempt to steal prospective pupils’ personal information including passport details and payment card information.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.