Story image

Scammers spoof UK university domains as part of massive fraud campaign

19 Jul 18

Action Fraud UK is warning people to be wary of any emails they receive that look like they belong to UK university email addresses.

Cybercriminals and fraudsters have been registering domains that look very similar to genuine UK web domains with the intent on scamming unsuspecting victims.

Fraudsters imitating one university’s address lead to a total victim loss of more than £350,000.

The fake domains can appear as xxxacu-uk.org, xxxuk-ac.org, and xxxacu.co.uk. They are used to contact UK and European supply companies in order to conduct what is called European distribution fraud.

This type of fraud involves an overseas company that delivers products to the UK, but isn’t paid for the goods or shipping costs.

Action Fraud explains:

“These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name.”
 
“Suppliers will receive an email claiming to be from a university, requesting a quotation for goods on extended payment terms. Once the quotation has been provided, a purchase order is emailed to the supplier that is similar to a real university purchase order. The purchase order typically instructs delivery to an address, which may or may not be affiliated with the university. The items are then received by the criminals before being moved on, however no payment is received by the supplier.”

According to Action Fraud director Pauline Smith, European distribution fraud can have serious effects for businesses. She says it’s important to verify orders and check all documents for poor spelling and grammar.

She also encourages companies to report this type of fraud.

Venafi chief cybersecurity strategist Kevin Bocek adds that website spoofing is now big business.

“Last year over 14,000 certificates were used to set up phishing sites spoofing PayPal alone. This shows the power of the padlock for cybercriminals, allowing them to appear trusted so that they can trick unsuspecting businesses out of huge sums and damage brand reputations across the internet.”

He notes that the attacks are part of a bigger problem that jeopardises the kind of trust internet users take for granted. He believes a new system of trust built on reputation is needed.

“These padlocks are supposed to signify a trusted machine identity – a digital certificate that means a website is genuine. But now cybercriminals can obtain certificates allowing them to look authentic for virtually nothing. This is a high risk, high impact threat that security teams cannot ignore anymore.”

RSA Security EMEA field CTO Rashmi Knowles warns all universities that they should warn all of their sites’ users.

“Unfortunately it is often very hard for an organisation to know if their site has been spoofed until someone has already become a victim, as is the case here with businesses being defrauded of hundreds of thousands of pounds.”

Action Fraud recommends the following actions to protect your business from distribution fraud:

  • Ensure that you verify and corroborate all order requests from new customers. Use telephone numbers or email addresses found on the retailers website – do not use the details given on the suspicious email for verification purposes.
  • If the order request is from a new contact at an organisation that’s an existing customer, verify the request through an established contact to make sure it is legitimate.
  • Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work. 
  • Every Report Matters – if you have been a victim of fraud or cyber crime, report it to Action Fraud online or by calling 0300 123 2040.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Exclusive: Okta’s new GM shares its APAC strategy
“We believe that partnering with systems integrators, independent software vendors and consulting companies is a key factor of success for Okta.”
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.
Combatting the rise of Cybercrime-as-a-Service
Amateur cybercriminals (or anyone with a grudge), can execute spam attacks, steal people’s identities, and more. 
ThreatQuotient partners with Visa for payments safety
“Cyber criminals are reusing tactics, techniques and procedures, leaving a recognisable trail of breadcrumbs and insights into the very attacks they are launching.”